Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.06.2015, 20:16   #1
ludi81
 
Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



Ich habe genau das gleiche Problem wie im Thread http://www.trojaner-board.de/166389-...oid-virus.html beschrieben und gelöst wurde. Ich habe ein Windows 7 mit 64 Bit.
Es kommt immer das Popup
Code:
ATTFilter
In Zusammenhang mit der Modernisierung des Sicherheitssystems kann von Ihnen beim Einloggen ins Benutzerkonto eine zusätzliche Identifizierung angefordert werden. Um Ihr Konto weiterhin benutzen zu können, würden wir Sie einmalig bitten, unsere Applikation für Smartphones auf Ihr Mobiltelefon zu installieren, das zu Ihrem Konto hinzugefügt ist. Ohne Installation der mobilen Applikation wird der Zugang zum Konto gesperrt. Wir danken für Ihr Verständnis.
         
Das Zertifikat der Bank ist auch ein anderes wie bei einem funktionierenden Rechner.

1) Defogger wurde ausgeführt (ohne Fehlermeldung)
2) Ich habe bereits mit dem Farbar Tool die zwei log dateien erstellt.
Addition Logfile
FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Eva at 2015-06-30 21:37:16
Running from C:\Users\Eva\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-898756928-3254376158-833785005-500 - Administrator - Disabled)
Eva (S-1-5-21-898756928-3254376158-833785005-1002 - Administrator - Enabled) => C:\Users\Eva
Gast (S-1-5-21-898756928-3254376158-833785005-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-898756928-3254376158-833785005-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-898756928-3254376158-833785005-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1912 Titanic Mystery (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117897550}) (Version:  - Oberon Media)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.90 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3004 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager V3 (x32 Version: 3.0.0.90 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}) (Version:  - Oberon Media)
Belles Beauty Boutique (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112623650}) (Version:  - Oberon Media)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.6.1.2 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-7420 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Chicken Invaders 3 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}) (Version:  - Oberon Media)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
ELDA Software (HKLM-x32\...\ELDA Software) (Version: 4.0.0 - OÖ GKK)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Flip Words (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}) (Version:  - Oberon Media)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GMX Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.6.3.1 - 1&1 Mail & Media GmbH)
GMX MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.1.4.1300 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
MediaEspresso (x32 Version: 1.0.1418_35759 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\MyFreeCodec) (Version:  - )
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6329 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12114_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
Sprill and Ritchie (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117932650}) (Version:  - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version:  - Oberon Media)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-898756928-3254376158-833785005-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-898756928-3254376158-833785005-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-898756928-3254376158-833785005-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-898756928-3254376158-833785005-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-898756928-3254376158-833785005-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-898756928-3254376158-833785005-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-898756928-3254376158-833785005-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-898756928-3254376158-833785005-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

10-06-2015 16:34:52 Windows Update
14-06-2015 11:15:55 Windows Update
18-06-2015 14:22:51 Windows Update
22-06-2015 14:30:45 Windows Update
23-06-2015 20:15:09 OpenOffice.org 3.3 wird entfernt
24-06-2015 17:06:56 OpenOffice.org 3.3 wird entfernt
24-06-2015 17:08:10 OpenOffice.org 3.3 wird entfernt
26-06-2015 14:05:56 Windows Update
29-06-2015 14:17:56 Windows Update
29-06-2015 19:56:48 Windows Update
30-06-2015 16:45:58 Removed Adobe Reader XI (11.0.03) - Deutsch.
30-06-2015 19:49:16 Removed Nuance PDF Reader.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05ECB649-5058-41A6-8503-E31889487528} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {1657004C-90D4-47EF-87F9-6745DCF2A159} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {1E108A76-B31B-4B13-98FE-E6D3A7AA3C5A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {331611A2-AFF4-4461-BD1E-713824332816} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-28] (Microsoft Corporation)
Task: {4B13D423-8DD7-4A86-B33C-6CF2F40D0FDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002UA => C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {63FD8E35-DE9A-433B-A763-F4DDAD871FA9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {68C8EA3C-1BE5-4EAF-AF09-2C2F2FFD0EAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002Core => C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {73C8C494-1094-4B2A-AB53-AD13807D18AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-30] (Adobe Systems Incorporated)
Task: {9375D4AD-9759-400C-8975-8A75BE32D58F} - System32\Tasks\{B0A07878-A18C-4906-B24F-FB6E054F2805} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.60.126/de/abandoninstall?page=tsBing
Task: {9850E466-3EB1-4B19-AA39-8887E24EDCA5} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2015-01-12] (1&1 Mail & Media GmbH)
Task: {A176811F-924C-4E16-8810-37FB6F2B7C77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {A8777188-41A3-47D1-8DF3-2A8188D25674} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {A8F1F70F-6263-4133-9B35-5C550C709A9F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {BA772A6C-0003-4D43-B4E9-C0FB757834F2} - System32\Tasks\{6B335F96-1FB4-42A1-86D8-3A614D3D1BA7} => pcalua.exe -a "C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe" -c "C:\Users\Eva\Documents\Scanned Documents\Tel. Liste.jpg"
Task: {CB174D87-D96E-4326-836A-8745DBC7618F} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002Core.job => C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002UA.job => C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-06-29 20:06 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2009-01-22 01:45 - 2009-01-22 01:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-12-27 17:18 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-08 09:30 - 2011-04-15 19:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-30 15:51 - 2015-05-14 11:54 - 00422600 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2011-02-22 10:01 - 2011-02-22 10:01 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-03-09 19:13 - 2011-03-09 19:13 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-03-09 19:12 - 2011-03-09 19:12 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-03-09 19:12 - 2011-03-09 19:12 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-01-23 17:16 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-16 11:22 - 2014-10-16 11:22 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-06-08 08:52 - 2010-09-14 03:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-06-29 20:20 - 2015-06-30 19:49 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2430E4FC
AlternateDataStreams: C:\ProgramData\Temp:5925E400
AlternateDataStreams: C:\ProgramData\Temp:5D458568

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-898756928-3254376158-833785005-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.0.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: SkypeUpdate => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{62B1EEAD-8B19-4305-8567-3A72BEEF7C51}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70BEAD3D-2F77-4C38-966C-911DA99404E4}] => (Allow) LPort=2869
FirewallRules: [{4454F89B-F233-4866-BEF1-2BA104A9BF86}] => (Allow) LPort=1900
FirewallRules: [{E252DEEC-7A4A-4E46-AA64-5C75D5B4E812}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B9340568-4C76-4DB6-99D8-E8813D340A48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{ABC9E2BA-5979-492D-9F7F-E1751B2C5E14}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{A1D11376-3D74-41D7-9C97-86D4481820F6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{78B7E012-C5E5-49CA-AAA9-F082DF3AEDA6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{7FA7BD6D-BD7D-4505-B472-5322956975DF}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{C524603B-B10D-4E07-B71A-B02869DD649D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{039C9AB1-6E0B-4373-8352-1B19DB001605}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{AAE41C63-121F-4206-AF20-4FFD25C33B6A}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{C00D6E55-C10A-4C24-B706-C7441776D38A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{015582BB-6EFA-49DA-9A73-82CA598F3E01}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{864E42BB-23E8-4D71-B757-9544FBEB3486}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E12C7FA9-5CA7-4F44-A661-731D543C791C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5B770553-3973-4983-8801-51499D2DA6C3}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{18161FAA-6EE7-49F2-B566-321ABD6DF4D8}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{9B73F3DA-7654-45C2-9F1D-5E4C6503260A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A82D9194-23F7-4BA4-AE19-51C5BA388969}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{1143CB5E-0C25-4B65-B978-5E383BDFE0B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3B96C68A-826A-4233-A74E-9668413453FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5D1C936E-DCA2-4D2E-9805-28C6B6501E43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F077BD2-F9D1-4BA5-8A77-91CEADDF52F8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{78D106C8-1AC7-44F8-8E84-BAFC218486D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FCF30B0E-A9C5-4C82-8DAF-5670542F312A}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{1EADA10B-7B3E-404F-81B8-846D3D9EF9F7}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E457488C-3EA3-4685-A178-D5AA7042FB6B}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{0841A6F2-066B-44FE-A1BE-233AB0227452}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{79140A57-9B11-4520-8458-8EE6549008C1}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E287E3BE-E419-4129-8AC0-A9B92E4C3051}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{0A91CF71-F80A-4EAE-BE98-63589BE36064}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7C078C5F-FC67-4A22-AB38-9630117B49EE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CA4DB193-1709-4FD9-8E2E-1C4C541BDB25}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3966901C-6E95-4CE1-8F18-A8F20FFE1709}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F827CBD1-93B2-4F09-8F3D-A363533CA978}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{608317D9-FE5F-484B-915F-02D6F3EB759A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D98D9469-2263-467E-8F98-02E3BC89DC2E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2015 08:08:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/30/2015 08:07:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/30/2015 08:07:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/30/2015 08:07:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/30/2015 08:06:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 08:03:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 08:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 07:55:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/30/2015 07:49:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/30/2015 04:10:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (06/30/2015 08:09:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/30/2015 08:09:17 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Eva\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/30/2015 08:09:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/30/2015 08:09:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Eva\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/30/2015 08:09:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/30/2015 08:09:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Eva\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/30/2015 08:09:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/30/2015 08:09:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Eva\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (06/30/2015 08:09:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (06/30/2015 08:09:15 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Eva\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office:
=========================
Error: (06/30/2015 08:08:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Eva\Downloads\esetsmartinstaller_deu.exe

Error: (06/30/2015 08:07:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Eva\Downloads\esetsmartinstaller_deu.exe

Error: (06/30/2015 08:07:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Eva\Downloads\esetsmartinstaller_deu.exe

Error: (06/30/2015 08:07:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Eva\Downloads\esetsmartinstaller_deu.exe

Error: (06/30/2015 08:06:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 08:03:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 08:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2015 07:55:51 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Eva\Downloads\esetsmartinstaller_deu.exe

Error: (06/30/2015 07:49:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Eva\Downloads\esetsmartinstaller_deu.exe

Error: (06/30/2015 04:10:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Eva\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-09-01 09:13:34.578
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:34.503
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:32.401
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:32.325
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:30.218
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:30.141
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:28.043
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:27.967
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:25.820
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-01 09:13:25.745
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 65%
Total physical RAM: 3947.86 MB
Available physical RAM: 1355.24 MB
Total Pagefile: 7893.93 MB
Available Pagefile: 4807.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:288.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C1C9F1F8)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)

==================== End of log ============================
         
--- --- ---

--- --- ---
[CODE]


Die zweite Datei ist in nächsten Post.

Es wäre super wenn mir jemand helfen könnte. Sonst bleibt mir nichts anderes übrig als den Rechner neu zu installieren.

Vielen Dank
Ludi

Geändert von ludi81 (30.06.2015 um 21:06 Uhr)

Alt 30.06.2015, 20:17   #2
ludi81
 
Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



Zweite Log Datei


FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Eva (administrator) on EVA-PC on 30-06-2015 21:35:00
Running from C:\Users\Eva\Downloads
Loaded Profiles: UpdatusUser & Eva (Available Profiles: UpdatusUser & Eva)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2152512 2015-05-06] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-898756928-3254376158-833785005-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\S-1-5-21-898756928-3254376158-833785005-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [Google Update] => C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-28] (Google Inc.)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-12-30] (Samsung Electronics)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\MountPoints2: E - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\MountPoints2: {11160c7f-cbc6-11e2-acb4-b870f4b04937} - E:\.\Autorun.exe AUTORUN=1
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-898756928-3254376158-833785005-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-898756928-3254376158-833785005-1002] => https://securedtonnel.net/a2stunnel.js
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {17D1F2EA-F9EA-4688-9F8D-312E22E963F6} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {9EC76FE7-0D16-4099-9418-5BE723AF5D6D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {DCBA0778-58AA-48BD-BE89-CD5598D570C8} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {EB356F78-E613-4E11-AD64-4C92DB5F0994} URL = hxxp://www.search.ask.com/web?tpid=ORJ-V7C&o=APN11406&pf=V7&p2=%5EBBE%5EOSJ000%5EYY%5EAT&gct=&itbv=12.10.6.48&apn_uid=2AF31B4D-5C4A-4BDE-A9B0-3CDE03B87747&apn_ptnrs=BBE&apn_dtid=%5EOSJ000%5EYY%5EAT&apn_dbr=ie_11.0.9600.16521&doi=2014-04-21&trgb=IE&q={searchTerms}&psv=
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {FB2FDD8B-DA39-47CE-B0E7-2B9D9BAF58C7} URL = hxxp://go.gmx.at/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: No Name -> {4F524A2D-5637-4300-76A7-7A786E7484D7} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Toolbar: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> No Name - {4F524A2D-5637-4300-76A7-7A786E7484D7} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{89B422F4-DA12-4352-8F0A-4C5C7AAB964A}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{E9C9ACB5-A0BF-4F5A-9042-F07C00E32BA2}: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default
FF SearchEngineOrder.1: Ask.com
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=de-at
FF NetworkProxy: "autoconfig_url", "https://securedtonnel.net/a2stunnel.js"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-898756928-3254376158-833785005-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-898756928-3254376158-833785005-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\11-suche.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\bingp.xml [2015-03-30]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\englische-ergebnisse.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\gmx-suche-sterreich.xml [2015-06-22]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\gmx-suche.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\lastminute.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\webde-suche.xml [2012-07-04]
FF Extension: GMX MailCheck - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\Extensions\mailcheck@gmx.net [2015-06-30]
FF Extension: Firebug - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\Extensions\firebug@software.joehewitt.com.xpi [2015-06-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]

Chrome: 
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-05-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-23]
CHR Extension: (Skype Click to Call) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-07]
CHR Extension: (Google Wallet) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-23]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR HKU\S-1-5-21-898756928-3254376158-833785005-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 21:34 - 2015-06-30 21:34 - 00000468 _____ C:\Users\Eva\Downloads\defogger_disable.log
2015-06-30 21:34 - 2015-06-30 21:34 - 00000000 _____ C:\Users\Eva\defogger_reenable
2015-06-30 21:26 - 2015-06-30 21:26 - 00050477 _____ C:\Users\Eva\Downloads\Defogger.exe
2015-06-30 20:59 - 2015-06-30 21:36 - 00027176 _____ C:\Users\Eva\Downloads\FRST.txt
2015-06-30 20:59 - 2015-06-30 21:35 - 00000000 ____D C:\FRST
2015-06-30 20:59 - 2015-06-30 20:59 - 02112512 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2015-06-30 20:32 - 2015-06-30 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-30 19:53 - 2015-06-30 20:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-30 19:52 - 2015-06-30 19:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-30 19:52 - 2015-06-30 19:52 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-30 16:49 - 2015-06-30 16:49 - 40422528 _____ (Skype Technologies S.A.) C:\Users\Eva\Downloads\SkypeSetupFull.exe
2015-06-30 15:51 - 2015-06-30 15:51 - 02870984 _____ (ESET) C:\Users\Eva\Downloads\esetsmartinstaller_deu.exe
2015-06-30 15:51 - 2015-06-30 15:51 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-30 12:26 - 2015-06-30 12:26 - 00243592 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 38.0.5 (1).exe
2015-06-29 20:16 - 2015-06-29 20:16 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-06-29 20:16 - 2015-06-29 20:16 - 00000000 ____D C:\Windows\system32\NV
2015-06-29 20:09 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-29 20:09 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-29 20:09 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-29 20:09 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-29 20:09 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-29 20:09 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-29 20:09 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-29 20:09 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-29 20:09 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-06-29 20:09 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-06-29 20:09 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-29 20:09 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-29 20:09 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-06-29 20:09 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-29 20:09 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-06-29 20:09 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-06-29 20:09 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-29 20:09 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-06-29 20:01 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-29 20:01 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-06-29 20:01 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-06-29 20:01 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-29 20:01 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-06-29 20:01 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-06-29 20:01 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-29 19:58 - 2015-06-29 20:00 - 00000000 ____D C:\Program Files\Zune
2015-06-29 19:58 - 2015-06-29 19:58 - 00000931 _____ C:\Users\Public\Desktop\Zune.lnk
2015-06-29 19:58 - 2015-06-29 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
2015-06-29 19:56 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-29 19:56 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-29 19:55 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-29 19:55 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-29 19:55 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-29 19:55 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-29 19:55 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-29 19:55 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-29 19:55 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-29 19:55 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-29 19:55 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-29 19:55 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-29 19:53 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-29 14:42 - 2015-06-29 14:41 - 02209056 _____ C:\Users\Eva\Downloads\avira-eu-cleaner_de(1).exe
2015-06-29 14:41 - 2015-06-29 14:41 - 02209056 _____ C:\Users\Eva\Downloads\avira-eu-cleaner_de.exe
2015-06-29 14:30 - 2015-06-29 14:32 - 00000000 ____D C:\Users\Eva\AppData\Local\NPE
2015-06-29 14:30 - 2015-06-29 14:30 - 00000000 ____D C:\ProgramData\Norton
2015-06-28 00:19 - 2015-06-28 00:19 - 91226112 _____ C:\Windows\system32\config\SOFTWARE.bdkup
2015-06-28 00:19 - 2015-06-28 00:19 - 18612224 _____ C:\Windows\system32\config\SYSTEM.bdkup
2015-06-28 00:19 - 2015-06-28 00:19 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bdkup
2015-06-24 16:19 - 2015-06-24 16:19 - 00000000 ____D C:\Users\Eva\AppData\Local\{BC91D199-4E9D-4067-884C-828D30971BE1}
2015-06-23 20:09 - 2015-06-23 20:12 - 00000000 ____D C:\Users\Eva\AppData\Roaming\QuickScan
2015-06-23 20:09 - 2015-06-23 20:09 - 00039480 _____ C:\Users\Eva\Downloads\qsinstaller.exe
2015-06-23 20:06 - 2015-06-23 20:06 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-06-23 20:06 - 2015-06-23 20:05 - 00001081 _____ C:\Users\Eva\Desktop\Kaspersky Security Scan.lnk
2015-06-23 20:05 - 2015-06-23 20:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-23 20:05 - 2015-06-23 20:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-06-23 20:03 - 2015-06-23 20:03 - 00416576 _____ (Kaspersky Lab) C:\Users\Eva\Downloads\de-de.setup.exe
2015-06-22 15:03 - 2015-06-22 15:03 - 00243592 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-10 14:46 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 14:46 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 14:46 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 14:46 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 14:46 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 14:46 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 14:46 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 14:46 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 14:46 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 14:46 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 14:46 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 14:46 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 14:46 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 14:46 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 14:46 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 14:46 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 14:46 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 14:46 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 14:46 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 14:46 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 14:46 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 14:46 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 14:46 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 14:46 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 14:46 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 14:46 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 14:46 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 14:45 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 14:45 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 14:45 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 14:45 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 14:45 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 14:45 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 14:45 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 14:45 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 14:45 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 14:45 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 14:45 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 14:45 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 14:45 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 14:45 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 14:45 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 14:45 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 14:45 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 14:45 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 14:45 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 14:45 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 14:45 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 14:45 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 14:45 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 14:45 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 14:45 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 14:45 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 14:45 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 14:45 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 14:45 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 14:45 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 14:45 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 14:45 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 14:45 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 14:45 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 14:45 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 14:45 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 14:45 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 14:45 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 14:45 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 14:45 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 14:45 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 14:45 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 14:45 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 14:45 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 14:45 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 14:45 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 14:45 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 14:45 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 14:45 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 14:44 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 14:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 14:44 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 14:44 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 14:44 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 14:44 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 14:44 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 14:44 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 14:44 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 14:44 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 14:44 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 14:44 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-05 12:05 - 2015-06-05 12:05 - 00000000 ____D C:\Users\Eva\AppData\Local\GWX
2015-06-03 11:44 - 2015-06-03 11:44 - 00000000 ____D C:\Users\Eva\AppData\Local\{4B68CD76-2998-4143-9E8A-AB29CDEB9078}
2015-06-03 08:15 - 2015-06-03 08:15 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-30 21:34 - 2011-12-27 16:45 - 00000000 ____D C:\Users\Eva
2015-06-30 21:27 - 2012-03-29 20:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-30 21:14 - 2012-01-09 21:42 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Skype
2015-06-30 21:13 - 2012-01-11 21:46 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-30 21:04 - 2011-12-27 22:17 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002UA.job
2015-06-30 21:03 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 21:03 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 20:32 - 2012-07-02 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-30 20:16 - 2011-07-27 06:10 - 01481810 _____ C:\Windows\WindowsUpdate.log
2015-06-30 20:06 - 2011-12-27 16:53 - 00000000 ____D C:\ProgramData\clear.fi
2015-06-30 20:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 20:05 - 2009-07-14 06:51 - 00145868 _____ C:\Windows\setupact.log
2015-06-30 19:58 - 2011-12-27 16:46 - 00093136 _____ C:\Users\Eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-30 19:58 - 2009-07-14 06:45 - 00362904 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-30 19:57 - 2010-11-21 05:47 - 00138258 _____ C:\Windows\PFRO.log
2015-06-30 19:54 - 2014-11-04 14:31 - 00000000 ____D C:\Users\Eva\AppData\Local\Adobe
2015-06-30 19:54 - 2011-06-08 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-06-30 19:54 - 2011-06-08 09:12 - 00000000 ____D C:\Program Files (x86)\Acer
2015-06-30 19:52 - 2011-06-08 09:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-30 19:49 - 2012-03-29 20:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-30 19:49 - 2012-03-29 20:02 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-30 19:49 - 2012-01-04 14:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-30 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-30 16:51 - 2012-08-15 17:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-30 16:51 - 2011-06-08 09:10 - 00000000 ____D C:\ProgramData\Skype
2015-06-30 16:48 - 2011-06-08 09:25 - 00000000 ____D C:\ProgramData\Adobe
2015-06-30 12:27 - 2012-07-02 16:34 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-30 12:27 - 2012-07-02 16:34 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-30 12:27 - 2012-07-02 16:34 - 00000000 ____D C:\Users\Eva\AppData\Local\Mozilla
2015-06-30 12:27 - 2012-07-02 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-30 12:24 - 2011-07-27 16:02 - 00699682 _____ C:\Windows\system32\perfh007.dat
2015-06-30 12:24 - 2011-07-27 16:02 - 00149790 _____ C:\Windows\system32\perfc007.dat
2015-06-30 12:24 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-29 20:16 - 2011-07-27 06:16 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-29 20:16 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-29 20:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-29 20:07 - 2011-07-27 06:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-29 20:07 - 2011-07-27 06:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-29 20:02 - 2011-12-27 16:53 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-29 14:33 - 2013-11-18 09:35 - 00000000 ____D C:\ProgramData\Oracle
2015-06-29 14:33 - 2013-03-04 14:58 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-29 14:31 - 2014-09-01 10:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-29 14:31 - 2014-09-01 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-25 23:01 - 2011-12-27 17:22 - 00000000 ____D C:\Users\Eva\Documents\Geschäft 2012
2015-06-25 20:50 - 2014-12-08 11:01 - 00000000 ____D C:\Users\Eva\Documents\Geschäft 2015
2015-06-25 16:33 - 2012-01-23 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-25 16:33 - 2011-12-27 18:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-24 17:09 - 2011-12-27 17:07 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2015-06-24 15:09 - 2011-12-29 22:28 - 00000432 _____ C:\Windows\BRWMARK.INI
2015-06-24 15:04 - 2012-08-30 18:28 - 00000000 ____D C:\Users\Eva\Documents\Anna Keller
2015-06-24 07:14 - 2014-09-21 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-24 07:14 - 2014-03-01 13:43 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-17 16:12 - 2011-12-27 17:19 - 00000000 ____D C:\Users\Eva\Documents\ELDA
2015-06-17 13:36 - 2011-12-27 17:19 - 00000000 ____D C:\Users\Eva\Documents\eva
2015-06-14 11:16 - 2011-12-27 17:25 - 00000000 ____D C:\Users\Eva\Documents\Kunden
2015-06-13 13:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-10 23:14 - 2014-11-12 15:40 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieBrowserModeList
2015-06-10 23:14 - 2014-05-07 10:15 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieUserList
2015-06-10 23:14 - 2014-05-07 10:15 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieSiteList
2015-06-10 22:54 - 2014-12-11 11:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 22:54 - 2014-05-06 22:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 16:43 - 2013-08-15 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 16:37 - 2011-12-28 21:57 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-02 12:46 - 2011-12-28 19:11 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-06-01 13:29 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2012-01-31 22:58 - 2014-04-06 12:33 - 0036864 _____ () C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 06:33 - 2011-07-27 06:36 - 0015219 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-06-08 08:57 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 16:57

==================== End of log ============================
         
--- --- ---
__________________


Geändert von ludi81 (30.06.2015 um 20:40 Uhr)

Alt 30.06.2015, 20:59   #3
ludi81
 
Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



3) GEMR
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-30 21:54:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Eva\AppData\Local\Temp\kfldapow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!RegSetValueExW                                                                                                                                                                                            000000007748a3e0 7 bytes JMP 000000016fff0260
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!RegQueryValueExW                                                                                                                                                                                          0000000077493f00 5 bytes JMP 000000016fff01b8
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!RegDeleteValueW                                                                                                                                                                                           00000000774affd0 5 bytes JMP 000000016fff01f0
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                                                                                                     00000000774bf350 1 byte JMP 000000016fff0148
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW + 2                                                                                                                                                                                 00000000774bf352 3 bytes {JMP 0xfffffffff8b30df8}
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                                                                                                   00000000774e9aa0 7 bytes JMP 000000016fff00d8
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                                                                                                   00000000774f9530 5 bytes JMP 000000016fff0180
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                                                                                                                   00000000774f96a0 5 bytes JMP 000000016fff0110
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                                                                                                            0000000077518850 7 bytes JMP 000000016fff0228
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                                                                                             000007fefd792db0 5 bytes JMP 000007fffd780180
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                                                                                                        000007fefd7937d0 7 bytes JMP 000007fffd7800d8
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                                                                                                      000007fefd79a410 2 bytes JMP 000007fffd780110
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3                                                                                                                                                                                  000007fefd79a413 2 bytes [FE, FF]
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                                          000007fefd79aec0 6 bytes JMP 000007fffd780148
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                                                                                                       000007fefedd89e0 8 bytes JMP 000007fffd7801f0
.text    C:\Windows\system32\Dwm.exe[1492] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                                                                                                     000007fefeddbe40 8 bytes JMP 000007fffd7801b8
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe[2944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                                                                                          00000000778a0084 5 bytes JMP 0000000169921986
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                00000000754b1401 2 bytes JMP 7609b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                  00000000754b1419 2 bytes JMP 7609b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                00000000754b1431 2 bytes JMP 76118f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                00000000754b144a 2 bytes CALL 7607489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                   00000000754b14dd 2 bytes JMP 76118822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                            00000000754b14f5 2 bytes JMP 761189f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                   00000000754b150d 2 bytes JMP 76118718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                            00000000754b1525 2 bytes JMP 76118ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                  00000000754b153d 2 bytes JMP 7608fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                       00000000754b1555 2 bytes JMP 760968ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                00000000754b156d 2 bytes JMP 76118fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                  00000000754b1585 2 bytes JMP 76118b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                     00000000754b159d 2 bytes JMP 761186dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                  00000000754b15b5 2 bytes JMP 7608fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                00000000754b15cd 2 bytes JMP 7609b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                            00000000754b16b2 2 bytes JMP 76118ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[3400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                            00000000754b16bd 2 bytes JMP 76118671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                                   00000000754b1401 2 bytes JMP 7609b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                                     00000000754b1419 2 bytes JMP 7609b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                                   00000000754b1431 2 bytes JMP 76118f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                                   00000000754b144a 2 bytes CALL 7607489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                                      00000000754b14dd 2 bytes JMP 76118822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                               00000000754b14f5 2 bytes JMP 761189f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                                      00000000754b150d 2 bytes JMP 76118718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                               00000000754b1525 2 bytes JMP 76118ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                                     00000000754b153d 2 bytes JMP 7608fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                                          00000000754b1555 2 bytes JMP 760968ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                                   00000000754b156d 2 bytes JMP 76118fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                                     00000000754b1585 2 bytes JMP 76118b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                                        00000000754b159d 2 bytes JMP 761186dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                                     00000000754b15b5 2 bytes JMP 7608fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                                   00000000754b15cd 2 bytes JMP 7609b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                               00000000754b16b2 2 bytes JMP 76118ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                               00000000754b16bd 2 bytes JMP 76118671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                                                                                                                                           000000006abe11a8 2 bytes [BE, 6A]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248                                                                                                                                                                          000000006abe127d 2 bytes CALL 760714c9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395                                                                                                                                                                          000000006abe1310 2 bytes CALL 760714c9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                                                                                                                                                     000000006abe13a8 2 bytes [BE, 6A]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                                                                                                                                         000000006abe1422 2 bytes [BE, 6A]
.text    C:\Program Files (x86)\Skype\Phone\Skype.exe[3448] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                                                                                                                                                  000000006abe1498 2 bytes [BE, 6A]
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                           00000000754b1401 2 bytes JMP 7609b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                             00000000754b1419 2 bytes JMP 7609b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                           00000000754b1431 2 bytes JMP 76118f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                           00000000754b144a 2 bytes CALL 7607489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                              00000000754b14dd 2 bytes JMP 76118822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                       00000000754b14f5 2 bytes JMP 761189f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                              00000000754b150d 2 bytes JMP 76118718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                       00000000754b1525 2 bytes JMP 76118ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                             00000000754b153d 2 bytes JMP 7608fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                  00000000754b1555 2 bytes JMP 760968ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                           00000000754b156d 2 bytes JMP 76118fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                             00000000754b1585 2 bytes JMP 76118b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                00000000754b159d 2 bytes JMP 761186dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                             00000000754b15b5 2 bytes JMP 7608fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                           00000000754b15cd 2 bytes JMP 7609b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                       00000000754b16b2 2 bytes JMP 76118ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[3604] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                       00000000754b16bd 2 bytes JMP 76118671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                             00000000754b1401 2 bytes JMP 7609b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                               00000000754b1419 2 bytes JMP 7609b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                             00000000754b1431 2 bytes JMP 76118f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                             00000000754b144a 2 bytes CALL 7607489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                                00000000754b14dd 2 bytes JMP 76118822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                         00000000754b14f5 2 bytes JMP 761189f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                                00000000754b150d 2 bytes JMP 76118718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                         00000000754b1525 2 bytes JMP 76118ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                               00000000754b153d 2 bytes JMP 7608fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                                    00000000754b1555 2 bytes JMP 760968ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                             00000000754b156d 2 bytes JMP 76118fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                               00000000754b1585 2 bytes JMP 76118b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                                  00000000754b159d 2 bytes JMP 761186dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                               00000000754b15b5 2 bytes JMP 7608fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                             00000000754b15cd 2 bytes JMP 7609b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                         00000000754b16b2 2 bytes JMP 76118ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Launch Manager\LManager.exe[3612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                         00000000754b16bd 2 bytes JMP 76118671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                          00000000754b1401 2 bytes JMP 7609b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                            00000000754b1419 2 bytes JMP 7609b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                          00000000754b1431 2 bytes JMP 76118f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                          00000000754b144a 2 bytes CALL 7607489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                             00000000754b14dd 2 bytes JMP 76118822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                      00000000754b14f5 2 bytes JMP 761189f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                             00000000754b150d 2 bytes JMP 76118718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                      00000000754b1525 2 bytes JMP 76118ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                            00000000754b153d 2 bytes JMP 7608fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                                 00000000754b1555 2 bytes JMP 760968ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                          00000000754b156d 2 bytes JMP 76118fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                            00000000754b1585 2 bytes JMP 76118b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                               00000000754b159d 2 bytes JMP 761186dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                            00000000754b15b5 2 bytes JMP 7608fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                          00000000754b15cd 2 bytes JMP 7609b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                      00000000754b16b2 2 bytes JMP 76118ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5192] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                      00000000754b16bd 2 bytes JMP 76118671 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                       00000000754b1401 2 bytes JMP 7609b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                         00000000754b1419 2 bytes JMP 7609b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                       00000000754b1431 2 bytes JMP 76118f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                       00000000754b144a 2 bytes CALL 7607489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                          00000000754b14dd 2 bytes JMP 76118822 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                   00000000754b14f5 2 bytes JMP 761189f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                          00000000754b150d 2 bytes JMP 76118718 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                   00000000754b1525 2 bytes JMP 76118ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                         00000000754b153d 2 bytes JMP 7608fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                              00000000754b1555 2 bytes JMP 760968ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                       00000000754b156d 2 bytes JMP 76118fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                         00000000754b1585 2 bytes JMP 76118b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                            00000000754b159d 2 bytes JMP 761186dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                         00000000754b15b5 2 bytes JMP 7608fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                       00000000754b15cd 2 bytes JMP 7609b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                   00000000754b16b2 2 bytes JMP 76118ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                   00000000754b16bd 2 bytes JMP 76118671 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                                                                      00000000754b1401 2 bytes JMP 7609b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                                                                        00000000754b1419 2 bytes JMP 7609b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                                                                      00000000754b1431 2 bytes JMP 76118f29 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                                                                      00000000754b144a 2 bytes CALL 7607489d C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                                                                                                                                          * 9
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                                                                         00000000754b14dd 2 bytes JMP 76118822 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                                                                  00000000754b14f5 2 bytes JMP 761189f8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                                                                         00000000754b150d 2 bytes JMP 76118718 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                                                                  00000000754b1525 2 bytes JMP 76118ae2 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                                                                        00000000754b153d 2 bytes JMP 7608fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                                                                             00000000754b1555 2 bytes JMP 760968ef C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                                                                      00000000754b156d 2 bytes JMP 76118fe3 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                                                                        00000000754b1585 2 bytes JMP 76118b42 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                                                                           00000000754b159d 2 bytes JMP 761186dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                                                                        00000000754b15b5 2 bytes JMP 7608fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                                                                      00000000754b15cd 2 bytes JMP 7609b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                                                                  00000000754b16b2 2 bytes JMP 76118ea4 C:\Windows\syswow64\kernel32.dll
.text    C:\Users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe[6776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                                                                  00000000754b16bd 2 bytes JMP 76118671 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----

Library  C:\ProgramData\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\klavemu.kdl.6e86633e63e607038cfa66d3f88c5d60 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2944] (Heuristics engine/Kaspersky Lab ZAO)(2015-06-23 18:06:50)        0000000068290000
Library  C:\ProgramData\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\kjim.kdl.4d87815dc55a0ea5f712a61bb640573a (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2944] (Script Heuristics Engine/Kaspersky Lab ZAO)(2015-06-23 18:06:52)    0000000068060000
Library  C:\ProgramData\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\qscan.kdl.6f421f0667a2208fb2f4dc2a03912f82 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2944] (Initial Scan Engine/Kaspersky Lab ZAO)(2015-06-23 18:06:53)        0000000067f30000
Library  C:\ProgramData\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\pbs.kdl.855e976d16841a9bbaa528a886998eee (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2944] (Extensional Scan Engine/Kaspersky Lab ZAO)(2015-06-23 18:06:54)      0000000067dd0000
Library  C:\ProgramData\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\kavsys.kdl.ba76be53c8245ddbd0e2864e74f8f638 (*** suspicious ***) @ C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2944] (Set of system interfaces/Kaspersky Lab ZAO)(2015-06-23 18:07:03)  00000000669e0000

---- EOF - GMER 2.1 ----
         
__________________

Alt 30.06.2015, 21:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



Hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.07.2015, 08:04   #5
ludi81
 
Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



Hallo Schrauber,

vielen Dank für die schnelle Antwort.

Bem starten der Datei mbar wurde mir folgende Meldung angezeigt.

Registry value "AppInit_Dlls" has been found, which maz be caused by rootkit activity.
Ress "No" button if you are not sure. .... Do you want to remove this value and restart the tool?

Ich habe no gedrückt. Passt das? Am Ende wurde nichts gefunden, obwohl ich die Datenbank upgedated habe.
Also die CleanUp Abfrage habe ich gar nicht bekommen.

Wenn du weitere Infos hast bin ich dir sehr dankbar.
Ludi

Hier noch den Inhalt der LOG:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.06.30.08
  rootkit: v2015.06.30.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Eva :: EVA-PC [administrator]

01.07.2015 08:13:45
mbar-log-2015-07-01 (08-13-45).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 423641
Time elapsed: 37 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 01.07.2015, 11:45   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



hi,

in welchem Browser ist das so?


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)

Alt 01.07.2015, 13:50   #7
ludi81
 
Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



Hallo,

es tritt bei allen Browsern auf.
Ich habe es mit Chrome, Internet Explorer 11 und Firefox 38.0.5 getestet.

Hier das Log von combofix. Ich hatte keine komische Meldungen (weder beim ausführen oder beim neustarten).

Code:
ATTFilter
ComboFix 15-06-30.01 - Eva 01.07.2015  14:04:28.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3948.1429 [GMT 2:00]
ausgeführt von:: c:\users\Eva\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-01 bis 2015-07-01  ))))))))))))))))))))))))))))))
.
.
2015-07-01 12:16 . 2015-07-01 12:16	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-07-01 12:16 . 2015-07-01 12:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-07-01 01:07 . 2015-01-31 03:48	3179520	----a-w-	c:\windows\system32\rdpcorets.dll
2015-07-01 01:07 . 2015-01-31 03:48	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-01 01:07 . 2015-01-30 23:56	243200	----a-w-	c:\windows\system32\rdpudd.dll
2015-07-01 01:07 . 2014-12-11 17:47	87040	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-06-30 21:08 . 2015-06-30 21:08	--------	d-----w-	c:\programdata\Malwarebytes
2015-06-30 21:08 . 2015-07-01 07:40	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-06-30 21:08 . 2015-07-01 07:05	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-30 21:07 . 2015-07-01 07:05	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-30 19:56 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D6A9D25-2E8B-4A9D-9E38-BC49332EDDB4}\mpengine.dll
2015-06-30 18:59 . 2015-06-30 19:38	--------	d-----w-	C:\FRST
2015-06-30 18:32 . 2015-06-30 18:32	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2015-06-30 17:52 . 2015-06-30 17:52	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2015-06-30 14:41 . 2014-09-05 01:52	5703168	----a-w-	c:\windows\SysWow64\mstscax.dll
2015-06-30 14:41 . 2014-09-05 02:11	6584320	----a-w-	c:\windows\system32\mstscax.dll
2015-06-30 13:51 . 2015-06-30 13:51	--------	d-----w-	c:\program files (x86)\ESET
2015-06-30 06:54 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-29 18:16 . 2015-06-29 18:16	--------	d-----w-	c:\windows\SysWow64\NV
2015-06-29 18:16 . 2015-06-29 18:16	--------	d-----w-	c:\windows\system32\NV
2015-06-29 18:01 . 2012-08-23 14:10	19456	----a-w-	c:\windows\system32\drivers\rdpvideominiport.sys
2015-06-29 18:01 . 2012-08-23 14:08	30208	----a-w-	c:\windows\system32\drivers\TsUsbGD.sys
2015-06-29 18:01 . 2012-08-23 11:12	192000	----a-w-	c:\windows\SysWow64\rdpendp_winip.dll
2015-06-29 18:01 . 2012-08-23 10:51	228864	----a-w-	c:\windows\system32\rdpendp_winip.dll
2015-06-29 18:00 . 2015-06-29 18:00	--------	d-----w-	c:\windows\system32\drivers\UMDF\ms-MY
2015-06-29 18:00 . 2015-06-29 18:00	--------	d-----w-	c:\windows\system32\drivers\UMDF\ko-KR
2015-06-29 18:00 . 2015-06-29 18:00	--------	d-----w-	c:\windows\system32\drivers\UMDF\id-ID
2015-06-29 18:00 . 2015-06-29 18:00	--------	d-----w-	c:\windows\system32\drivers\UMDF\sv-SE
2015-06-29 18:00 . 2015-06-29 18:00	--------	d-----w-	c:\windows\system32\drivers\UMDF\nb-NO
2015-06-29 17:58 . 2015-06-29 17:58	--------	d-----w-	c:\windows\system32\drivers\UMDF\en-US
2015-06-29 17:58 . 2015-06-29 18:00	--------	d-----w-	c:\program files\Zune
2015-06-29 17:56 . 2015-05-09 03:27	3147776	----a-w-	c:\windows\system32\wucltux.dll
2015-06-29 17:56 . 2015-05-09 03:27	2589184	----a-w-	c:\windows\system32\wuaueng.dll
2015-06-29 17:56 . 2015-05-09 03:27	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-06-29 17:56 . 2015-05-09 03:27	37888	----a-w-	c:\windows\system32\wups2.dll
2015-06-29 17:56 . 2015-05-09 03:27	36864	----a-w-	c:\windows\system32\wups.dll
2015-06-29 17:56 . 2015-05-09 03:27	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-06-29 17:56 . 2015-05-09 03:26	87040	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-06-29 17:56 . 2015-05-09 03:14	30208	----a-w-	c:\windows\SysWow64\wups.dll
2015-06-29 17:56 . 2015-05-09 03:14	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-06-29 17:56 . 2015-05-09 03:14	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-06-29 17:56 . 2015-05-09 03:27	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-06-29 17:56 . 2015-05-09 03:14	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-06-29 17:53 . 2015-05-09 18:26	493504	----a-w-	c:\windows\system32\mcupdate_GenuineIntel.dll
2015-06-29 12:32 . 2015-06-29 12:32	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-06-29 12:30 . 2015-06-29 12:32	--------	d-----w-	c:\users\Eva\AppData\Local\NPE
2015-06-29 12:30 . 2015-06-29 12:30	--------	d-----w-	c:\programdata\Norton
2015-06-27 19:49 . 2015-06-28 19:02	--------	d---a-w-	C:\RescueCD Logs
2015-06-23 18:09 . 2015-06-23 18:12	--------	d-----w-	c:\users\Eva\AppData\Roaming\QuickScan
2015-06-23 18:05 . 2015-06-23 18:05	--------	d-----w-	c:\programdata\Kaspersky Lab
2015-06-23 18:05 . 2015-06-23 18:05	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2015-06-18 12:25 . 2015-03-26 14:03	1187344	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE1B5C19-8F14-4279-BF9D-888FCAB67D9C}\gapaengine.dll
2015-06-10 12:45 . 2015-04-24 18:17	633856	----a-w-	c:\windows\system32\comctl32.dll
2015-06-10 12:44 . 2015-05-22 18:48	633856	----a-w-	c:\windows\system32\ieui.dll
2015-06-05 10:05 . 2015-06-05 10:05	--------	d-----w-	c:\users\Eva\AppData\Local\GWX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-30 17:49 . 2012-03-29 18:02	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-30 17:49 . 2012-01-04 12:06	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-29 12:31 . 2014-09-01 08:21	97888	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-10 14:37 . 2011-12-28 19:57	140135120	----a-w-	c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-06-10 12:46	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-01 13:17 . 2015-05-13 20:33	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 20:33	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 03:17 . 2015-05-13 11:42	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-04-20 03:17 . 2015-05-13 11:42	1179136	----a-w-	c:\windows\system32\FntCache.dll
2015-04-20 02:56 . 2015-05-13 11:42	1250816	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-04-18 03:10 . 2015-05-13 11:44	460800	----a-w-	c:\windows\system32\certcli.dll
2015-04-18 02:56 . 2015-05-13 11:44	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-04-14 01:38 . 2015-04-14 01:38	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-04-13 03:28 . 2015-05-13 11:43	328704	----a-w-	c:\windows\system32\services.exe
2015-04-08 03:29 . 2015-05-13 11:42	275456	----a-w-	c:\windows\system32\InkEd.dll
2015-04-08 03:29 . 2015-05-13 11:42	24576	----a-w-	c:\windows\system32\jnwmon.dll
2015-04-08 03:14 . 2015-05-13 11:42	216064	----a-w-	c:\windows\SysWow64\InkEd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-11 39408]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-12-30 578560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-06-16 53288576]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2014-06-15 202080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-03-09 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-07-25 311616]
"MailCheck IE Broker"="c:\program files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [2015-05-06 2152512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:49]
.
2015-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 12:20]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 12:20]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002Core.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 12:42]
.
2015-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002UA.job
- c:\users\Eva\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 12:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.vol.at/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.1.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll
FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=de-at
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{4F524A2D-5637-4300-76A7-7A786E7484D7} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_194_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_194.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-01  14:21:34
ComboFix-quarantined-files.txt  2015-07-01 12:21
.
Vor Suchlauf: 11 Verzeichnis(se), 318.819.815.424 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 319.950.073.856 Bytes frei
.
- - End Of File - - F12702E202A436E4C2A8FD00D0582178
         
Danke

Alt 02.07.2015, 06:23   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2015, 08:47   #9
ludi81
 
Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



Hallo,

vielen dank noch einmal für deine Hilfe.
Ich habe jetzt alles ausgeführt und so wie es aussieht ist der Fehler weg. Das Popup bei der Bankseite kommt nicht mehr.

Anbei aber noch alle gewünschten Logs:
mbam.txt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 02.07.2015
Suchlaufzeit: 08:48
Protokolldatei: malwarebytes.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.01.05
Rootkit-Datenbank: v2015.07.01.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Eva

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 437191
Abgelaufene Zeit: 33 Min., 48 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, In Quarantäne, [8811cd0f76143501dd2447b4b54e5da3], 
PUP.Optional.Ask.A, HKU\S-1-5-21-898756928-3254376158-833785005-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EB356F78-E613-4E11-AD64-4C92DB5F0994}, In Quarantäne, [28713d9fa5e5c86ece2bf2a414f16799], 

Registrierungswerte: 1
PUP.Optional.Ask.A, HKU\S-1-5-21-898756928-3254376158-833785005-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EB356F78-E613-4E11-AD64-4C92DB5F0994}|SuggestionsURL_JSON, hxxp://ss.websearch.ask.com/query?li=ff&sstype=prefix&q={searchTerms}, In Quarantäne, [28713d9fa5e5c86ece2bf2a414f16799]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [32679a42b7d30135324e6e8a966d60a0], 

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

AdwCleaner
Code:
ATTFilter
# AdwCleaner v4.207 - Bericht erstellt 02/07/2015 um 09:29:51
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-07-02.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Eva - EVA-PC
# Gestarted von : C:\Users\Eva\Downloads\AdwCleaner_4.207.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Datei Gelöscht : C:\Users\Eva\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\bingp.xml

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5637-4300-76A7-7A786E7484D7}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 de)

[11vp9dcv.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v

[C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=215B8015-C6EB-4C3F-90E2-BD7D37D16A87&apn_ptnrs=U3&apn_sauid=83C14C58-E57B-4C96-BD4E-C05BE908F0C2&apn_dtid=OSJ000YYAT&q={searchTerms}

*************************

AdwCleaner[R0].txt - [4073 Bytes] - [02/07/2015 09:26:18]
AdwCleaner[R1].txt - [4132 Bytes] - [02/07/2015 09:29:01]
AdwCleaner[S0].txt - [3940 Bytes] - [02/07/2015 09:29:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3999  Bytes] ##########
         
JRT.txt
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.6 (07.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Eva on 02.07.2015 at  9:36:23,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{0854CEB7-7AEE-419A-A136-CE4420520656}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{0CE47711-238D-4C66-8DB6-95A94C8E85E5}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{0DFF85DF-AF68-4281-A436-04C6F3BF2020}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{147237BA-39F0-4538-96DA-CD0D02FDDBF2}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{1BA6513F-8E27-4600-B771-380D203B9201}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{1F5A5210-6747-431B-9781-81300A05A5B8}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{289400E1-D3F8-4B22-B08C-CA281C851CE3}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{2EEB83FD-B81A-477E-9753-156E4D9B4E2E}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{3C7F77DF-678F-45F1-A29D-35D86AF01C11}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{3FFA4C03-AA8A-408F-8211-BDD71C87DA69}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{41F7A891-821D-4722-823C-1E806CA6B692}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{457AF731-4CB8-4928-8E8F-12C35D7EF719}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{4B68CD76-2998-4143-9E8A-AB29CDEB9078}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{4C6A4C34-7F8B-4CF6-848D-E06734A1FACE}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{539CAECF-D3A7-435C-A211-C4B37CD816B0}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{55E7A20A-6FDD-4910-85DA-918360592501}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{5747BCB7-02D8-4B1F-958D-9608BD45787E}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{5E9BFED5-9A72-41BB-A563-F0F6AA0318E5}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{611E93D4-D9DC-4674-9CF5-6D8B1109AF5D}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{61F36EA3-BEA0-4F17-AEF4-F7162B9877D8}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{62353E79-13F1-47D6-A287-6556399A9DED}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{63BAF029-E1DC-49A0-9630-D65EACD4D800}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{6A253ECE-D713-40F1-A3B2-6A571288EFD5}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{756A9E61-452D-4778-8EF9-9676985E9376}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{7800776F-7986-4D4B-B098-382F8EC86E0E}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{78538F2D-F6DA-4426-B80A-B13BD291CBC4}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{7898DC50-6D0A-48B0-BD1E-996C83A58B10}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{79C0E118-93BC-4EEC-86E6-10685F0EFC22}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{7C221D62-05FD-4C83-90FB-CA71C0194521}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{80D79FC4-C34A-4273-BB80-13E0D2E543B7}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{874AC1FF-7302-47CB-BD6A-0766D11DA64D}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{88A88211-0C56-4787-8E97-985F413009EC}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{89827005-DC0D-495F-81CA-A1F6764B2968}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{8C3A55F3-D4DB-49BD-B2FE-F4610233FB9C}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{8F6911D4-9A9A-4D4D-A460-558204BD410A}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{92C106BB-12C8-4BF5-A4BF-5877B813424D}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{92EFB206-B908-42B7-9818-2EDCA1908ECD}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{97E3BA86-D3C7-4533-8305-15FC625DEECB}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{98AAECCE-6FD7-4DEC-AB4E-C4FA7C707D8C}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{9AC9A191-E582-4986-90D4-32D48DE6D680}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{A096FE5C-6A29-46EB-9DF5-90D162E4C3DB}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{A7F15219-83C8-4C60-8CB9-7CEA3C23F649}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{ACDC5C04-03E0-4DDB-9D19-E364FC48A4A8}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{AD3E3225-CC81-4067-8DCE-074CE5C37B85}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{B016B4AE-E2E3-49A5-B84E-0AE1985023C9}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{B04A4A4B-F4F5-4A4F-A197-AFD3FFA779C5}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{BC91D199-4E9D-4067-884C-828D30971BE1}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{BDE7C5ED-2E13-4AE3-8317-334217D4C643}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{BF1F4377-F849-425B-9639-A3B3A532FA2C}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{C2F10F56-B51C-40D2-87D9-5AD129D6C6EE}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{C67E0341-E7FA-4D1D-B877-3DC9FBF344E6}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{CD197DBC-EE6F-49E9-8480-FC63573EECCA}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{CFBCB8DA-6283-4C32-B62F-C06B312F9DCD}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{D0106838-7382-4EC3-A9F8-9FF3BB8D76A9}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{D68342E7-4BD9-4139-B39D-76F0EFCA6BB5}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{D90BB720-D557-4D55-A659-C730C5EA679D}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{DC41CE73-8A07-4B5F-B9A4-34719FFB36CC}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{DD5DC3AD-6218-4903-8D74-6B3030AA3A21}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{E3366CF2-B38A-4D9A-9830-6478BDB46408}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{E379941A-B1A3-4C59-9933-53B0710D131C}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{E697C6FF-BC0F-4191-AEC5-BC0E622010E4}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{E94AE52F-D333-4FA9-A700-1D3F803FEEDE}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{E98EEB1C-064A-48AE-ADEB-A7F9C73380AA}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{EB58A493-4BBC-47B0-9352-582C59F55078}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{EE64A91B-7AEB-4467-9446-422312899B27}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{EEA6B577-96EB-40A7-8DC1-B0A5D97BEB71}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{EEDE0438-D22B-4DBA-B6D3-693D42C57364}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{FBA12E77-7B08-42F7-A319-1A43872D7893}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{FE7829C0-D1DD-436D-9FB2-89175FC52999}
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec



~~~ Chrome


[C:\Users\Eva\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Eva\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Eva\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Eva\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.07.2015 at  9:40:18,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Hier noch das neue FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Eva (administrator) on EVA-PC on 02-07-2015 09:43:38
Running from C:\Users\Eva\Downloads
Loaded Profiles: Eva (Available Profiles: UpdatusUser & Eva)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Eva\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2152512 2015-05-06] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-12-30] (Samsung Electronics)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-898756928-3254376158-833785005-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {17D1F2EA-F9EA-4688-9F8D-312E22E963F6} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {9EC76FE7-0D16-4099-9418-5BE723AF5D6D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {DCBA0778-58AA-48BD-BE89-CD5598D570C8} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {FB2FDD8B-DA39-47CE-B0E7-2B9D9BAF58C7} URL = hxxp://go.gmx.at/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{89B422F4-DA12-4352-8F0A-4C5C7AAB964A}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{E9C9ACB5-A0BF-4F5A-9042-F07C00E32BA2}: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=de-at
FF NetworkProxy: "autoconfig_url", "https://securedtonnel.net/a2stunnel.js"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-898756928-3254376158-833785005-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-898756928-3254376158-833785005-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\englische-ergebnisse.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\gmx-suche-sterreich.xml [2015-06-22]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\gmx-suche.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\lastminute.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\webde-suche.xml [2012-07-04]
FF Extension: Firebug - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\Extensions\firebug@software.joehewitt.com.xpi [2015-06-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]

Chrome: 
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-23]
CHR Extension: (Skype Click to Call) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-07]
CHR Extension: (Google Wallet) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-23]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 09:43 - 2015-07-02 09:43 - 02112512 _____ (Farbar) C:\Users\Eva\Downloads\FRST64(1).exe
2015-07-02 09:40 - 2015-07-02 09:40 - 00008421 _____ C:\Users\Eva\Desktop\JRT.txt
2015-07-02 09:36 - 2015-07-02 09:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-EVA-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-02 09:36 - 2015-07-02 09:36 - 00000000 ____D C:\RegBackup
2015-07-02 09:35 - 2015-07-02 09:35 - 02950807 _____ (Malwarebytes Corporation) C:\Users\Eva\Downloads\JRT.exe
2015-07-02 09:33 - 2015-07-02 09:33 - 00004099 _____ C:\Users\Eva\Desktop\AdwCleaner[S0].txt
2015-07-02 09:26 - 2015-07-02 09:29 - 00000000 ____D C:\AdwCleaner
2015-07-02 09:25 - 2015-07-02 09:25 - 02244096 _____ C:\Users\Eva\Downloads\AdwCleaner_4.207.exe
2015-07-02 09:24 - 2015-07-02 09:24 - 00001841 _____ C:\Users\Eva\Desktop\mbam.txt
2015-07-02 08:41 - 2015-07-02 08:47 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-02 08:41 - 2015-07-02 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-02 08:41 - 2015-07-02 08:47 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-02 08:41 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-02 08:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-02 08:40 - 2015-07-02 08:40 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-01 14:22 - 2015-07-01 14:22 - 00027142 _____ C:\Users\Eva\Desktop\combofix.txt
2015-07-01 14:21 - 2015-07-01 14:21 - 00027142 _____ C:\ComboFix.txt
2015-07-01 14:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-01 14:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-01 14:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-01 14:01 - 2015-07-01 14:21 - 00000000 ____D C:\Qoobox
2015-07-01 14:00 - 2015-07-01 14:20 - 00000000 ____D C:\Windows\erdnt
2015-07-01 13:59 - 2015-07-01 13:59 - 05631262 ____R (Swearware) C:\Users\Eva\Downloads\ComboFix.exe
2015-07-01 03:07 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-01 03:07 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-01 03:07 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-01 03:07 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-30 23:08 - 2015-07-02 09:33 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 23:08 - 2015-07-02 08:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-30 23:08 - 2015-07-01 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-30 23:07 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-30 23:06 - 2015-06-30 23:06 - 00000000 ____D C:\Users\Eva\Downloads\mbar-1.09.1.1004
2015-06-30 23:05 - 2015-06-30 23:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Eva\Downloads\mbar-1.09.1.1004.exe
2015-06-30 21:54 - 2015-06-30 21:54 - 00052968 _____ C:\Users\Eva\Downloads\Gmer.txt
2015-06-30 21:40 - 2015-06-30 21:40 - 00380416 _____ C:\Users\Eva\Downloads\Gmer-19357.exe
2015-06-30 21:37 - 2015-06-30 21:38 - 00051437 _____ C:\Users\Eva\Downloads\Addition.txt
2015-06-30 21:34 - 2015-06-30 21:34 - 00000468 _____ C:\Users\Eva\Downloads\defogger_disable.log
2015-06-30 21:34 - 2015-06-30 21:34 - 00000000 _____ C:\Users\Eva\defogger_reenable
2015-06-30 21:26 - 2015-06-30 21:26 - 00050477 _____ C:\Users\Eva\Downloads\Defogger.exe
2015-06-30 20:59 - 2015-07-02 09:43 - 00021035 _____ C:\Users\Eva\Downloads\FRST.txt
2015-06-30 20:59 - 2015-07-02 09:43 - 00000000 ____D C:\FRST
2015-06-30 20:59 - 2015-06-30 20:59 - 02112512 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2015-06-30 20:32 - 2015-06-30 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-30 19:53 - 2015-06-30 20:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-30 19:52 - 2015-06-30 19:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-30 19:52 - 2015-06-30 19:52 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-30 16:49 - 2015-06-30 16:49 - 40422528 _____ (Skype Technologies S.A.) C:\Users\Eva\Downloads\SkypeSetupFull.exe
2015-06-30 16:41 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-30 16:41 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-06-30 15:51 - 2015-06-30 15:51 - 02870984 _____ (ESET) C:\Users\Eva\Downloads\esetsmartinstaller_deu.exe
2015-06-30 15:51 - 2015-06-30 15:51 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-30 12:26 - 2015-06-30 12:26 - 00243592 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 38.0.5 (1).exe
2015-06-29 20:16 - 2015-06-29 20:16 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-06-29 20:16 - 2015-06-29 20:16 - 00000000 ____D C:\Windows\system32\NV
2015-06-29 20:09 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-29 20:09 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-29 20:09 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-29 20:09 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-29 20:09 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-29 20:09 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-29 20:09 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-29 20:09 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-29 20:09 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-06-29 20:09 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-06-29 20:09 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-29 20:09 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-06-29 20:09 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-29 20:09 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-06-29 20:09 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-06-29 20:01 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-06-29 20:01 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-06-29 20:01 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-06-29 20:01 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-06-29 19:58 - 2015-06-29 20:00 - 00000000 ____D C:\Program Files\Zune
2015-06-29 19:58 - 2015-06-29 19:58 - 00000931 _____ C:\Users\Public\Desktop\Zune.lnk
2015-06-29 19:58 - 2015-06-29 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
2015-06-29 19:56 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-29 19:56 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-29 19:55 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-29 19:55 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-29 19:55 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-29 19:55 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-29 19:55 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-29 19:55 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-29 19:55 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-29 19:55 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-29 19:55 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-29 19:55 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-29 19:53 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-29 14:42 - 2015-06-29 14:41 - 02209056 _____ C:\Users\Eva\Downloads\avira-eu-cleaner_de(1).exe
2015-06-29 14:41 - 2015-06-29 14:41 - 02209056 _____ C:\Users\Eva\Downloads\avira-eu-cleaner_de.exe
2015-06-29 14:30 - 2015-06-29 14:32 - 00000000 ____D C:\Users\Eva\AppData\Local\NPE
2015-06-29 14:30 - 2015-06-29 14:30 - 00000000 ____D C:\ProgramData\Norton
2015-06-28 00:19 - 2015-06-28 00:19 - 91226112 _____ C:\Windows\system32\config\SOFTWARE.bdkup
2015-06-28 00:19 - 2015-06-28 00:19 - 18612224 _____ C:\Windows\system32\config\SYSTEM.bdkup
2015-06-28 00:19 - 2015-06-28 00:19 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bdkup
2015-06-23 20:09 - 2015-06-23 20:12 - 00000000 ____D C:\Users\Eva\AppData\Roaming\QuickScan
2015-06-23 20:09 - 2015-06-23 20:09 - 00039480 _____ C:\Users\Eva\Downloads\qsinstaller.exe
2015-06-23 20:06 - 2015-06-23 20:06 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-06-23 20:06 - 2015-06-23 20:05 - 00001081 _____ C:\Users\Eva\Desktop\Kaspersky Security Scan.lnk
2015-06-23 20:05 - 2015-06-23 20:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-23 20:05 - 2015-06-23 20:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-06-23 20:03 - 2015-06-23 20:03 - 00416576 _____ (Kaspersky Lab) C:\Users\Eva\Downloads\de-de.setup.exe
2015-06-22 15:03 - 2015-06-22 15:03 - 00243592 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-10 14:46 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 14:46 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 14:46 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 14:46 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 14:46 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 14:46 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 14:46 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 14:46 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 14:46 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 14:46 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 14:46 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 14:46 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 14:46 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 14:46 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 14:46 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 14:46 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 14:46 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 14:46 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 14:46 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 14:46 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 14:46 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 14:46 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 14:46 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 14:46 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 14:46 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 14:46 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 14:46 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 14:45 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 14:45 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 14:45 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 14:45 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 14:45 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 14:45 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 14:45 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 14:45 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 14:45 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 14:45 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 14:45 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 14:45 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 14:45 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 14:45 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 14:45 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 14:45 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 14:45 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 14:45 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 14:45 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 14:45 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 14:45 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 14:45 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 14:45 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 14:45 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 14:45 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 14:45 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 14:45 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 14:45 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 14:45 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 14:45 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 14:45 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 14:45 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 14:45 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 14:45 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 14:45 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 14:45 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 14:45 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 14:45 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 14:45 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 14:45 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 14:45 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 14:45 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 14:45 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 14:45 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 14:45 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 14:45 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 14:45 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 14:45 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 14:45 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 14:44 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 14:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 14:44 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 14:44 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 14:44 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 14:44 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 14:44 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 14:44 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 14:44 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 14:44 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 14:44 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 14:44 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-05 12:05 - 2015-06-05 12:05 - 00000000 ____D C:\Users\Eva\AppData\Local\GWX
2015-06-03 08:15 - 2015-06-03 08:15 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 09:42 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 09:42 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 09:38 - 2011-07-27 06:10 - 01673870 _____ C:\Windows\WindowsUpdate.log
2015-07-02 09:34 - 2012-01-09 21:42 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Skype
2015-07-02 09:34 - 2011-12-27 16:53 - 00000000 ____D C:\ProgramData\clear.fi
2015-07-02 09:31 - 2010-11-21 05:47 - 00139168 _____ C:\Windows\PFRO.log
2015-07-02 09:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 09:31 - 2009-07-14 06:51 - 00146204 _____ C:\Windows\setupact.log
2015-07-02 09:27 - 2012-03-29 20:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-02 09:13 - 2012-01-11 21:46 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-02 09:04 - 2011-12-27 22:17 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002UA.job
2015-07-01 14:18 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-01 10:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-01 03:18 - 2012-07-02 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-30 21:34 - 2011-12-27 16:45 - 00000000 ____D C:\Users\Eva
2015-06-30 19:58 - 2011-12-27 16:46 - 00093136 _____ C:\Users\Eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-30 19:58 - 2009-07-14 06:45 - 00362904 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-30 19:54 - 2014-11-04 14:31 - 00000000 ____D C:\Users\Eva\AppData\Local\Adobe
2015-06-30 19:54 - 2011-06-08 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-06-30 19:54 - 2011-06-08 09:12 - 00000000 ____D C:\Program Files (x86)\Acer
2015-06-30 19:52 - 2011-06-08 09:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-30 19:49 - 2012-03-29 20:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-30 19:49 - 2012-03-29 20:02 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-30 19:49 - 2012-01-04 14:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-30 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-30 16:51 - 2012-08-15 17:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-30 16:51 - 2011-06-08 09:10 - 00000000 ____D C:\ProgramData\Skype
2015-06-30 16:48 - 2011-06-08 09:25 - 00000000 ____D C:\ProgramData\Adobe
2015-06-30 12:27 - 2012-07-02 16:34 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-30 12:27 - 2012-07-02 16:34 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-30 12:27 - 2012-07-02 16:34 - 00000000 ____D C:\Users\Eva\AppData\Local\Mozilla
2015-06-30 12:27 - 2012-07-02 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-30 12:24 - 2011-07-27 16:02 - 00699682 _____ C:\Windows\system32\perfh007.dat
2015-06-30 12:24 - 2011-07-27 16:02 - 00149790 _____ C:\Windows\system32\perfc007.dat
2015-06-30 12:24 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-29 20:16 - 2011-07-27 06:16 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-29 20:16 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-29 20:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-29 20:07 - 2011-07-27 06:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-29 20:07 - 2011-07-27 06:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-29 20:02 - 2011-12-27 16:53 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-29 14:33 - 2013-11-18 09:35 - 00000000 ____D C:\ProgramData\Oracle
2015-06-29 14:33 - 2013-03-04 14:58 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-29 14:31 - 2014-09-01 10:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-29 14:31 - 2014-09-01 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-25 23:01 - 2011-12-27 17:22 - 00000000 ____D C:\Users\Eva\Documents\Geschäft 2012
2015-06-25 20:50 - 2014-12-08 11:01 - 00000000 ____D C:\Users\Eva\Documents\Geschäft 2015
2015-06-25 16:33 - 2012-01-23 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-25 16:33 - 2011-12-27 18:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-24 17:09 - 2011-12-27 17:07 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2015-06-24 15:09 - 2011-12-29 22:28 - 00000432 _____ C:\Windows\BRWMARK.INI
2015-06-24 15:04 - 2012-08-30 18:28 - 00000000 ____D C:\Users\Eva\Documents\Anna Keller
2015-06-24 07:14 - 2014-09-21 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-24 07:14 - 2014-03-01 13:43 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-17 16:12 - 2011-12-27 17:19 - 00000000 ____D C:\Users\Eva\Documents\ELDA
2015-06-17 13:36 - 2011-12-27 17:19 - 00000000 ____D C:\Users\Eva\Documents\eva
2015-06-14 11:16 - 2011-12-27 17:25 - 00000000 ____D C:\Users\Eva\Documents\Kunden
2015-06-10 23:14 - 2014-11-12 15:40 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieBrowserModeList
2015-06-10 23:14 - 2014-05-07 10:15 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieUserList
2015-06-10 23:14 - 2014-05-07 10:15 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieSiteList
2015-06-10 22:54 - 2014-12-11 11:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 22:54 - 2014-05-06 22:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 16:43 - 2013-08-15 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 16:37 - 2011-12-28 21:57 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-02 12:46 - 2011-12-28 19:11 - 00000000 ____D C:\Windows\System32\Tasks\Games

==================== Files in the root of some directories =======

2012-01-31 22:58 - 2014-04-06 12:33 - 0036864 _____ () C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 06:33 - 2011-07-27 06:36 - 0015219 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-06-08 08:57 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Eva\AppData\Local\Temp\Quarantine.exe
C:\Users\Eva\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 16:57

==================== End of log ============================
         

Alt 02.07.2015, 17:02   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.07.2015, 19:17   #11
ludi81
 
Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



Also es sieht danach aus, als ob der Fehler weg ist. Super danke.

Hier noch mal die logs:

ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=16326cb2a0bd65489bb7961705caee09
# end=init
# utc_time=2015-07-02 04:18:20
# local_time=2015-07-02 06:18:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24611
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=16326cb2a0bd65489bb7961705caee09
# end=updated
# utc_time=2015-07-02 04:21:54
# local_time=2015-07-02 06:21:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=16326cb2a0bd65489bb7961705caee09
# engine=24611
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-02 06:06:14
# local_time=2015-07-02 08:06:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4310274 130037984 0 0
# scanned=282883
# found=0
# cleaned=0
# scan_time=6259
         

SecurityCheck
Code:
ATTFilter
 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Adobe Flash Player 18.0.0.194  
 Mozilla Firefox (38.0.5) 
 Mozilla Thunderbird (38.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Eva (administrator) on EVA-PC on 02-07-2015 20:16:28
Running from C:\Users\Eva\Downloads
Loaded Profiles: UpdatusUser & Eva (Available Profiles: UpdatusUser & Eva)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-03-09] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [2152512 2015-05-06] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-898756928-3254376158-833785005-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\S-1-5-21-898756928-3254376158-833785005-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-11] (Google Inc.)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-12-30] (Samsung Electronics)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-898756928-3254376158-833785005-1002\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-898756928-3254376158-833785005-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.vol.at/
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-898756928-3254376158-833785005-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {17D1F2EA-F9EA-4688-9F8D-312E22E963F6} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {9EC76FE7-0D16-4099-9418-5BE723AF5D6D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {DCBA0778-58AA-48BD-BE89-CD5598D570C8} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> {FB2FDD8B-DA39-47CE-B0E7-2B9D9BAF58C7} URL = hxxp://go.gmx.at/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: GMX MailCheck BHO -> {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} -> C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-29] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-898756928-3254376158-833785005-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll [2015-05-06] (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{89B422F4-DA12-4352-8F0A-4C5C7AAB964A}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{E9C9ACB5-A0BF-4F5A-9042-F07C00E32BA2}: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Google
FF Homepage: www.vol.at
FF NetworkProxy: "autoconfig_url", "https://securedtonnel.net/a2stunnel.js"
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-898756928-3254376158-833785005-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-898756928-3254376158-833785005-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Eva\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\englische-ergebnisse.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\gmx-suche-sterreich.xml [2015-06-22]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\gmx-suche.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\lastminute.xml [2012-07-04]
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\searchplugins\webde-suche.xml [2012-07-04]
FF Extension: Firebug - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\11vp9dcv.default\Extensions\firebug@software.joehewitt.com.xpi [2015-06-30]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]

Chrome: 
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-27]
CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-23]
CHR Extension: (Skype Click to Call) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-09-07]
CHR Extension: (Google Wallet) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-23]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-23]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 18:18 - 2015-07-02 18:18 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-02 18:16 - 2015-07-02 18:16 - 02870984 _____ (ESET) C:\Users\Eva\Downloads\esetsmartinstaller_deu(1).exe
2015-07-02 15:51 - 2015-07-02 15:51 - 00000970 _____ C:\Users\Eva\Desktop\checkup.txt
2015-07-02 15:43 - 2015-07-02 15:43 - 00852662 _____ C:\Users\Eva\Downloads\SecurityCheck.exe
2015-07-02 09:43 - 2015-07-02 09:43 - 02112512 _____ (Farbar) C:\Users\Eva\Downloads\FRST64(1).exe
2015-07-02 09:36 - 2015-07-02 09:36 - 00000207 _____ C:\Windows\tweaking.com-regbackup-EVA-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-02 09:36 - 2015-07-02 09:36 - 00000000 ____D C:\RegBackup
2015-07-02 09:35 - 2015-07-02 09:35 - 02950807 _____ (Malwarebytes Corporation) C:\Users\Eva\Downloads\JRT.exe
2015-07-02 09:26 - 2015-07-02 09:29 - 00000000 ____D C:\AdwCleaner
2015-07-02 09:25 - 2015-07-02 09:25 - 02244096 _____ C:\Users\Eva\Downloads\AdwCleaner_4.207.exe
2015-07-02 08:41 - 2015-07-02 08:47 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-02 08:41 - 2015-07-02 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-02 08:41 - 2015-07-02 08:47 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-02 08:41 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-02 08:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-02 08:40 - 2015-07-02 08:40 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-01 14:22 - 2015-07-01 14:22 - 00027142 _____ C:\Users\Eva\Desktop\combofix.txt
2015-07-01 14:21 - 2015-07-01 14:21 - 00027142 _____ C:\ComboFix.txt
2015-07-01 14:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-01 14:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-01 14:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-01 14:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-01 14:01 - 2015-07-01 14:21 - 00000000 ____D C:\Qoobox
2015-07-01 14:00 - 2015-07-01 14:20 - 00000000 ____D C:\Windows\erdnt
2015-07-01 13:59 - 2015-07-01 13:59 - 05631262 ____R (Swearware) C:\Users\Eva\Downloads\ComboFix.exe
2015-07-01 03:07 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-01 03:07 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-01 03:07 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-01 03:07 - 2014-12-11 19:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-30 23:08 - 2015-07-02 17:27 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 23:08 - 2015-07-02 08:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-30 23:08 - 2015-07-01 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-30 23:07 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-30 23:06 - 2015-06-30 23:06 - 00000000 ____D C:\Users\Eva\Downloads\mbar-1.09.1.1004
2015-06-30 23:05 - 2015-06-30 23:05 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Eva\Downloads\mbar-1.09.1.1004.exe
2015-06-30 21:54 - 2015-06-30 21:54 - 00052968 _____ C:\Users\Eva\Downloads\Gmer.txt
2015-06-30 21:40 - 2015-06-30 21:40 - 00380416 _____ C:\Users\Eva\Downloads\Gmer-19357.exe
2015-06-30 21:37 - 2015-06-30 21:38 - 00051437 _____ C:\Users\Eva\Downloads\Addition.txt
2015-06-30 21:34 - 2015-06-30 21:34 - 00000468 _____ C:\Users\Eva\Downloads\defogger_disable.log
2015-06-30 21:34 - 2015-06-30 21:34 - 00000000 _____ C:\Users\Eva\defogger_reenable
2015-06-30 21:26 - 2015-06-30 21:26 - 00050477 _____ C:\Users\Eva\Downloads\Defogger.exe
2015-06-30 20:59 - 2015-07-02 20:16 - 00024770 _____ C:\Users\Eva\Downloads\FRST.txt
2015-06-30 20:59 - 2015-07-02 20:16 - 00000000 ____D C:\FRST
2015-06-30 20:59 - 2015-06-30 20:59 - 02112512 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2015-06-30 20:32 - 2015-06-30 20:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-30 19:53 - 2015-06-30 20:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-30 19:52 - 2015-06-30 19:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-30 19:52 - 2015-06-30 19:52 - 00002051 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-30 16:49 - 2015-06-30 16:49 - 40422528 _____ (Skype Technologies S.A.) C:\Users\Eva\Downloads\SkypeSetupFull.exe
2015-06-30 16:41 - 2014-09-05 04:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-30 16:41 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-06-30 15:51 - 2015-06-30 15:51 - 02870984 _____ (ESET) C:\Users\Eva\Downloads\esetsmartinstaller_deu.exe
2015-06-30 12:26 - 2015-06-30 12:26 - 00243592 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 38.0.5 (1).exe
2015-06-29 20:16 - 2015-06-29 20:16 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-06-29 20:16 - 2015-06-29 20:16 - 00000000 ____D C:\Windows\system32\NV
2015-06-29 20:09 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-29 20:09 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-29 20:09 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-29 20:09 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-29 20:09 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-29 20:09 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-29 20:09 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-29 20:09 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-29 20:09 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-06-29 20:09 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-06-29 20:09 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-29 20:09 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-06-29 20:09 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-29 20:09 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-06-29 20:09 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-06-29 20:01 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-06-29 20:01 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-06-29 20:01 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-06-29 20:01 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-06-29 19:58 - 2015-06-29 20:00 - 00000000 ____D C:\Program Files\Zune
2015-06-29 19:58 - 2015-06-29 19:58 - 00000931 _____ C:\Users\Public\Desktop\Zune.lnk
2015-06-29 19:58 - 2015-06-29 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
2015-06-29 19:56 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-29 19:56 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-29 19:56 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-29 19:56 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-29 19:55 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-29 19:55 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-29 19:55 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-29 19:55 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-29 19:55 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-29 19:55 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-29 19:55 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-29 19:55 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-29 19:55 - 2015-03-14 05:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-29 19:55 - 2015-03-14 05:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-29 19:55 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-29 19:55 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-29 19:53 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-29 14:42 - 2015-06-29 14:41 - 02209056 _____ C:\Users\Eva\Downloads\avira-eu-cleaner_de(1).exe
2015-06-29 14:41 - 2015-06-29 14:41 - 02209056 _____ C:\Users\Eva\Downloads\avira-eu-cleaner_de.exe
2015-06-29 14:30 - 2015-06-29 14:32 - 00000000 ____D C:\Users\Eva\AppData\Local\NPE
2015-06-29 14:30 - 2015-06-29 14:30 - 00000000 ____D C:\ProgramData\Norton
2015-06-28 00:19 - 2015-06-28 00:19 - 91226112 _____ C:\Windows\system32\config\SOFTWARE.bdkup
2015-06-28 00:19 - 2015-06-28 00:19 - 18612224 _____ C:\Windows\system32\config\SYSTEM.bdkup
2015-06-28 00:19 - 2015-06-28 00:19 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bdkup
2015-06-23 20:09 - 2015-06-23 20:12 - 00000000 ____D C:\Users\Eva\AppData\Roaming\QuickScan
2015-06-23 20:09 - 2015-06-23 20:09 - 00039480 _____ C:\Users\Eva\Downloads\qsinstaller.exe
2015-06-23 20:06 - 2015-06-23 20:06 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-06-23 20:06 - 2015-06-23 20:05 - 00001081 _____ C:\Users\Eva\Desktop\Kaspersky Security Scan.lnk
2015-06-23 20:05 - 2015-06-23 20:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-23 20:05 - 2015-06-23 20:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-06-23 20:03 - 2015-06-23 20:03 - 00416576 _____ (Kaspersky Lab) C:\Users\Eva\Downloads\de-de.setup.exe
2015-06-22 15:03 - 2015-06-22 15:03 - 00243592 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-10 14:46 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 14:46 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 14:46 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 14:46 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-10 14:46 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 14:46 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 14:46 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 14:46 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 14:46 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-10 14:46 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-10 14:46 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-10 14:46 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-10 14:46 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-10 14:46 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-10 14:46 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-10 14:46 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-10 14:46 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-10 14:46 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 14:46 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-10 14:46 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-10 14:46 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 14:46 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 14:46 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 14:46 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 14:46 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 14:46 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 14:46 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 14:46 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 14:46 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 14:46 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 14:46 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-10 14:46 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-10 14:46 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-10 14:46 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-10 14:46 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-10 14:45 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 14:45 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-10 14:45 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-10 14:45 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 14:45 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-10 14:45 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-10 14:45 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-10 14:45 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-10 14:45 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-10 14:45 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-10 14:45 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-10 14:45 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-10 14:45 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-10 14:45 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-10 14:45 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-10 14:45 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-10 14:45 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-10 14:45 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-10 14:45 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-10 14:45 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-10 14:45 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-10 14:45 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-10 14:45 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-10 14:45 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-10 14:45 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-10 14:45 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-10 14:45 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-10 14:45 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-10 14:45 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-10 14:45 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-10 14:45 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 14:45 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 14:45 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 14:45 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 14:45 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 14:45 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 14:45 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 14:45 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 14:45 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 14:45 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 14:45 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 14:45 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 14:45 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 14:45 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 14:45 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 14:45 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 14:45 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 14:45 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 14:45 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 14:45 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 14:44 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 14:44 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 14:44 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 14:44 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 14:44 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 14:44 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 14:44 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 14:44 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 14:44 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 14:44 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 14:44 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 14:44 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-05 12:05 - 2015-06-05 12:05 - 00000000 ____D C:\Users\Eva\AppData\Local\GWX
2015-06-03 08:15 - 2015-06-03 08:15 - 00002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 20:13 - 2012-01-11 21:46 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-02 20:04 - 2011-12-27 22:17 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-898756928-3254376158-833785005-1002UA.job
2015-07-02 19:27 - 2012-03-29 20:02 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-02 15:49 - 2011-07-27 06:10 - 01725867 _____ C:\Windows\WindowsUpdate.log
2015-07-02 15:46 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-02 15:46 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-02 15:42 - 2012-01-09 21:42 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Skype
2015-07-02 15:38 - 2011-12-27 16:53 - 00000000 ____D C:\ProgramData\clear.fi
2015-07-02 15:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-02 15:37 - 2009-07-14 06:51 - 00146260 _____ C:\Windows\setupact.log
2015-07-02 09:31 - 2010-11-21 05:47 - 00139168 _____ C:\Windows\PFRO.log
2015-07-01 14:18 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-01 10:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-01 03:18 - 2012-07-02 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-30 21:34 - 2011-12-27 16:45 - 00000000 ____D C:\Users\Eva
2015-06-30 19:58 - 2011-12-27 16:46 - 00093136 _____ C:\Users\Eva\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-30 19:58 - 2009-07-14 06:45 - 00362904 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-30 19:54 - 2014-11-04 14:31 - 00000000 ____D C:\Users\Eva\AppData\Local\Adobe
2015-06-30 19:54 - 2011-06-08 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-06-30 19:54 - 2011-06-08 09:12 - 00000000 ____D C:\Program Files (x86)\Acer
2015-06-30 19:52 - 2011-06-08 09:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-30 19:49 - 2012-03-29 20:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-30 19:49 - 2012-03-29 20:02 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-30 19:49 - 2012-01-04 14:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-30 19:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-30 16:51 - 2012-08-15 17:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-30 16:51 - 2011-06-08 09:10 - 00000000 ____D C:\ProgramData\Skype
2015-06-30 16:48 - 2011-06-08 09:25 - 00000000 ____D C:\ProgramData\Adobe
2015-06-30 12:27 - 2012-07-02 16:34 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-30 12:27 - 2012-07-02 16:34 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-30 12:27 - 2012-07-02 16:34 - 00000000 ____D C:\Users\Eva\AppData\Local\Mozilla
2015-06-30 12:27 - 2012-07-02 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-30 12:24 - 2011-07-27 16:02 - 00699682 _____ C:\Windows\system32\perfh007.dat
2015-06-30 12:24 - 2011-07-27 16:02 - 00149790 _____ C:\Windows\system32\perfc007.dat
2015-06-30 12:24 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-29 20:16 - 2011-07-27 06:16 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-29 20:16 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-29 20:14 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-29 20:07 - 2011-07-27 06:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-06-29 20:07 - 2011-07-27 06:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-06-29 20:02 - 2011-12-27 16:53 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-29 14:33 - 2013-11-18 09:35 - 00000000 ____D C:\ProgramData\Oracle
2015-06-29 14:33 - 2013-03-04 14:58 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-29 14:31 - 2014-09-01 10:21 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-29 14:31 - 2014-09-01 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-06-25 23:01 - 2011-12-27 17:22 - 00000000 ____D C:\Users\Eva\Documents\Geschäft 2012
2015-06-25 20:50 - 2014-12-08 11:01 - 00000000 ____D C:\Users\Eva\Documents\Geschäft 2015
2015-06-25 16:33 - 2012-01-23 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-06-25 16:33 - 2011-12-27 18:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-24 17:09 - 2011-12-27 17:07 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2015-06-24 15:09 - 2011-12-29 22:28 - 00000432 _____ C:\Windows\BRWMARK.INI
2015-06-24 15:04 - 2012-08-30 18:28 - 00000000 ____D C:\Users\Eva\Documents\Anna Keller
2015-06-24 07:14 - 2014-09-21 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-06-24 07:14 - 2014-03-01 13:43 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-17 16:12 - 2011-12-27 17:19 - 00000000 ____D C:\Users\Eva\Documents\ELDA
2015-06-17 13:36 - 2011-12-27 17:19 - 00000000 ____D C:\Users\Eva\Documents\eva
2015-06-14 11:16 - 2011-12-27 17:25 - 00000000 ____D C:\Users\Eva\Documents\Kunden
2015-06-10 23:14 - 2014-11-12 15:40 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieBrowserModeList
2015-06-10 23:14 - 2014-05-07 10:15 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieUserList
2015-06-10 23:14 - 2014-05-07 10:15 - 00000000 __SHD C:\Users\Eva\AppData\Local\EmieSiteList
2015-06-10 22:54 - 2014-12-11 11:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 22:54 - 2014-05-06 22:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 16:43 - 2013-08-15 22:43 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 16:37 - 2011-12-28 21:57 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-02 12:46 - 2011-12-28 19:11 - 00000000 ____D C:\Windows\System32\Tasks\Games

==================== Files in the root of some directories =======

2012-01-31 22:58 - 2014-04-06 12:33 - 0036864 _____ () C:\Users\Eva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-07-27 06:33 - 2011-07-27 06:36 - 0015219 _____ () C:\ProgramData\ArcadeDeluxe5.log
2011-06-08 08:57 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Eva\AppData\Local\Temp\Quarantine.exe
C:\Users\Eva\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-23 16:57

==================== End of log ============================
         
kann ich jetzt alles was ich installiert haben wieder entfernen?
danke

Alt 03.07.2015, 06:27   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Standard

Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)



machen wir jetzt


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)
.com, adobe, adware, banking trojaner, cpu, defender, desktop, device driver, fehler, firefox, flash player, helper, iexplore.exe, installation, internet, internet explorer, modernisierung, mozilla, problem, scan, security, server, software, super, tcp, temp, udp, usb, windows




Ähnliche Themen: Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)


  1. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Avira funktioniert nicht mehr
    Log-Analyse und Auswertung - 24.06.2015 (13)
  2. Windows 8 (64-Bít) SRPTM.exe funktioniert nicht mehr
    Log-Analyse und Auswertung - 08.10.2014 (5)
  3. Windows Sicherheitscenter lässt sich nicht mehr aktivieren, Malwarebytes funktioniert nicht
    Log-Analyse und Auswertung - 21.06.2014 (9)
  4. Windows Tool zum entfernen bösartiger Software - Wo sind die Logs?
    Antiviren-, Firewall- und andere Schutzprogramme - 16.01.2014 (7)
  5. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Update funktioniert nicht mehr!
    Log-Analyse und Auswertung - 22.11.2013 (19)
  6. Mir ist es nicht mehr möglich in meinem Thema wie sonst zu antworten, warum?
    Lob, Kritik und Wünsche - 28.06.2013 (3)
  7. Windows Hostprozess funktioniert nicht mehr 2
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (0)
  8. Windows funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (0)
  9. Windows Explorer funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 10.01.2013 (17)
  10. Raiffeisen Online Banking Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (3)
  11. Windows Reporting funktioniert nicht mehr, Firewall startet nicht, Windows Explorer stürzt ab
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (11)
  12. Windows security alert - dateien vesteckt und online banking laeuft nicht mehr....
    Log-Analyse und Auswertung - 18.04.2011 (1)
  13. windows update funktioniert nicht mehr
    Log-Analyse und Auswertung - 25.03.2011 (1)
  14. Hjt logs bei mir Funktioniert es nicht
    Log-Analyse und Auswertung - 14.02.2011 (1)
  15. Windows funktioniert nicht mehr
    Mülltonne - 26.06.2008 (0)
  16. Windows Explorer funktioniert nicht mehr
    Log-Analyse und Auswertung - 07.06.2007 (3)
  17. Windows Update funktioniert nicht mehr
    Alles rund um Windows - 04.01.2005 (4)

Zum Thema Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) - Ich habe genau das gleiche Problem wie im Thread http://www.trojaner-board.de/166389-...oid-virus.html beschrieben und gelöst wurde. Ich habe ein Windows 7 mit 64 Bit. Es kommt immer das Popup Code: Alles auswählen - Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt)...
Archiv
Du betrachtest: Windows 7: Raiffeisen Banking funktioniert nicht mehr (logs sind in 2 antworten eingefügt) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.