|
Log-Analyse und Auswertung: http://your-home-page.netWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.07.2015, 13:19 | #1 |
| http://your-home-page.netCode:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by michael.schmaus (administrator) on NB1140 on 21-07-2015 13:40:21 Running from H:\ Loaded Profiles: michael.schmaus (Available Profiles: Admin & postgres & sysaidinternal & AdminDE & Chris.Oleszczuk & michael.schmaus & michael.schmaus & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\psxss.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Netop Business Solutions A/S) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (SEP AG) C:\Program Files\SEPsesam\bin\sesam\sm_main.exe (SEP AG) C:\Program Files\SEPsesam\bin\sesam\sm_ctrld_main.exe () C:\Program Files\SEPsesam\bin\sesam\sm_sshd.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Windows\SysWOW64\snmp.exe (SysAid Technology Ltd.) C:\Program Files\SysAid\SysAidSM.exe (iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SZServer.exe (SysAid Technology Ltd.) C:\Program Files\SysAid\SysAidWorker.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (ThreatTrack Security, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SBAMSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (GFI Software Development Ltd.) C:\Program Files (x86)\PatchManagementInstallation\Agent\lnssatt.exe (Apache Software Foundation) C:\Program Files (x86)\PatchManagementInstallation\Agent\Httpd\bin\httpd.exe (Apache Software Foundation) C:\Program Files (x86)\PatchManagementInstallation\Agent\Httpd\bin\httpd.exe (GFI Software Development Ltd.) C:\Program Files (x86)\PatchManagementInstallation\Agent\mantle.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\cmrcservice.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe (iS3, Inc.) C:\Program Files (x86)\iS3\STOPzilla AntiVirus\STOPzilla.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_x64.exe (Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Avaya Inc.) C:\Windows\System32\qtsp_sso.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Akamai Technologies, Inc.) C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ek-soft GmbH) C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Akamai Technologies, Inc.) C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Microsoft) C:\Program Files (x86)\Avaya\Avaya Microsoft Lync Integration\LyncAddin.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtwLyncIntf\BtwLyncIntf.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ek-soft GmbH) C:\Program Files (x86)\CTI\DIALit-Client\TeleTab.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-07-25] (Broadcom Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-07-03] (IDT, Inc.) HKLM\...\Run: [qtsp_sso] => C:\windows\system32\qtsp_sso.exe [1171968 2012-12-21] (Avaya Inc.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MultiScreen] => [X] HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358944 2011-01-28] (Acronis) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-08-01] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-07-03] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-10-24] (Intel Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14336 2010-01-15] (IBM Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company) HKLM-x32\...\Run: [LyncAddin] => C:\Program Files (x86)\Avaya\Avaya Microsoft Lync Integration\LyncAddin.exe [1933824 2012-11-09] (Microsoft) HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe [826832 2013-12-04] (Check Point Software Technologies) HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [MultiScreen] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [823720 2015-07-01] (Webroot) HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [168464 2012-10-25] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [139792 2012-10-25] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5145824 2011-01-28] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [Akamai NetSession Interface] => C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-03-11] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-10-18] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIALit.lnk [2014-11-05] ShortcutTarget: DIALit.lnk -> C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (ek-soft GmbH) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-06] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIALit.lnk [2014-11-05] ShortcutTarget: DIALit.lnk -> C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (ek-soft GmbH) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-06] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) GroupPolicyScripts: Group Policy detected <======= ATTENTION GroupPolicyScripts\User: Group Policy detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Microsoft Web Recorder Helper -> {06D7D698-1ECD-407F-A1C9-EFA54860490A} -> C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Console\Microsoft.Mom.RecorderBarBHO.dll [2013-09-06] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1383306434877 Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2D943FE5-0C98-4F50-A9EF-758CEED5C998}: [DhcpNameServer] 10.0.1.37 10.100.0.15 Tcpip\..\Interfaces\{5CB4035A-BE52-4E2F-A90A-EEB5B3C5C534}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{A51701BB-A804-4E1B-8457-21AFA11167D2}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\103qzzmr.default-1436867989260 FF SearchEngineOrder.2: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-24] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\MSC\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC) FF Extension: GMX MailCheck - C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\103qzzmr.default-1436867989260\Extensions\toolbar@gmx.net [2015-07-14] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-30] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-18] FF HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Firefox\Extensions: [firefoxaddon@ek-soft.de] - C:\Program Files (x86)\CTI\DIALit-Client\Firefox FF Extension: ek-soft CTI Add ON - C:\Program Files (x86)\CTI\DIALit-Client\Firefox [2014-06-16] FF HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14] CHR Extension: (Google Drive) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-14] CHR Extension: (YouTube) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-14] CHR Extension: (GMX MailCheck) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-07-14] CHR Extension: (Google Search) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14] CHR Extension: (Google Wallet) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-14] CHR Extension: (Gmail) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdtAgent; C:\Windows\system32\AdtAgent.exe [410808 2013-09-06] (Microsoft Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation) R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577712 2014-05-29] (Microsoft Corporation) S3 Cwbrxd; C:\windows\cwbrxd.exe [94208 2010-01-15] (IBM Corporation) [File not signed] S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [File not signed] R2 gfi_lanss11_attservice; C:\Program Files (x86)\PatchManagementInstallation\Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-14] (SurfRight B.V.) S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-10-09] (Intel Corporation) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-24] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-24] (Intel Corporation) R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.) R2 MSSQL$ACRONIS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed] R2 NetOp Host for NT Service; C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE [1516568 2010-11-01] (Netop Business Solutions A/S) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed] S4 PuranDefrag; C:\windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) R2 SBAMSvc; C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SBAMSvc.exe [3937472 2014-01-07] (ThreatTrack Security, Inc.) S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation) R2 sm_main; C:\Program Files\SEPsesam\bin\sesam\sm_main.exe [362696 2015-03-10] (SEP AG) R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation) S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation) R3 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-07-03] (IDT, Inc.) [File not signed] R2 SysAidAgent; C:\Program Files\SysAid\SysAidSM.exe [23192 2015-04-01] (SysAid Technology Ltd.) S4 System Center Management APM; C:\Program Files\Microsoft System Center 2012 R2\Service Manager\APMDOTNETAgent\InterceptSvc.exe [626872 2013-09-06] (Microsoft Corp.) R2 sz7; C:\Program Files (x86)\iS3\STOPzilla AntiVirus\SZServer.exe [1735872 2015-07-10] (iS3, Inc.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [File not signed] R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [4880512 2013-12-04] (Check Point Software Technologies) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-07-25] (Broadcom Corporation) [File not signed] R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [823720 2015-07-01] (Webroot) S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X] S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-07-14] (Broadcom Corporation.) S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R3 dwVSCD; C:\Windows\System32\DRIVERS\dwvscd.sys [11904 2010-11-01] (Danware Data A/S) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security) R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-02] (Ericsson AB) R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2014-05-19] (Paragon Software Group) R3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.) R3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.) R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation) R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation) R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-14] (Microsoft Corporation) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-10-01] (ThreatTrack Security, Inc.) S3 sehutn; C:\Windows\System32\DRIVERS\sehutn.sys [49328 2013-10-08] (SEH Computertechnik GmbH) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-09] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-09] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-09] () R3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2012-09-20] (Check Point Software Technologies) R1 vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456952 2013-12-04] (Check Point Software Technologies Ltd.) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-07-01] (Webroot) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-25] (Ericsson AB) S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U0 dmboot; No ImagePath U0 SR; No ImagePath U2 srservice; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-21 13:39 - 2015-07-21 13:40 - 00000000 ____D C:\FRST 2015-07-21 12:54 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-21 12:54 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-21 12:54 - 2015-07-02 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-21 12:54 - 2015-07-02 20:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-21 12:54 - 2015-06-29 15:30 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-21 12:54 - 2015-06-29 15:27 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-21 12:54 - 2015-06-17 15:28 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-21 12:54 - 2015-06-17 15:26 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-21 12:54 - 2015-06-17 15:26 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-21 12:54 - 2015-06-11 20:03 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-21 12:54 - 2015-06-11 19:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-21 12:54 - 2015-06-11 19:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-07-21 12:54 - 2015-06-11 19:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-07-21 12:53 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-21 12:53 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-21 12:53 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-21 12:53 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-20 16:42 - 2015-07-20 16:42 - 00000000 ____D C:\Users\MSC\AppData\Local\CEF 2015-07-20 13:21 - 2015-07-20 13:21 - 00000000 ____D C:\ProgramData\VIPRE 2015-07-20 13:21 - 2015-07-20 13:21 - 00000000 ____D C:\Program Files\Common Files\AV 2015-07-20 13:21 - 2013-09-04 14:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys 2015-07-20 13:21 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys 2015-07-20 13:17 - 2015-07-21 13:35 - 00083692 _____ C:\Windows\WindowsUpdate.log 2015-07-20 13:12 - 2015-07-21 13:30 - 00000000 ____D C:\ProgramData\STOPzilla! 2015-07-20 13:12 - 2015-07-20 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla 2015-07-20 13:12 - 2015-07-20 13:12 - 00000000 ____D C:\Program Files (x86)\iS3 2015-07-20 13:12 - 2013-10-01 16:31 - 00260816 _____ (GFI Software) C:\Windows\system32\Drivers\SbFw.sys 2015-07-20 13:12 - 2013-10-01 16:31 - 00063184 _____ (GFI Software) C:\Windows\system32\Drivers\sbhips.sys 2015-07-20 13:12 - 2013-03-26 15:58 - 00120608 _____ (GFI Software) C:\Windows\system32\Drivers\SbFwIm.sys 2015-07-20 12:41 - 2015-07-21 13:29 - 00000366 _____ C:\Windows\Tasks\TransmitAll.job 2015-07-20 12:41 - 2015-07-20 13:00 - 00000000 ____D C:\ProgramData\{cd5b4ee3-71a9-ecd7-cd5b-b4ee371a3b8d} 2015-07-17 13:05 - 2015-07-17 13:05 - 00000000 _____ C:\Windows\SysWOW64\REN26F6.tmp 2015-07-16 09:31 - 2015-07-16 09:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-15 10:21 - 2015-03-30 00:47 - 00083624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 10:21 - 2015-03-30 00:43 - 00089264 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 10:10 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-07-15 10:10 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-15 10:10 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-15 10:10 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-15 10:10 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-07-15 10:09 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-07-15 09:26 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 09:26 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 09:26 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 09:26 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-15 09:26 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-07-15 09:26 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-07-15 09:26 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-07-15 09:26 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-07-15 09:26 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-07-15 09:26 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-07-15 09:26 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-07-15 09:26 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-07-15 09:26 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-07-15 09:26 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-07-15 09:26 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-07-15 09:26 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 09:26 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 09:26 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 09:26 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-15 09:26 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 09:26 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 09:26 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-15 09:26 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-15 09:26 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 09:26 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 09:26 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 09:26 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-15 09:26 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 09:26 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-15 09:26 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-07-15 09:26 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-07-15 09:26 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-07-15 09:26 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-07-15 09:26 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-15 09:26 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-14 14:54 - 2015-07-14 14:54 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-14 14:54 - 2015-07-14 14:54 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-07-14 14:54 - 2015-07-14 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-14 14:21 - 2015-07-15 09:33 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-14 14:21 - 2015-07-14 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-14 14:20 - 2015-07-21 13:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-14 14:20 - 2015-07-21 13:33 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-14 14:20 - 2015-07-16 09:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-14 14:20 - 2015-07-16 09:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-14 13:50 - 2015-07-14 13:50 - 00002513 _____ C:\Users\MSC\Desktop\JRT.txt 2015-07-14 13:47 - 2015-07-14 13:47 - 00000207 _____ C:\Windows\tweaking.com-regbackup-NB1140-Windows-7-Ultimate-(64-bit).dat 2015-07-14 13:47 - 2015-07-14 13:47 - 00000000 ____D C:\RegBackup 2015-07-14 13:43 - 2015-07-14 13:43 - 03034266 _____ (Malwarebytes Corporation) C:\Users\MSC\Desktop\JRT.exe 2015-07-14 11:59 - 2015-07-14 11:59 - 00000000 ____D C:\Users\MSC\Desktop\Alte Firefox-Daten 2015-07-14 10:47 - 2015-07-20 13:00 - 00000410 _____ C:\Windows\system32\.crusader 2015-07-14 10:40 - 2015-07-14 10:40 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2015-07-14 10:40 - 2015-07-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-07-13 18:01 - 2015-07-13 18:01 - 00002018 _____ C:\Users\MSC\Documents\Silverlieght in allen Browsern aktivieren.txt 2015-07-13 14:17 - 2015-07-14 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-13 14:08 - 2015-07-13 14:08 - 00003122 _____ C:\Windows\System32\Tasks\Samsung_PSSD_Registration 2015-07-13 11:47 - 2015-07-13 11:47 - 00046274 _____ C:\ComboFix.txt 2015-07-13 11:30 - 2015-07-13 11:29 - 02248704 _____ C:\Users\MSC\Desktop\adwcleaner_4.208.exe 2015-07-13 11:09 - 2015-04-08 18:32 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-07-07 08:55 - 2015-07-07 08:55 - 00000000 ____D C:\Users\MSC\AppData\Roaming\SysAid 2015-07-03 09:33 - 2015-07-21 13:27 - 00004713 _____ C:\Users\MSC\Documents\ETG-Server.rdg 2015-07-02 13:41 - 2011-08-04 00:48 - 120893960 _____ (Oracle ) C:\Users\MSC\Downloads\SmartView.exe 2015-07-02 08:50 - 2015-07-02 08:50 - 00001088 _____ C:\Users\MSC\Documents\WER_Debug.reg 2015-07-02 08:44 - 2015-07-16 10:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-07-02 08:44 - 2015-07-02 08:44 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-07-01 11:23 - 2015-07-01 11:23 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-07-01 11:23 - 2015-07-01 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files\iTunes 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files\iPod 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-06-30 08:26 - 2015-06-30 14:21 - 00002234 ____H C:\Users\adminde\Documents\Default.rdp 2015-06-30 08:26 - 2015-06-30 08:26 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Intel Corporation 2015-06-30 08:25 - 2015-06-30 14:19 - 00000000 ____D C:\Users\adminde\Tracing 2015-06-30 08:25 - 2015-06-30 08:25 - 00124488 _____ C:\Users\adminde\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\Documents\IBM 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\Documents\Bluetooth Exchange Folder 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Synaptics 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\ICAClient 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\IBM 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\hpqLog 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Hewlett-Packard 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Avaya 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Apple Computer 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Packages 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Hewlett-Packard_Developme 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Citrix 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Broadcom 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Adobe 2015-06-30 08:24 - 2015-07-20 11:05 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0B921448-3CB6-4172-AC13-1384D54539F1} 2015-06-30 08:24 - 2015-07-20 11:05 - 00001200 __RSH C:\Users\adminde\ntuser.pol 2015-06-30 08:24 - 2015-07-20 11:05 - 00000000 ____D C:\Users\adminde 2015-06-30 08:24 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Adobe 2015-06-30 08:24 - 2015-06-30 08:24 - 00001425 _____ C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Vorlagen 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Startmenü 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Netzwerkumgebung 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Lokale Einstellungen 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Eigene Dateien 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Druckumgebung 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Documents\Eigene Musik 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Documents\Eigene Bilder 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Local\Verlauf 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Local\Anwendungsdaten 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Anwendungsdaten 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 ____D C:\Users\adminde\AppData\Local\Google 2015-06-30 08:24 - 2013-09-12 15:58 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Macromedia 2015-06-30 08:24 - 2013-07-20 07:02 - 00000000 ____D C:\Users\adminde\AppData\Local\Microsoft Help 2015-06-30 08:24 - 2013-04-14 01:33 - 00000000 ___HD C:\Users\adminde\Documents\hp.system.package.metadata 2015-06-30 08:24 - 2011-02-11 07:19 - 00000020 ___SH C:\Users\adminde\ntuser.ini 2015-06-30 08:24 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-30 08:24 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ___SD C:\Windows\system32\GWX 2015-06-27 12:27 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-27 12:27 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-27 12:27 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-27 12:27 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-27 12:27 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-27 12:27 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-27 12:27 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-27 12:27 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-27 12:27 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-27 12:27 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-27 12:27 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-27 12:27 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-27 12:27 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-21 13:40 - 2013-04-13 22:35 - 00993676 _____ C:\Windows\system32\perfh007.dat 2015-07-21 13:40 - 2013-04-13 22:35 - 00255428 _____ C:\Windows\system32\perfc007.dat 2015-07-21 13:40 - 2009-07-14 07:13 - 02420374 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-21 13:39 - 2014-11-14 13:14 - 00000000 ____D C:\ProgramData\WRData 2015-07-21 13:38 - 2009-07-14 06:45 - 00042336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-21 13:38 - 2009-07-14 06:45 - 00042336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-21 13:37 - 2013-07-03 12:02 - 00002072 _____ C:\Windows\system32\config\netlogon.ftl 2015-07-21 13:37 - 2012-02-09 16:30 - 00000000 ____D C:\Users\MSC\Documents\Outlook-Dateien 2015-07-21 13:37 - 2012-02-09 12:10 - 00000000 ____D C:\Users\MSC\Documents\DIALIT 2015-07-21 13:34 - 2014-01-31 10:49 - 00000000 ____D C:\Users\MSC\Tracing 2015-07-21 13:34 - 2011-02-11 07:14 - 00000000 ____D C:\Windows\Panther 2015-07-21 13:32 - 2013-07-05 11:11 - 00000580 _____ C:\Windows\SMSCFG.ini 2015-07-21 13:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv 2015-07-21 13:30 - 2015-05-29 10:52 - 00000782 _____ C:\Users\Public\Desktop\SysAid.lnk 2015-07-21 13:30 - 2015-05-29 10:52 - 00000000 ____D C:\Program Files\SysAid 2015-07-21 13:29 - 2014-08-15 14:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-07-21 13:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-21 13:29 - 2009-07-14 06:45 - 00529888 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-21 13:21 - 2013-04-14 01:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-21 10:59 - 2013-07-03 14:11 - 00026804 __RSH C:\ProgramData\ntuser.pol 2015-07-21 07:47 - 2013-06-21 00:13 - 00000000 ____D C:\Windows\Hewlett-Packard 2015-07-20 17:25 - 2015-05-20 10:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-20 16:03 - 2013-10-14 12:11 - 00000000 ____D C:\Program Files\HitmanPro 2015-07-20 15:45 - 2013-07-30 18:13 - 00000600 _____ C:\Users\MSC\AppData\Roaming\winscp.rnd 2015-07-20 15:45 - 2013-07-30 18:07 - 00000600 _____ C:\Users\MSC\AppData\Local\PUTTY.RND 2015-07-20 13:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-20 11:28 - 2013-07-30 12:45 - 00000000 ____D C:\Users\MSC 2015-07-20 11:15 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Deployment 2015-07-20 11:11 - 2013-08-01 12:49 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{02EBB676-2F51-4EB5-BF5C-EFF12763F7AF} 2015-07-20 10:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-20 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool 2015-07-17 13:06 - 2015-01-26 13:24 - 00000000 ____D C:\Program Files\Java 2015-07-17 12:45 - 2015-01-26 13:24 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-07-17 10:28 - 2012-02-09 16:30 - 00000000 ____D C:\Users\MSC\IPViewer 2015-07-17 08:19 - 2013-07-30 12:05 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 2015-07-17 08:08 - 2013-08-02 09:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-07-15 11:21 - 2013-11-20 19:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-15 11:21 - 2013-04-14 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-15 11:21 - 2013-04-14 01:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-15 10:50 - 2014-12-10 19:58 - 00000000 ____D C:\Windows\system32\appraiser 2015-07-15 10:50 - 2014-05-05 09:18 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-15 10:26 - 2013-04-14 01:02 - 02394654 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-07-15 10:23 - 2013-07-19 13:08 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-15 10:20 - 2013-08-01 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2015-07-15 10:20 - 2013-08-01 12:34 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2015-07-15 10:17 - 2013-07-25 17:46 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 14:36 - 2014-06-16 11:18 - 00001062 _____ C:\Users\Public\Desktop\DIALit.lnk 2015-07-14 14:36 - 2014-06-16 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIALit 2015-07-14 14:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech 2015-07-14 14:21 - 2015-01-27 16:16 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-14 14:21 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Google 2015-07-14 13:36 - 2013-10-14 12:14 - 00000000 ____D C:\AdwCleaner 2015-07-14 10:47 - 2014-07-26 10:46 - 00000000 ____D C:\Users\MSC\AppData\Roaming\NirSoft Utilities 2015-07-14 10:47 - 2013-10-14 12:06 - 00000000 ____D C:\ProgramData\HitmanPro 2015-07-14 09:06 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\CrashDumps 2015-07-14 09:04 - 2013-07-05 11:09 - 00000000 ____D C:\Windows\ccmsetup 2015-07-13 11:47 - 2013-11-15 10:41 - 00000000 ____D C:\Qoobox 2015-07-13 11:47 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Apps\2.0 2015-07-13 11:44 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-07-13 11:35 - 2013-11-15 10:38 - 05632449 ____R (Swearware) C:\Users\MSC\Desktop\ComboFix.exe 2015-07-13 11:08 - 2015-05-27 14:47 - 00002549 _____ C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk 2015-07-13 11:08 - 2013-07-30 13:49 - 00001527 _____ C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-13 11:08 - 2013-07-03 10:57 - 00001529 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-13 11:08 - 2013-07-03 10:57 - 00001523 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-07-13 09:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-07 08:56 - 2014-05-14 09:38 - 00000000 ____D C:\Program Files (x86)\Citrix 2015-07-07 08:55 - 2013-07-03 14:17 - 00000000 ____D C:\Windows\system32\appmgmt 2015-07-07 08:55 - 2013-04-14 01:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-06 17:38 - 2012-02-08 15:35 - 00000000 ____D C:\Temp 2015-07-03 09:17 - 2015-02-17 08:23 - 00006219 _____ C:\Users\MSC\Documents\ETS-Server.rdg.old 2015-07-03 08:43 - 2013-07-25 17:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-07-02 13:59 - 2013-07-30 13:49 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Adobe 2015-07-02 13:58 - 2014-08-22 10:32 - 00000000 ____D C:\Users\MSC\AppData\Local\Adobe 2015-07-02 11:29 - 2014-11-12 12:43 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieBrowserModeList 2015-07-02 11:29 - 2014-04-09 14:33 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieUserList 2015-07-02 11:29 - 2014-04-09 14:33 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieSiteList 2015-07-02 08:44 - 2013-07-30 12:03 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-02 08:43 - 2013-07-30 12:03 - 00000000 ____D C:\ProgramData\Adobe 2015-07-01 14:25 - 2014-11-14 13:14 - 00167632 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2015-07-01 14:25 - 2014-11-14 13:14 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2015-07-01 14:25 - 2014-11-14 13:14 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll 2015-07-01 11:26 - 2013-07-30 18:09 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Apple Computer 2015-07-01 11:22 - 2015-03-18 14:44 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-01 11:22 - 2015-03-18 14:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-06-30 09:18 - 2015-04-14 15:02 - 00000000 ____D C:\Users\MSC\Documents\Wohnung 2015-06-30 08:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2015-06-29 08:43 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-06-29 08:43 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-06-27 12:29 - 2014-09-09 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync 2015-06-27 12:29 - 2014-09-09 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync 2015-06-27 12:28 - 2014-09-09 12:36 - 00000000 ____D C:\Program Files\Microsoft Lync 2015-06-27 12:28 - 2013-07-25 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2013-07-30 18:12 - 2013-01-24 18:35 - 0023176 _____ () C:\Users\MSC\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-07-30 18:12 - 2014-10-06 12:53 - 0023164 _____ () C:\Users\MSC\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-11-08 14:24 - 2015-02-09 18:50 - 0081642 _____ () C:\Users\MSC\AppData\Roaming\MultiScreen_log.log 2015-04-16 08:46 - 2015-04-16 08:46 - 0033193 _____ () C:\Users\MSC\AppData\Roaming\UserTile.png 2013-07-30 18:13 - 2015-07-20 15:45 - 0000600 _____ () C:\Users\MSC\AppData\Roaming\winscp.rnd 2013-07-30 18:04 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\AtStart.txt 2013-07-30 18:04 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\DSwitch.txt 2013-07-30 18:07 - 2015-07-20 15:45 - 0000600 _____ () C:\Users\MSC\AppData\Local\PUTTY.RND 2013-07-30 18:07 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\QSwitch.txt 2013-07-30 18:07 - 2012-12-02 16:08 - 0001832 _____ () C:\Users\MSC\AppData\Local\SLC_msc.prx 2013-10-18 17:29 - 2013-10-18 18:23 - 0000826 _____ () C:\ProgramData\hpzinstall.log 2013-08-01 12:45 - 2013-08-01 12:45 - 0000266 _____ () C:\ProgramData\LEDM_AdaptorInstall.log 2013-12-09 11:21 - 2013-12-09 14:12 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ZeroAccess: C:\Users\MSC\AppData\Local\682008ce C:\Users\MSC\AppData\Local\682008ce\@ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 08:19 ==================== End of log ============================ |
21.07.2015, 13:25 | #2 |
/// the machine /// TB-Ausbilder | http://your-home-page.net Hi,
__________________Addition.txt fehlt noch
__________________ |
21.07.2015, 13:30 | #3 |
| http://your-home-page.net [CODE]Additional
__________________FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015 Ran by michael.schmaus at 2015-07-21 13:41:03 Running from H:\ Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-138671167-893842611-3967195578-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-138671167-893842611-3967195578-500 - Administrator - Disabled) Gast (S-1-5-21-138671167-893842611-3967195578-501 - Limited - Disabled) postgres (S-1-5-21-138671167-893842611-3967195578-1018 - Limited - Enabled) => C:\Users\postgres sysaidinternal (S-1-5-21-138671167-893842611-3967195578-1022 - Administrator - Enabled) => C:\Users\sysaidinternal ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109} AV: STOPzilla AntiVirus (Enabled - Up to date) {581418F3-DCB4-03A7-8970-1C2B5929FC27} AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} AS: STOPzilla AntiVirus (Enabled - Up to date) {E375F917-FA8E-0C29-B3C0-275922AEB69A} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acronis*True*Image*Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7160 - Acronis) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.15 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated) Adobe Customization Wizard 8 (HKLM-x32\...\{AC76BA86-1033-0000-0000-000000000003}) (Version: 8.0.0 - Adobe Systems, Inc.) Adobe Customization Wizard 9 (HKLM-x32\...\{AC76BA86-1033-0000-0000-000000000004}) (Version: 9.0.0 - Adobe Systems, Inc.) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe) Akamai NetSession Interface (HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.39.0 - Alcor Micro Corp.) Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.39.0 - Alcor Micro Corp.) Hidden Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon) Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Verifier x64 External Package (Version: 8.100.26936 - Microsoft) Hidden AttachmentsManager 1.8.6 (HKLM-x32\...\AttachmentsManager_is1) (Version: 1.8.6 - SmartTools Publishing) Avaya IP Office Plug-in for Salesforce.com (x32 Version: 9.0.200.15 - Avaya) Hidden Avaya IP Office Plug-in for Salesforce.com v9.0.2.0 build 15 (HKLM-x32\...\Avaya IP Office Plug-in for Salesforce.com) (Version: 9.0.200.15 - Avaya) Avaya Microsoft Lync Integration (HKLM-x32\...\{3110CD25-2EB2-468B-9F24-E506C1CBEAB4}) (Version: 6.2.0.0 - Avaya) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation) Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5300 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.232 - Broadcom Corporation) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: - Broadcom Corporation) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden C3000 Fax Printer (64 Bit) (HKLM\...\{6837CEE3-B8FD-4521-A9CB-94B599E2233C}) (Version: 2.0.2303.1029 - Comergo GmbH) calibre 64bit (HKLM\...\{61AFB2AC-84FF-4C05-8427-3D2FA64A520B}) (Version: 1.13.0 - Kovid Goyal) Calisto DFU Driver (x64) (HKLM\...\{1C20E609-768A-4FDC-AC75-2CE466D81506}) (Version: 2.4.49092.0 - Plantronics, Inc.) Canon Remote Operation Viewer 2.0 (HKLM-x32\...\{D24AE168-6414-4EA7-89CE-6AEB76419870}) (Version: 1.0.0 - CANON) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP) Check Point VPN (HKLM-x32\...\{FDF89F73-D0C7-4D1A-BDAA-3405FEA39338}) (Version: 98.60.92 - Check Point Software Technologies Ltd.) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Color Network ScanGear 2 (HKLM\...\{95F1E28D-A360-421B-8BDC-0640A3BD945B}) (Version: 2.0.0 - CANON INC.) Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden Configuration Manager Support Center (HKLM-x32\...\{5E7FB70D-60B3-44AB-A0C3-FE6ABD5C0377}) (Version: 5.00.7958.1120 - Microsoft Corporation) Crystal Reports 11 Runtime (HKLM-x32\...\{9038A340-AAFD-42E3-992A-62B49C6CF476}) (Version: 1.0.0 - Carano GmbH) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.) DataMigrationTool (HKLM-x32\...\{AAECF3DD-0F4C-4E6C-B2A9-10595064B30B}) (Version: 1.0.6 - TeamViewer) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden DIALit V4.2 (HKLM-x32\...\{B213DFFA-8681-49D4-8B30-2D8DD69223C3}) (Version: 4.2.0.18 - ek-soft GmbH) DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Exchange System Manager (HKLM-x32\...\{C0850F9C-EF33-46C7-A226-6309540C0C05}) (Version: 6.5.8037.0 - Microsoft) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski) GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation) GDR 4042 für SQL Server 2008 R2 (KB3045313) (64-bit) (HKLM\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation) GDR 5520 für SQL Server 2008 (KB 2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation) GFI LanGuard 11 Agent (x32 Version: 11.1.2012.1207 - GFI Software Ltd) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.) HP 3D DriveGuard (HKLM\...\{B64F0818-316F-4237-8CB4-35BC2DA784C2}) (Version: 5.1.12.1 - Hewlett-Packard Company) HP BIOS Configuration Utility (HKLM-x32\...\{1B0AE7F1-30A4-4F70-BB8A-99BE988E4652}) (Version: 3.2.3.1 - Hewlett-Packard Company) HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Documentation (HKLM-x32\...\{C65D5947-5FAF-499E-859F-75C3852D84B0}) (Version: 1.1.1.0 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.16 - SunplusIT) HP Hotkey Support (HKLM-x32\...\{53C48A27-4079-49EB-8E73-76BA85D2BF6F}) (Version: 5.0.24.1 - Hewlett-Packard Company) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP IP CONSOLE VIEWER 4.1.2.1 (HKLM-x32\...\HP IP CONSOLE VIEWER) (Version: 4.1.2.1 - Hewlett-Packard) HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 7.2.8.1 - Ericsson AB) HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP) HP Port Replicator Software Installer (HKLM-x32\...\{6313BCDF-1109-4682-A19D-413189817787}) (Version: 1.3.23 - HP) HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP SoftPaq Download Manager (HKLM-x32\...\{76D4147B-1544-480B-80E7-69BE8461127F}) (Version: 3.5.4.0 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{B5BEF5F8-BD76-4174-A47D-05A06EA62615}) (Version: 2.7.1 - Hewlett-Packard Company) HP System Software Manager (HKLM-x32\...\{0654A5BE-4E69-4F93-88B2-A81B13A7960C}) (Version: 3.1.13.1 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden IBM i Access for Windows MRI (x32 Version: 07.01.0000 - IBM) Hidden IBM i Access für Windows 7.1 (HKLM\...\{31E11496-1F84-4DCC-B07A-369B40B8B4A7}) (Version: 07.01.0001 - IBM) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) InfoStore - DocumentViewer 2009-253 (HKLM-x32\...\{1258E438-FFA7-4234-BC8A-9FBCC764BC27}) (Version: 7.09.253 - Solitas AG) Inno Script Studio version 2.1.0.20 (HKLM-x32\...\{7C22BD69-9939-43CE-B16E-437DB2A39492}_is1) (Version: 2.1.0.20 - Kymoto Solutions) Inno Setup QuickStart Pack version 5.5.4 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.4 - Martijn Laan) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel(R) Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.5.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.60174 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation) iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.) Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation) JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.) Joe (HKLM-x32\...\{0AD3DEBC-5321-457E-8B43-8F546940169B}) (Version: 4.00.0050 - Wirth IT Design) Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden KiXscripts Editor 1.7 (HKLM-x32\...\KiXscripts Editor_is1) (Version: - ) KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) MailOut (HKLM-x32\...\MailOut_is1) (Version: Aktuelle Version - IN MEDIA KG) MailOut Enterprise Client (Arbeitsplatzinstallation) (HKLM-x32\...\MailOut Enterprise Client_is1) (Version: 1.0 - IN MEDIA KG) MailOut Enterprise Remote (HKLM-x32\...\{03DDCA28-B7FB-4E2B-91E5-25D93DD37140}) (Version: 0.1 - Administrator) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Media Add-ons für Acronis True Image Home 2010 (HKLM-x32\...\{3C6F60BD-EDBF-4D45-A063-59261E6FD540}) (Version: 13.0.7160 - Acronis) Media Add-ons für Acronis True Image Home 2010 (HKLM-x32\...\{9CA72668-86CC-5447-9278-A0378FE45378}) (Version: 13.0.6029 - Acronis) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Advanced Group Policy Management-Client (HKLM\...\{39FC17D5-FEA5-4220-8457-3CDF68E01E2B}) (Version: 4.1.1016.0 - Microsoft Corporation) Microsoft AS OLE DB-Anbieter für SQL Server 2012 (HKLM\...\{27CCA8E0-80E4-4FD4-BD37-76C299587E98}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Diagnostics and Recovery Toolset 7.0 (HKLM\...\{7283B4B5-EC48-4A41-93C0-CCDE1F22A468}) (Version: 7.0.310.0 - Microsoft Corporation) Microsoft Exchange Server 2010 (HKLM\...\Microsoft Exchange v14) (Version: 14.3.123.4 - Microsoft Corporation) Microsoft Lync 2010 (HKLM\...\{58A013B1-1613-4978-881A-FCA43710C84A}) (Version: 4.0.7577.4461 - Microsoft Corporation) Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Online Services-Anmeldeassistent (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Report Viewer 2012-Laufzeit (HKLM-x32\...\{65F3578A-F54F-4402-A9B1-E36B06976706}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 (KB971119) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable - Language Pack - deu (HKLM-x32\...\{B2F21D11-631B-33C2-8E1A-73EA57FDFE33}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable Language Pack - ita (HKLM-x32\...\{062DDDB2-21F6-38FD-91F7-FB65380C43F2}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable Language Pack - ptb (HKLM-x32\...\{2F7B3396-D648-3644-8987-3D5856E62842}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable 언어 팩 - kor (HKLM-x32\...\{607DD498-23DF-3790-BA0F-0E4055DE5284}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable 言語パック - jpn (HKLM-x32\...\{43855309-4888-35AF-A31F-270086E769E7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft ReportViewer 2010 Redistributable 语言包 - chs (HKLM-x32\...\{5A2F4392-7C23-3D07-9D1D-2B65D820059C}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft ReportViewer 2010 可轉散發語言套件 - cht (HKLM-x32\...\{106E9B81-1DF3-351A-9AF1-336FC0D81A9A}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.216 - Microsoft Corporation) Microsoft Robocopy GUI (HKLM-x32\...\{107C666F-63C5-4263-8D40-8B9CFB5FED08}) (Version: 1.0.0 - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Backward compatibility (HKLM\...\{8909B8A7-CEAB-4772-BF29-1892C4E6603B}) (Version: 8.05.2309 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Report Builder 3.0 (HKLM-x32\...\{C1F938A6-3B5D-415B-A238-FEAAAF0D8F94}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{B2213E4E-F502-4D36-BE95-9293C866EF3F}) (Version: 10.52.4042.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation) Microsoft SQL Server 2012 Analysis Management Objects (HKLM\...\{DBD0532B-25A9-470F-A57E-7BD2E39F0D50}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{8DD113A8-811A-404E-A4D7-443D014946AC}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{FBBA9369-3A6B-4EE3-9C53-DA0D29C2FC95}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft System Center 2012 R2 Service Manager (HKLM\...\{7B523367-360B-4EB6-9ED4-D2637816DD0F}) (Version: 7.5.3079.148 - Microsoft Corporation) Microsoft System Center 2012 R2 Virtual Machine Manager (HKLM\...\Microsoft System Center 2012 R2 Virtual Machine Manager) (Version: 3.2.7510.0 - Microsoft Corporation) Microsoft Virtual Machine Converter Solution Accelerator (HKLM-x32\...\{3CD4E444-CBF5-40E6-8279-B511DE7E26BB}) (Version: 1.0.4619.17079 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual SourceSafe 2005 - DEU (HKLM-x32\...\Microsoft Visual SourceSafe 2005 - DEU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation) Microsoft Windows Debugging Symbols (HKLM-x32\...\{0E8D886F-3205-4472-848E-990F400FF218}) (Version: 7601 - Microsoft) Microsoft Windows Debugging Symbols (HKLM-x32\...\{46EA439E-2D16-49B6-AA80-00DE992FE7CE}) (Version: 7601 - Microsoft) Microsoft Windows Debugging Symbols (HKLM-x32\...\{68ADAEAA-DABD-45C1-9CC2-F995407549CD}) (Version: 7601 - Microsoft) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{3E123CBC-07C3-448E-ACE4-F04157099175}) (Version: 11.1.3000.0 - Microsoft Corporation) Module linguistique Microsoft ReportViewer 2010 Redistributable - fra (HKLM-x32\...\{918D20E8-FEB8-3FF5-89EB-198AD8CE4010}) (Version: 10.0.40219 - Microsoft Corporation) MOOS Project Viewer (HKLM-x32\...\MOOS Project Viewer) (Version: 3.1.4 - Stand By Soft Ltd) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) mRemoteNG (HKLM-x32\...\mRemoteNG) (Version: 1.72.5065.32737 - Next Generation Software) MSI Development Tools (x32 Version: 8.100.26898 - Microsoft Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MultiScreen (HKLM-x32\...\{7E750925-00C9-4B23-A1E8-BBFC0955CFD8}) (Version: 3.0.23 - Samsung Electronics Ltd.) Netop Remote Control Guest (HKLM-x32\...\{00000034-92AC-11E2-911B-0417A1A01290}) (Version: 11.12.13081 - Netop Business Solutions A/S) Netop Remote Control Host (HKLM-x32\...\{00000044-E56C-11DF-9952-0417A1A01290}) (Version: 9.52.10305 - Netop Business Solutions A/S) Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Orca (HKLM-x32\...\{85F4CBCB-9BBC-4B50-A7D8-E1106771498D}) (Version: 3.1.3790.0000 - Microsoft Corporation) Paquete de idioma de Microsoft ReportViewer 2010 Redistributable - esn (HKLM-x32\...\{73B1BA61-C2E5-34A2-AD8D-9038972B0E2E}) (Version: 10.0.40219 - Microsoft Corporation) Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software) PC-WELT-Fix-it-Pack 2.0 (HKLM\...\{CD349D32-0976-4AB5-9616-82717033D2C8}_is1) (Version: - IDG Magazine Media GmbH) Plus Pack für Acronis True Image Home 2010 (HKLM-x32\...\{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}) (Version: 13.0.7160 - Acronis) Polycom CX5100-CX5500 Control Panel (HKLM-x32\...\{FEDF58EC-7DAD-4C84-BD4D-DCAF19D364E3}_is1) (Version: 1.0.0.189 - Polycom, Inc.) Puran Utilities 3.0 (HKLM\...\Puran Utilities_is1) (Version: - Puran Software) PuTTY version 0.62 (HKLM-x32\...\PuTTY_is1) (Version: 0.62 - Simon Tatham) Quest One ActiveRoles Management Shell for Active Directory (HKLM\...\{2C6FA0E7-1127-4D86-ACE5-BE5B6ABFF940}) (Version: 1.6.0.2683 - Quest Software, Inc.) Quest PowerGUI® 3.8 (HKLM-x32\...\{4498748D-F54C-4B84-AD4D-F8DA827FF65E}_Qs) (Version: 3.8.0.129 - Quest Software, Inc.) Quest PowerGUI® 3.8 (x32 Version: 3.8.0.129 - Quest Software, Inc.) Hidden RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation) Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden schwackeForecast (HKLM-x32\...\{2F8BAC6A-BDB9-4989-A56D-73FF4CEF5979}) (Version: 001.030.000.019 - ) SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden SDK Debuggers (x32 Version: 8.100.26936 - Microsoft Corporation) Hidden SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) SEP sesam GUI (HKLM\...\{07007377-2537-4AA1-9F3A-E4978C12492D}) (Version: 4.4.1.48 - SEP AG) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 für SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation) Service Pack 3 für SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Softerra LDAP Browser 4.5 (64-bit) (HKLM\...\{413EDBFA-6FE0-4416-B5FA-059C93A6A553}) (Version: 4.5.13724.0 - Softerra, Ltd.) SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQLXML4 (HKLM\...\{DEA9F247-F832-4E36-90BF-D8EDA206521A}) (Version: 9.00.5000.00 - Microsoft Corporation) Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden STOPzilla 7 Install (HKLM-x32\...\{63D41586-5FE0-4DDF-8958-8F022C1938D7}) (Version: 7.0.2.81 - iS3, Inc.) Support Tools Web Package : DCDIAG.EXE (HKLM-x32\...\{B1C1C959-8B1E-421B-8C90-46AAFBC3D7DD}) (Version: 1.0.0.1 - Microsoft Corporation) Support Tools Web Package : NETDIAG.EXE (HKLM-x32\...\{31D2ADFD-A2E2-47D0-AA6E-1343FA52BF7C}) (Version: 1.0.0.1 - Microsoft Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated) Synkronizer 11 (HKLM-x32\...\Synkronizer 11 11.0.41210.1800) (Version: 11.0.41210.1800 - XL Consulting GmbH) Synkronizer 11 (Version: 11.0.41210.1800 - XL Consulting GmbH) Hidden SysAid Admin Tools version 8.5.05 (HKLM-x32\...\SysAid Admin Tools_is1) (Version: 8.5 - SysAid Ltd.) SysAid Agent (HKLM\...\{FC5E1D1D-6D3F-4844-A937-567D589F655E}) (Version: 15.2.00.101 - SysAid Ltd) System Center 2012 R2 Configuration Manager-Konsole (HKLM-x32\...\{A6F71B78-04E9-4DB8-A161-23B87D8FB877}) (Version: 5.00.7958.1000 - Microsoft Corporation) System Center 2012 R2 Operations Manager (HKLM\...\System Center 2012 R2 Operations Manager) (Version: 7.1.10226.0 - Microsoft Corporation) System Center Operations Manager 2012 Console (Version: 7.1.10226.0 - Microsoft Corporation) Hidden System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer) TeamViewer 8 (MSI Wrapper) (HKLM-x32\...\{4F34E9E4-1AEE-47ED-8BB2-0FF1E143AB48}) (Version: 8.0.19617 - TeamViewer) TeamViewer 8 (MSI Wrapper) (HKLM-x32\...\{7F90BFB6-82B6-4063-8957-7DC8ACCFF4BE}) (Version: 8.0.18051 - TeamViewer) TeamViewer Manager 8 (HKLM-x32\...\TeamViewer Manager 8) (Version: - TeamViewer GmbH) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) uno_edit.exe (HKLM-x32\...\{C2DF8388-85D7-4AD3-8C96-3B2AF9092288}) (Version: 0.1 - Administrator) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update RollUp 1 for Microsoft System Center Virtual Machine Manager Administrator Console (x64) (KB2919248) (HKLM\...\{93C10AA5-8355-41C4-8F37-73C02E4C6E82}) (Version: - Microsoft Corporation) Update Rollup 2 for Exchange Server 2010 Service Pack 3 (KB2866475) (HKLM\...\KB2866475) (Version: 1 - Microsoft Corporation) Update RollUp 2 for Microsoft System Center Virtual Machine Manager Administrator Console (x64) (KB2932942) (HKLM\...\{A5F45664-201C-489c-A1E6-9F0D7671CD4B}) (Version: - Microsoft Corporation) Update Rollup 3 for Microsoft System Center Virtual Machine Manager Administrator Console (x64) (KB2965413) (HKLM\...\{E4FF346F-EA5A-411F-9F6B-2C469840DC28}) (Version: - Microsoft Corporation) Update Rollup 4 for Exchange Server 2010 Service Pack 3 (KB2905616) (HKLM\...\KB2905616) (Version: 1 - Microsoft Corporation) Update Rollup 4 for Microsoft System Center Virtual Machine Manager Administrator Console (x64) (KB2992023) (HKLM\...\{E424A006-23B8-4403-A413-9EEBFB422FB2}) (Version: - Microsoft Corporation) Update Rollup 5 for Exchange Server 2010 Service Pack 3 (KB2917508) (HKLM\...\KB2917508) (Version: 1 - Microsoft Corporation) Update Rollup 5 for Microsoft System Center Virtual Machine Manager Administrator Console (x64) (KB3023914) (HKLM\...\{27D9B702-5DF5-445A-BE1D-84E123208DD2}) (Version: - Microsoft Corporation) Update Rollup 6 for Exchange Server 2010 Service Pack 3 (KB2936871) (HKLM\...\KB2936871) (Version: 1 - Microsoft Corporation) Update Rollup 6 for Microsoft System Center Virtual Machine Manager Administrator Console (x64) (KB3050947) (HKLM\...\{368E82AF-3AD0-44AE-965D-E71C16132B79}) (Version: - Microsoft Corporation) Update Rollup 7 for Exchange Server 2010 Service Pack 3 (KB2961522) (HKLM\...\KB2961522) (Version: 1 - Microsoft Corporation) Update Rollup 8 for Exchange Server 2010 Service Pack 3 (KB2986475) (HKLM\...\KB2986475) (Version: 2 - Microsoft Corporation) UTAX TA Product Library (HKLM\...\UTAX TA Product Library) (Version: 2.0.0713 - KYOCERA Document Solutions Inc.) Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Vhd Resizer (HKLM-x32\...\{8FAA57C5-7BD1-4285-B4B1-36D7337D7BE5}) (Version: 1.0.42 - Xcarab) VIP Access SDK (1.1.0.7) (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.7 - Symantec Inc.) Visual BCD (HKLM-x32\...\{436D50FF-8FA1-4FDD-A9C9-48B52A990F57}) (Version: 0.9.3.1 - BoYans) Visual Studio 2008 Shell Isolated Mode Redistributable Package (HKLM-x32\...\{468AA969-3336-3F1D-92DE-D373B548B651}) (Version: 9.0.30729 - Microsoft) Visual Studio 2008 Shell Isolated Mode Redistributable Package (HKLM-x32\...\{B0990F1E-BCAD-36CA-A251-09824C77B297}) (Version: 9.0.30729 - Microsoft) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Webroot SecureAnywhere (HKLM-x32\...\{98C3BECF-DD5F-44D2-8EF3-48A926977467}) (Version: 8.4.131 - Webroot) WinDirStat 1.1.2 (HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\WinDirStat) (Version: - ) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation) Windows Script V5.6 Dokumentation (HKLM-x32\...\Scriptdoc) (Version: - ) Windows Server Update Services 3.0 SP2 Console (HKLM\...\Windows Server Update Services 3.0 SP2) (Version: 3.2.7600.226 - Microsoft Corporation) Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation) Windows-Treiberpaket - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.) WinSCP 5.5.5 (HKLM-x32\...\winscp3_is1) (Version: 5.5.5 - Martin Prikryl) WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. ) WPT Redistributables (x32 Version: 8.100.26936 - Microsoft) Hidden WPTx64 (x32 Version: 8.100.26936 - Microsoft) Hidden WSCC 2.3.0.0 (HKLM-x32\...\WSCC_is1) (Version: - KirySoft) Языковой пакет Microsoft ReportViewer 2010 Redistributable - rus (HKLM-x32\...\{9A8ED6EF-B155-3038-AA3C-36B3939EE0BC}) (Version: 10.0.40219 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll () CustomCLSID: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 14-07-2015 14:00:31 Prüfpunkt von HitmanPro 15-07-2015 10:11:11 Windows Update 20-07-2015 10:42:20 Windows Modules Installer 20-07-2015 12:51:40 Windows Defender Checkpoint 20-07-2015 13:00:15 Prüfpunkt von HitmanPro 20-07-2015 13:11:57 Installed STOPzilla 7 Install. 21-07-2015 13:01:07 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2015-07-13 11:44 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0279B360-6BF9-49C2-89FF-E6E44EE8B665} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated) Task: {0CFD085B-6A9C-443F-98C6-23B614DA90D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {0D1A06FB-C2FE-4641-8D32-8B4B3F5B3E17} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {310A1750-5E9A-4D87-BEB6-4C3488125673} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {42B050ED-B45D-4375-9FF9-8721F0441642} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.) Task: {4355E34C-5118-495C-BA04-72AF9642E2D7} - System32\Tasks\System Ruhezustand => D:\install\herunterfahren.cmd Task: {4BAA18B4-281C-4F08-823F-7C4E0C2928C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd) Task: {5A7906FA-8A64-4E3C-AAD5-D127D3D8962E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {5DC681B7-7640-470B-A0E1-456BAD00C7D4} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation) Task: {704FB5EE-E365-487E-B066-A641571FD575} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.) Task: {71764DA5-1AFF-442A-9F11-A6637F1821C1} - \TransmitAll No Task File <==== ATTENTION Task: {7224B8E9-EE2C-44E1-8CC1-BA3C656D02BA} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] () Task: {75F679A1-1672-4F74-B8E1-28280F7914F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {805AD214-3D19-44AB-A64C-92C3B43169C5} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {95208C9B-96D8-4649-9F32-531EF3EB4708} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {9A43357D-FBC6-4559-B97B-385DD9C64397} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {D0AFFF2A-527E-4FCB-A3D8-E79612D8AE93} - System32\Tasks\Samsung_PSSD_Registration => C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe [2014-12-03] (Samsung Electronics) Task: {D7951DC5-D615-4E56-8975-E0BAFF786855} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {D8270F3E-3AA9-4697-B145-79E9CDB415C8} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {E89213EA-47C2-4282-BAF9-B59FBE351C42} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {F8D50C97-9077-4564-B17C-1C4E0E9A3A92} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\TransmitAll.job => c:\programdata\{cd5b4ee3-71a9-ecd7-cd5b-b4ee371a3b8d}\spyhunter_keygen.exe--startup=1 --singlemichael.sch <==== ATTENTION ==================== Loaded Modules (Whitelisted) ============== 2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-10 16:52 - 2015-03-10 16:52 - 01277128 _____ () C:\Program Files\SEPsesam\bin\sesam\sm_sshd.exe 2015-03-10 16:53 - 2015-03-10 16:53 - 00058568 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\_socket.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00017096 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\select.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00017096 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\Crypto.Random.OSRNG.winrandom.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 01154248 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\_hashlib.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00017608 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\Crypto.Util._counter.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00037064 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\Crypto.Cipher._AES.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00064200 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\Crypto.Cipher._DES3.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00014536 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\Crypto.Util.strxor.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00069320 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\_bz2.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00027336 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\Crypto.Cipher._Blowfish.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00016584 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\Crypto.Cipher._ARC4.pyd 2015-03-10 16:53 - 2015-03-10 16:53 - 00769224 _____ () C:\Program Files\SEPsesam\bin\sesam\python3\unicodedata.pyd 2012-02-10 23:26 - 2012-02-10 23:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-02-21 03:52 - 2014-02-21 03:52 - 00043520 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2013-02-17 19:35 - 2012-05-06 19:20 - 00022336 _____ () C:\Program Files\CCleaner\branding.dll 2014-03-19 08:00 - 2014-03-19 08:00 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll 2011-01-28 20:15 - 2011-01-28 20:15 - 05145824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe 2013-07-03 17:38 - 2011-07-13 10:10 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll 2015-07-20 13:21 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions\libBase64.dll 2015-07-20 13:21 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\iS3\STOPzilla AntiVirus\Definitions\libMachoUniv.dll 2012-11-23 09:53 - 2012-11-23 09:53 - 00329592 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\apistrings.dll 2012-11-23 09:56 - 2012-11-23 09:56 - 00159608 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\modlop.dll 2012-11-23 09:54 - 2012-11-23 09:54 - 00100728 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\httpserverattplugin.dll 2012-11-23 09:46 - 2012-11-23 09:46 - 02029600 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\crmimodule.dll 2012-11-23 09:58 - 2012-11-23 09:58 - 00208760 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\patchautodownload.dll 2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2012-11-23 09:39 - 2012-11-23 09:39 - 00296448 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\TMSUnicodeD2009.bpl 2012-12-07 10:02 - 2012-12-07 10:02 - 00183160 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\scanmngsys.dll 2012-11-23 09:58 - 2012-11-23 09:58 - 00049528 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\schedcompactdb.dll 2012-11-23 09:58 - 2012-11-23 09:58 - 00054648 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\schedupdates.dll 2012-11-23 09:39 - 2012-11-23 09:39 - 00196608 _____ () C:\Program Files (x86)\PatchManagementInstallation\Agent\Httpd\bin\pcre.dll 2014-10-15 14:22 - 2014-10-15 14:22 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ffecb320f1e95e8c90a5ce2ee658306d\IsdiInterop.ni.dll 2013-04-14 01:05 - 2013-07-03 17:46 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-06-20 23:42 - 2013-10-24 14:54 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-06-27 00:44 - 2015-06-27 00:44 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu 2012-07-01 18:03 - 2012-07-01 18:03 - 05705728 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Connect\QtGui4.dll 2012-06-17 14:55 - 2012-06-17 14:55 - 01617920 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Connect\QtCore4.dll 2012-07-02 04:23 - 2012-07-02 04:23 - 00028672 _____ () C:\Program Files (x86)\CheckPoint\Endpoint Connect\imageformats\qgif4.dll 2011-01-28 18:23 - 2011-01-28 18:23 - 00279904 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll 2011-01-28 17:03 - 2011-01-28 17:03 - 00019808 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll 2011-01-28 17:04 - 2011-01-28 17:04 - 00028512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll 2014-03-19 08:00 - 2014-03-19 08:00 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-06-27 00:43 - 2015-06-27 00:43 - 02897304 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll 2015-06-27 00:44 - 2015-06-27 00:44 - 01446400 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\PDFMaker\AdobePDFMakerX.DEU 2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\ProgramData\Temp:874C5B53 AlternateDataStreams: C:\Users\MSC\Desktop\autiscover.vbs:Bookmarks AlternateDataStreams: C:\Users\MSC\Desktop\autiscover.vbs:Breakpoints AlternateDataStreams: C:\Users\MSC\Desktop\autiscover.vbs:FoldedSections AlternateDataStreams: C:\Users\MSC\Desktop\autiscover.vbs:Tracepoints AlternateDataStreams: C:\Users\MSC\Desktop\autiscover.vbs:Undo AlternateDataStreams: C:\Users\MSC\Desktop\autodiscover2.vbs:Bookmarks AlternateDataStreams: C:\Users\MSC\Desktop\autodiscover2.vbs:Breakpoints AlternateDataStreams: C:\Users\MSC\Desktop\autodiscover2.vbs:FoldedSections AlternateDataStreams: C:\Users\MSC\Desktop\autodiscover2.vbs:Tracepoints AlternateDataStreams: C:\Users\MSC\Desktop\autodiscover2.vbs:Undo AlternateDataStreams: C:\Users\MSC\Documents\MailOut_Bsp1.eml:OECustomProperty AlternateDataStreams: C:\Users\MSC\Documents\MailOut_Bsp2.eml:OECustomProperty AlternateDataStreams: C:\Users\MSC\Documents\MailOut_Bsp3.eml:OECustomProperty AlternateDataStreams: C:\Users\MSC\Documents\Schwacke - Pressemeldung - Schwacke aktualisiert Standardwerk zum Nutzungsausfall.eml:OECustomProperty ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Classes\exefile: "%1" %* <===== ATTENTION! ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\demtsr007 -> hxxp://demtsr007 IE trusted site: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\ets-production5 -> hxxps://ets-production5 IE trusted site: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\eurotax.com -> hxxp://compare.eurotax.com IE trusted site: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\odetteca.com -> hxxps://www.odetteca.com IE trusted site: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\salesforce.com -> hxxps://emea.salesforce.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Control Panel\Desktop\\Wallpaper -> DNS Servers: 10.0.1.37 - 10.100.0.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: ) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{83B82B13-1FB0-42B6-8DBC-A5DE9A609D09}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{53C18BD1-2E98-4154-AFFD-EFFF193EC5DA}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHSTW32.EXE FirewallRules: [{D3DCC892-E90F-4DB3-8891-7A280CEA76DC}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHSTW32.EXE FirewallRules: [{7EB42E73-DC7F-4C6A-817E-C43A5113EDC0}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHSTW32.EXE FirewallRules: [{B298D64C-C433-408D-B86A-3E7A38EAB2B2}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHSTW32.EXE FirewallRules: [{7C7091F0-AA36-4582-8727-A954465FED6D}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHSTW32.EXE FirewallRules: [{F308DCCB-2E98-466F-9724-7358DDDE6469}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHSTW32.EXE FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe FirewallRules: [{67E1D382-A769-4512-B1F8-485150AB6F5A}] => (Allow) LPort=11401 FirewallRules: [{E53AC2FA-CA16-411A-AE76-0E1F0362E830}] => (Allow) C:\Program Files (x86)\Canon\Color Network ScanGear\SgTool.exe FirewallRules: [{71BD0D3D-56F2-4A19-9068-F7F79629FC13}] => (Allow) C:\Program Files (x86)\Canon\Color Network ScanGear\SgTool.exe FirewallRules: [{79C6ED63-253E-4347-A20C-AD3581F16BE6}] => (Allow) LPort=56338 FirewallRules: [{D721AE08-5DD1-476C-B830-1B80974A0E0F}] => (Allow) LPort=56338 FirewallRules: [{B13D1C77-95BF-4428-9F90-F2B918B78183}] => (Allow) LPort=RPC FirewallRules: [{DF85B6AE-0896-403A-A90D-A75B582396D5}] => (Allow) C:\Windows\System32\mmc.exe FirewallRules: [{1448F6DF-DA5D-4FC2-9D4B-5B9F36EF57BB}] => (Allow) C:\Windows\System32\mmc.exe FirewallRules: [{63AB5D9F-787E-4BC2-93B0-A8469689BCCA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{D028AAF1-7D7E-4DEF-A2CC-D6110E4F8DE4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{61CF3E41-0660-4172-866D-8DC17A96FE23}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{0C607ECB-0D21-4AFE-B9CA-576E97FD3A74}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{62DB6274-8E63-4742-80EB-11BF1BEC3607}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{D4B4FD8E-6979-43EC-B2C2-6FEC64C3BB25}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{2E28C640-3B4C-43E8-A4A2-762CC25C511E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{43C5D108-E82D-4AF9-8961-D8D0FD206317}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{C446CCDD-9DF9-4EB4-89AB-C0F2B8A2CBBA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{783D73DE-D6B6-480D-86F6-C8F17B535396}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{B8527938-6D1B-404F-ABB9-E4BC085CA6E5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{6D33A5AD-00C5-45E0-9441-4127558C47DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{A89F8725-7796-42D6-94B6-DF4042BC1EDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{062CF2B3-2734-4E49-AB45-9164259075AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{0FA7B0D5-5F6A-420C-A920-E1C30A218B86}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{778144C2-3962-492B-A0F7-D17C4998133E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{B82962AA-81E9-4826-AE27-4B2C294EA64B}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{0A0AD4F8-8E3E-4AAA-9783-209869E18680}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [TCP Query User{CE182FA2-C093-4B5C-AEBA-69B720FE1F5B}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{D9910D3C-C58D-497C-A4EF-6A996A765A6F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{CAD6D6C6-0AD6-472C-87A1-5118030AE9E6}C:\program files (x86)\ipviewer\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ipviewer\jre\bin\javaw.exe FirewallRules: [UDP Query User{39E2B0CB-B562-4DCC-9AA2-13A6B71BE6BC}C:\program files (x86)\ipviewer\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ipviewer\jre\bin\javaw.exe FirewallRules: [TCP Query User{17800EC1-455E-46B0-902B-56698D463940}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe FirewallRules: [UDP Query User{B01DFD6A-5082-40F7-9B1A-33342EC128F6}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe FirewallRules: [TCP Query User{BEE08D89-68DF-40BD-86FC-543815408F84}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{1677A957-0FEE-49A9-9828-358EDDAE4B49}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{8D8B9BF5-846C-4B0D-9A55-A1FDB0C579FB}] => (Allow) LPort=135 FirewallRules: [TCP Query User{E4143F78-C44E-4327-826B-BD45D3FA287B}C:\program files (x86)\sysaidtools\sysaidrc.exe] => (Allow) C:\program files (x86)\sysaidtools\sysaidrc.exe FirewallRules: [UDP Query User{CB865E63-D54F-49C0-9697-69BE7558C47D}C:\program files (x86)\sysaidtools\sysaidrc.exe] => (Allow) C:\program files (x86)\sysaidtools\sysaidrc.exe FirewallRules: [TCP Query User{D41BF95E-A4FE-4D64-A778-FCAA89C2A5E8}C:\program files\sepsesam\bin\sesam\sbc.exe] => (Allow) C:\program files\sepsesam\bin\sesam\sbc.exe FirewallRules: [UDP Query User{FD53B80E-EE16-43F1-A218-697F94519998}C:\program files\sepsesam\bin\sesam\sbc.exe] => (Allow) C:\program files\sepsesam\bin\sesam\sbc.exe FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe FirewallRules: [{FAF8DCFB-E91C-4EA6-B076-4A44CDCE0973}] => (Allow) C:\windows\system32\hasplms.exe FirewallRules: [{5791E1D8-D897-41B6-885E-CCDA04CD294C}] => (Allow) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe FirewallRules: [{850E0BA9-1026-450C-BEF1-1600134A97AE}] => (Allow) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe FirewallRules: [{5B0844E3-1996-4001-8C79-99FC86E76E4B}] => (Allow) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe FirewallRules: [{00DC6567-DC0F-43E1-8EA3-EEEC336FC2B7}] => (Allow) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe FirewallRules: [{CD84AB69-2162-4D88-9995-5A7A463BA43F}] => (Allow) C:\windows\system32\hasplms.exe FirewallRules: [TCP Query User{F5E8F312-2880-454A-B675-B12D27F74F7D}C:\program files (x86)\ipviewer\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ipviewer\jre\bin\javaw.exe FirewallRules: [UDP Query User{B0EB9BDB-E3AF-4A16-81E7-F31EC3D544F5}C:\program files (x86)\ipviewer\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ipviewer\jre\bin\javaw.exe FirewallRules: [{CA8ED06B-1F31-47EA-B394-9711FCD3AED4}] => (Allow) LPort=9876 FirewallRules: [{B2A66580-D29A-4FBD-9421-67E65D69D4EE}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe FirewallRules: [{6C1D9175-9121-41EF-AC77-443FC6A1B7DD}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe FirewallRules: [TCP Query User{0D9EBDF7-6354-4B2F-A57D-16030183D1DB}C:\program files (x86)\ibm\client access\cwbunnav.exe] => (Allow) C:\program files (x86)\ibm\client access\cwbunnav.exe FirewallRules: [UDP Query User{950DD8B6-B2F0-4290-9A74-FE44BD11179D}C:\program files (x86)\ibm\client access\cwbunnav.exe] => (Allow) C:\program files (x86)\ibm\client access\cwbunnav.exe FirewallRules: [TCP Query User{C7741B13-DE0A-44F7-B8DA-AB17EB8121E8}C:\program files (x86)\ibm\client access\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\client access\jre\bin\javaw.exe FirewallRules: [UDP Query User{E4310DC9-F917-4755-8906-2625A48C892D}C:\program files (x86)\ibm\client access\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\ibm\client access\jre\bin\javaw.exe FirewallRules: [{88172BFB-3BF6-4F88-8E0A-525A4A3166E7}] => (Allow) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe FirewallRules: [{394280E2-1121-4BCA-A3D0-9C5FDEC97FA4}] => (Allow) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe FirewallRules: [{88AB8CD9-AA96-461A-94ED-B94A04E9F3D5}] => (Allow) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe FirewallRules: [{3CAD733A-469B-4252-A593-E3F3481BE6BA}] => (Allow) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe FirewallRules: [TCP Query User{901697EF-D90C-4973-8E83-34CD90DB8222}C:\windows\system32\qtsp_sso.exe] => (Allow) C:\windows\system32\qtsp_sso.exe FirewallRules: [UDP Query User{413071C4-B299-4947-B079-103C36AC17C1}C:\windows\system32\qtsp_sso.exe] => (Allow) C:\windows\system32\qtsp_sso.exe FirewallRules: [TCP Query User{A6A18016-4D9F-4CCB-8E86-C7D1EE86368F}C:\windows\system32\qtsp_sso.exe] => (Allow) C:\windows\system32\qtsp_sso.exe FirewallRules: [UDP Query User{10B7D496-CDD1-4CF7-B4A8-33F2894C52ED}C:\windows\system32\qtsp_sso.exe] => (Allow) C:\windows\system32\qtsp_sso.exe FirewallRules: [TCP Query User{4A915D71-F459-459B-8F77-33DDFDA14C56}C:\program files (x86)\netop\netop remote control\guest\ngstw32.exe] => (Allow) C:\program files (x86)\netop\netop remote control\guest\ngstw32.exe FirewallRules: [UDP Query User{91A3E083-67A5-4049-B51D-B7F3426E40E2}C:\program files (x86)\netop\netop remote control\guest\ngstw32.exe] => (Allow) C:\program files (x86)\netop\netop remote control\guest\ngstw32.exe FirewallRules: [TCP Query User{BD2582DE-6F9F-4722-B860-68A7A58E8086}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe FirewallRules: [UDP Query User{7761148B-8F2C-4488-BF96-5A001502DF0B}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe FirewallRules: [TCP Query User{E9E0B1EB-84F7-4E32-8E18-85BC4BE28444}C:\users\msc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\msc\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{3D05AF3A-35B4-40D1-AE7E-007A532D1F05}C:\users\msc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\msc\appdata\local\akamai\netsession_win.exe FirewallRules: [{DCA7E174-D754-4311-9B93-ACC686908576}] => (Allow) C:\Windows\Canon\ScanGearIR\SGIRTool.exe FirewallRules: [{812ADEA2-0BFB-486F-A490-CF40CF90F8ED}] => (Allow) C:\Windows\Canon\ScanGearIR\SGIRTool.exe FirewallRules: [{C503C017-2058-4C2A-8432-2B5BCCD378E5}] => (Allow) C:\Windows\Canon\ScanGearIR\SGIRTool.exe FirewallRules: [{AADE15B8-5FC2-410F-AD79-78EB72F50BCF}] => (Allow) C:\Windows\Canon\ScanGearIR\SGIRTool.exe FirewallRules: [{889C25C0-2FF8-42EF-807A-3B2DD507DE90}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe FirewallRules: [{76A1C04E-3842-4B40-97D4-8B6124F802E0}] => (Allow) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe FirewallRules: [{4144D45B-F4B2-4FC8-82DD-FC50BCD4F2DB}] => (Allow) %ProgramFiles% (x86)\MailOut Enterprise Client\MailOut_Client.exe FirewallRules: [{5306D82F-FB5C-4A15-82B5-CC46EAB0A0F8}] => (Allow) R:\Anwend\MailOut_Presse\MailOut.exe FirewallRules: [{445A035B-A980-486A-91CB-B5D4AC20DBB6}] => (Allow) R:\Anwend\MailOut\MailOut.exe FirewallRules: [TCP Query User{077B87C2-C24A-48AE-8146-0A40D16C584D}C:\windows\system32\qtsp_sso.exe] => (Allow) C:\windows\system32\qtsp_sso.exe FirewallRules: [UDP Query User{0F46F93D-AA79-4A56-BBB6-493AE85C85BA}C:\windows\system32\qtsp_sso.exe] => (Allow) C:\windows\system32\qtsp_sso.exe FirewallRules: [{49B9F9DD-F07D-42B1-8D27-73769E5EE90C}] => (Allow) LPort=500 FirewallRules: [TCP Query User{FD38C615-7990-4288-A6F7-2F504A47315F}C:\users\msc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\msc\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{71BE65E7-299C-4EB7-B4CD-8E799A1A0E37}C:\users\msc\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\msc\appdata\local\akamai\netsession_win.exe FirewallRules: [{F5DBCA69-054F-474F-B55A-244D441CA37E}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe FirewallRules: [{95D4C404-6B07-4D8A-B38D-1FD9C793351C}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe FirewallRules: [{5197EE9D-59EF-4C10-9991-7AE1ACDFF837}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe FirewallRules: [{1F12585B-D525-461B-8935-B02D8943E1A2}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Guest\ngstw32.exe FirewallRules: [{7A1C9D3E-BE76-4DE2-8024-FD7DB707056B}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Guest\ngstw32.exe FirewallRules: [{0CDB6A57-3C2B-445D-949C-702696091404}] => (Allow) C:\Program Files (x86)\Netop\Netop Remote Control\Guest\ngstw32.exe FirewallRules: [{081FC29F-09F0-42AC-868B-55A3066857AF}] => (Allow) C:\windows\CCM\RemCtrl\CmRcService.exe FirewallRules: [{CC9C2AFE-4090-4075-B089-A08ECF75F73B}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe FirewallRules: [{AB07EACE-3E08-42BB-AD65-E4635AED2DC0}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe FirewallRules: [{4F88B27D-B203-478A-BF47-7FA97570A96A}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{B7FBC62F-08A3-4B35-84E0-F57B93D0A655}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{212DF18B-838E-49FE-9A03-D7ECB39646AA}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe FirewallRules: [{5614CA8C-3A38-4764-97D0-120672B30457}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe FirewallRules: [{59930367-D67C-4608-8E0C-BAC136B38C8D}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe FirewallRules: [{68B80EAA-8208-4389-A7DC-5C98BB02E5AC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5A7F4B38-49CA-4498-99E2-5C9627BD1DBC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8CAC812E-A317-41B8-9B20-B5444F062C89}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D33CD476-D489-44E3-B7D1-CB151FB69AC6}] => (Allow) LPort=56668 FirewallRules: [{BE6894D8-DA24-4813-BDD6-1A09E439A969}] => (Allow) LPort=5000 FirewallRules: [{4E0CA2BE-3CD4-4888-847C-C031C78D3583}] => (Allow) LPort=49224 FirewallRules: [{60968F70-ABBF-41D0-8217-59C616AEF43E}] => (Allow) LPort=5000 ==================== Faulty Device Manager Devices ============= Name: HP LaserJet 400 M401dne Description: HP LaserJet 400 M401dne Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P1505n Description: HP LaserJet P1505n Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2015 Series Description: HP LaserJet P2015 Series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2015 Series Description: HP LaserJet P2015 Series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet M1536dnf MFP Description: HP LaserJet M1536dnf MFP Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet 400 M401dne Description: HP LaserJet 400 M401dne Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet 400 M401dne Description: HP LaserJet 400 M401dne Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet M1522nf MFP Description: HP LaserJet M1522nf MFP Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet M1536dnf MFP Description: HP LaserJet M1536dnf MFP Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2015 Series Description: HP LaserJet P2015 Series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet Pro MFP M225dn Description: HP LaserJet Pro MFP M225dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2015 Series Description: HP LaserJet P2015 Series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2015 Series Description: HP LaserJet P2015 Series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P1505n Description: HP LaserJet P1505n Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet 400 M401dne Description: HP LaserJet 400 M401dne Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet M1536dnf MFP Description: HP LaserJet M1536dnf MFP Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 400 M401dne Description: HP LaserJet 400 M401dne Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet M1536dnf MFP Description: HP LaserJet M1536dnf MFP Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet M1536dnf MFP Description: HP LaserJet M1536dnf MFP Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet M1536dnf MFP Description: HP LaserJet M1536dnf MFP Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet Pro MFP M225dn Description: HP LaserJet Pro MFP M225dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet M1522nf MFP Description: HP LaserJet M1522nf MFP Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet 400 M401dne Description: HP LaserJet 400 M401dne Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P1505n Description: HP LaserJet P1505n Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2015 Series Description: HP LaserJet P2015 Series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P1505n Description: HP LaserJet P1505n Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP Color LaserJet CP2025dn Description: HP Color LaserJet CP2025dn Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP Color LaserJet CP2025dn Description: HP Color LaserJet CP2025dn Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 1320 series Description: hp LaserJet 1320 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dn Description: HP Color LaserJet CP2025dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P2055dn Description: HP LaserJet P2055dn Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet P1505n Description: HP LaserJet P1505n Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: HP LaserJet Pro MFP M225dn Description: HP LaserJet Pro MFP M225dn Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2055x Description: HP LaserJet P2055x Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2015 01:30:03 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (07/21/2015 01:30:00 PM) (Source: EvntAgnt) (EventID: 2019) (User: ) Description: Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig initialisiert. Error: (07/21/2015 01:30:00 PM) (Source: EvntAgnt) (EventID: 1020) (User: ) Description: Fehler beim Verarbeiten von Registrierungsparametern. Erweiterungs-Agent wird beendet. Error: (07/21/2015 01:30:00 PM) (Source: EvntAgnt) (EventID: 2019) (User: ) Description: Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig initialisiert. Error: (07/21/2015 01:30:00 PM) (Source: EvntAgnt) (EventID: 3005) (User: ) Description: Fehler beim Setzen der Position an das Ende der Protokolldatei -- Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 21102696 angegeben. Der Rückgabecode von ReadEventLog ist 122. Error: (07/21/2015 07:48:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error: (07/21/2015 07:48:09 AM) (Source: EvntAgnt) (EventID: 2019) (User: ) Description: Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig initialisiert. Error: (07/21/2015 07:48:09 AM) (Source: EvntAgnt) (EventID: 1020) (User: ) Description: Fehler beim Verarbeiten von Registrierungsparametern. Erweiterungs-Agent wird beendet. Error: (07/21/2015 07:48:09 AM) (Source: EvntAgnt) (EventID: 2019) (User: ) Description: Erweiterungs-Agent für SNMP-Ereignisprotokoll wurde nicht richtig initialisiert. Error: (07/21/2015 07:48:09 AM) (Source: EvntAgnt) (EventID: 3005) (User: ) Description: Fehler beim Setzen der Position an das Ende der Protokolldatei -- Suche nach Protokollende ist fehlgeschlagen. Als Handle wurde 21364840 angegeben. Der Rückgabecode von ReadEventLog ist 122. System errors: ============= Error: (07/21/2015 01:41:52 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:47 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:43 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:35 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:32 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:28 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:24 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (07/21/2015 01:41:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office: ========================= Error: (07/21/2015 01:30:03 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 01:30:00 PM) (Source: EvntAgnt) (EventID: 2019) (User: ) Description: Error: (07/21/2015 01:30:00 PM) (Source: EvntAgnt) (EventID: 1020) (User: ) Description: Error: (07/21/2015 01:30:00 PM) (Source: EvntAgnt) (EventID: 2019) (User: ) Description: Error: (07/21/2015 01:30:00 PM) (Source: EvntAgnt) (EventID: 3005) (User: ) Description: 21102696122 Error: (07/21/2015 07:48:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2015 07:48:09 AM) (Source: EvntAgnt) (EventID: 2019) (User: ) Description: Error: (07/21/2015 07:48:09 AM) (Source: EvntAgnt) (EventID: 1020) (User: ) Description: Error: (07/21/2015 07:48:09 AM) (Source: EvntAgnt) (EventID: 2019) (User: ) Description: Error: (07/21/2015 07:48:09 AM) (Source: EvntAgnt) (EventID: 3005) (User: ) Description: 21364840122 CodeIntegrity Errors: =================================== Date: 2015-07-13 11:43:38.989 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-07-13 11:43:38.911 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-07-13 11:43:38.848 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-07-13 11:43:38.755 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-04-08 18:29:59.918 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-04-08 18:29:59.858 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-04-08 18:29:59.784 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-04-08 18:29:59.713 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-21 11:38:48.693 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-01-21 11:38:48.646 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentage of memory in use: 60% Total physical RAM: 8071.55 MB Available physical RAM: 3159.02 MB Total Virtual: 8269.75 MB Available Virtual: 2513.5 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:185.77 GB) (Free:45.22 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Data) (Fixed) (Total:27.73 GB) (Free:12.36 GB) NTFS Drive f: (HP_RECOVERY) (Fixed) (Total:18.16 GB) (Free:1.45 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive g: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.96 GB) FAT32 Drive h: () (Removable) (Total:3.76 GB) (Free:3.35 GB) NTFS Drive m: (DATA) (Fixed) (Total:465.76 GB) (Free:79.59 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: C96E0141) Partition 1: (Active) - (Size=306 MB) - (Type=42) Partition 2: (Not Active) - (Size=185.8 GB) - (Type=42) Partition 3: (Not Active) - (Size=52.4 GB) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F113767F) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 6265CD3E) Partition 1: (Active) - (Size=3.8 GB) - (Type=07 NTFS) ==================== End of log ============================ |
22.07.2015, 07:58 | #4 |
/// the machine /// TB-Ausbilder | http://your-home-page.net hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.07.2015, 08:41 | #5 |
| http://your-home-page.net Hi schrauber, hier ist das Combofixlogfile. Code:
ATTFilter ComboFix 15-07-20.01 - michael.schmaus 22.07.2015 9:30.5.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8072.3220 [GMT 2:00] ausgeführt von:: c:\users\MSC\Desktop\ComboFix.exe AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109} SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\MSC\AppData\Local\assembly\tmp . . ((((((((((((((((((((((( Dateien erstellt von 2015-06-22 bis 2015-07-22 )))))))))))))))))))))))))))))) . . 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\sysaidinternal\AppData\Local\temp 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\Public\AppData\Local\temp 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\postgres\AppData\Local\temp 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\michael.schmaus\AppData\Local\temp 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\chris.oleszczuk\AppData\Local\temp 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2015-07-22 07:36 . 2015-07-22 07:36 -------- d-----w- c:\users\Admin\AppData\Local\temp 2015-07-22 07:29 . 2015-07-22 07:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D8224C7-18CB-46BC-9417-E4042D866829}\offreg.4364.dll 2015-07-21 11:39 . 2015-07-21 11:42 -------- d-----w- C:\FRST 2015-07-21 10:53 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll 2015-07-21 10:53 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-07-21 10:53 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-07-21 10:53 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-07-21 10:53 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-07-21 10:53 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-07-21 10:53 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-07-21 10:53 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-07-21 10:53 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-07-21 10:53 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-07-20 14:42 . 2015-07-20 14:42 -------- d-----w- c:\users\MSC\AppData\Local\CEF 2015-07-20 11:21 . 2015-07-20 11:21 -------- d-----w- c:\programdata\VIPRE 2015-07-20 11:21 . 2015-07-20 11:21 -------- d-----w- c:\program files\Common Files\AV 2015-07-20 11:12 . 2015-07-21 13:26 -------- d-----w- c:\programdata\STOPzilla! 2015-07-20 11:12 . 2015-07-20 11:12 -------- d-----w- c:\program files (x86)\iS3 2015-07-20 10:41 . 2015-07-20 11:00 -------- d-----w- c:\programdata\{cd5b4ee3-71a9-ecd7-cd5b-b4ee371a3b8d} 2015-07-20 08:44 . 2013-08-02 07:25 596256 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp155.dll 2015-07-17 11:11 . 2015-07-17 11:11 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-07-17 11:05 . 2015-07-17 11:05 0 ----a-w- c:\windows\SysWow64\REN26F6.tmp 2015-07-15 08:24 . 2015-06-23 23:22 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D8224C7-18CB-46BC-9417-E4042D866829}\mpengine.dll 2015-07-15 08:21 . 2015-03-29 22:47 83624 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 08:21 . 2015-03-29 22:43 89264 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 08:09 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2015-07-14 12:54 . 2015-07-14 12:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2015-07-14 11:47 . 2015-07-14 11:47 -------- d-----w- C:\RegBackup 2015-07-13 12:08 . 2015-07-13 12:08 -------- d-----w- c:\programdata\Samsung Apps 2015-07-07 06:55 . 2015-07-07 06:55 -------- d-----w- c:\users\MSC\AppData\Roaming\SysAid 2015-07-01 09:22 . 2015-07-01 09:22 -------- d-----w- c:\program files\iPod 2015-07-01 09:22 . 2015-07-01 09:22 -------- d-----w- c:\program files (x86)\iTunes 2015-07-01 09:22 . 2015-07-01 09:22 -------- d-----w- c:\program files\iTunes 2015-06-30 06:24 . 2015-07-20 09:05 -------- d-----w- c:\users\adminde 2015-06-27 10:29 . 2015-06-27 10:29 -------- d-s---w- c:\windows\system32\GWX 2015-06-27 10:29 . 2015-06-27 10:29 -------- d-s---w- c:\windows\SysWow64\GWX . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-20 15:25 . 2015-05-20 08:23 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-07-17 10:45 . 2015-01-26 11:24 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2015-07-15 09:21 . 2013-11-20 17:31 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-07-15 09:21 . 2013-04-13 23:38 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-07-03 06:43 . 2013-07-25 15:35 130333168 ----a-w- c:\windows\system32\MRT.exe 2015-07-01 12:25 . 2014-11-14 11:14 167632 ----a-w- c:\windows\SysWow64\WRusr.dll 2015-07-01 12:25 . 2014-11-14 11:14 117728 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2015-07-01 12:25 . 2014-11-14 11:14 105320 ----a-w- c:\windows\system32\WRusr.dll 2015-06-23 11:30 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe 2015-06-10 21:08 . 2015-06-10 21:08 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll 2015-06-10 21:08 . 2015-06-10 21:08 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2015-05-27 16:52 . 2015-05-27 16:52 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys 2015-05-27 16:52 . 2015-05-27 16:52 943712 ----a-w- c:\windows\system32\drivers\timntr.sys 2015-05-27 16:52 . 2015-05-27 16:52 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys 2015-05-27 16:51 . 2015-05-27 14:49 277088 ----a-w- c:\windows\system32\drivers\snapman.sys 2015-05-27 14:49 . 2015-05-27 14:49 1477728 ----a-w- c:\windows\system32\drivers\tdrpm258.sys 2015-05-25 18:01 . 2015-06-27 10:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-05-01 13:17 . 2015-05-13 08:18 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-01 13:16 . 2015-05-13 08:18 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-04-29 18:22 . 2015-06-11 16:12 14635008 ----a-w- c:\windows\system32\wmp.dll 2015-04-29 18:21 . 2015-06-11 16:12 5120 ----a-w- c:\windows\system32\msdxm.ocx 2015-04-29 18:21 . 2015-06-11 16:12 5120 ----a-w- c:\windows\system32\dxmasf.dll 2015-04-29 18:21 . 2015-06-11 16:12 9728 ----a-w- c:\windows\system32\spwmp.dll 2015-04-29 18:19 . 2015-06-11 16:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2015-04-29 18:07 . 2015-06-11 16:12 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx 2015-04-29 18:07 . 2015-06-11 16:12 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll 2015-04-29 18:07 . 2015-06-11 16:12 8192 ----a-w- c:\windows\SysWow64\spwmp.dll 2015-04-29 18:05 . 2015-06-11 16:12 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2015-04-24 18:17 . 2015-06-11 16:12 633856 ----a-w- c:\windows\system32\comctl32.dll 2015-04-24 17:56 . 2015-06-11 16:12 530432 ----a-w- c:\windows\SysWow64\comctl32.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-02-20 6161176] "CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2014-02-20 6161176] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-03-18 720064] "Akamai NetSession Interface"="c:\users\MSC\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-07-03 56128] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-10-24 292088] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-06-26 41360] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-06-26 840592] "Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2010-01-15 14336] "QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2014-02-10 336672] "LyncAddin"="c:\program files (x86)\Avaya\Avaya Microsoft Lync Integration\LyncAddin.exe" [2012-11-09 1933824] "Check Point VPN"="c:\program files (x86)\CheckPoint\Endpoint Connect\TrGui.exe" [2013-12-04 826832] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2014-04-09 185144] "MultiScreen"="" [BU] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2015-03-28 12118840] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "WRSVC"="c:\program files (x86)\Webroot\WRSA.exe" [2015-07-01 823720] "YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2012-10-24 168464] "YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2012-10-24 139792] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-01-28 5145824] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896] . c:\users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DIALit.lnk - c:\program files (x86)\CTI\DIALit-Client\Dialit32.exe [2014-6-2 10260992] MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-8-6 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2014-3-6 1396440] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "consentpromptbehavioradmin"= 0 (0x0) "enableinstallerdetection"= 0 (0x0) "enablesecureuiapaths"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogOff"= 1 (0x1) "TaskbarNoNotification"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R2 WRSVC;WRSVC;c:\program files (x86)\Webroot\WRSA.exe;c:\program files (x86)\Webroot\WRSA.exe [x] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x] R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x] R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;DATEV Schnittstellensystem pro V0300;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x] R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn;DATEV Schnittstellensystem pro V0400;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x] R3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys;c:\windows\SYSNATIVE\DRIVERS\HPMo4DE3.sys [x] R3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys;c:\windows\SYSNATIVE\Drivers\HPub4DE3.sys [x] R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x] R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 sehutn;UTN bus;c:\windows\system32\DRIVERS\sehutn.sys;c:\windows\SYSNATIVE\DRIVERS\sehutn.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x] R4 AdtAgent;Überwachungsweiterleitung von Microsoft Monitoring Agent;c:\windows\system32\AdtAgent.exe;c:\windows\SYSNATIVE\AdtAgent.exe [x] R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x] R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe;c:\windows\SYSNATIVE\PuranDefragS.exe [x] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x] R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0153.sys [x] R4 SQLAgent$HPWJA;SQL Server Agent (HPWJA);c:\program files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [x] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] R4 System Center Management APM;Microsoft Monitoring Agent-APM;c:\program files\Microsoft System Center 2012 R2\Service Manager\APMDOTNETAgent\InterceptSvc.exe;c:\program files\Microsoft System Center 2012 R2\Service Manager\APMDOTNETAgent\InterceptSvc.exe [x] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;c:\windows\system32\DRIVERS\SamsungRapidDiskFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidDiskFltr.sys [x] S0 SamsungRapidFSFltr;SamsungRapidFSFltr;c:\windows\system32\DRIVERS\SamsungRapidFSFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidFSFltr.sys [x] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x] S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x] S1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\DRIVERS\uim_devim.sys;c:\windows\SYSNATIVE\DRIVERS\uim_devim.sys [x] S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 CmRcService;Configuration Manager-Remotesteuerung;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 gfi_lanss11_attservice;GFI LanGuard 11 Attendant Service;c:\program files (x86)\PatchManagementInstallation\Agent\lnssatt.exe;c:\program files (x86)\PatchManagementInstallation\Agent\lnssatt.exe [x] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x] S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x] S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x] S2 MSSQL$ACRONIS;SQL Server (ACRONIS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] S2 MSSQL$HPWJA;SQL Server (HPWJA);c:\program files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [x] S2 NetOp Host for NT Service;NetOp Helper ver. 9.52 (2010305);c:\program files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE;c:\program files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE [x] S2 SamsungRapidSvc;Samsung RAPID Mode Service;c:\windows\system32\RAPID\SamsungRapidSvc.exe;c:\windows\SYSNATIVE\RAPID\SamsungRapidSvc.exe [x] S2 sm_main;SEP Sesam;c:\program files\SEPsesam\bin\sesam\sm_main.exe;c:\program files\SEPsesam\bin\sesam\sm_main.exe [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\Teamviewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\Teamviewer\Version8\TeamViewer_Service.exe [x] S2 TracSrvWrapper;Check Point Endpoint Security VPN;c:\program files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe;c:\program files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x] S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink Webcam Sharing Manager;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 dwVSCD;NetOp Virtual Smart Card Driver;c:\windows\system32\DRIVERS\dwvscd.sys;c:\windows\SYSNATIVE\DRIVERS\dwvscd.sys [x] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x] S3 h36wgps;HP Mobile Broadband Module NMEA;c:\windows\system32\DRIVERS\h36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\h36wgps64.sys [x] S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 Mbm3CBus;HP hs2350 HSPA+ Mobile Broadband Module USB Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x] S3 Mbm3DevMt;HP Mobile Broadband Module Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x] S3 Mbm3mdfl;HP Mobile Broadband Module Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x] S3 Mbm3Mdm;HP Mobile Broadband Module Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys;c:\windows\SYSNATIVE\drivers\psxdrv.sys [x] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x] S3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys;c:\windows\SYSNATIVE\DRIVERS\vnaap.sys [x] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [BU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-07-15 07:31 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2015-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-13 09:21] . 2015-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14 12:20] . 2015-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14 12:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Seagull Drivers"="ssdal_nc.exe startup" [X] "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2014-07-25 8641536] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-07-03 1664000] "qtsp_sso"="c:\windows\system32\qtsp_sso.exe" [2012-12-21 1171968] "HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232] "MultiScreen"="" [BU] "SamsungRapidApp"="c:\program files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe" [2014-09-16 281776] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-01-28 358944] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-06-29 170280] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Die markierte Nummer mit CTI anwählen - file://c:\program files (x86)\CTI\DIALit-Client\dialscript.htm Trusted Zone: demtsr007 Trusted Zone: ets-production5 Trusted Zone: eurotax.com\compare Trusted Zone: odetteca.com\www Trusted Zone: salesforce.com\emea TCP: DhcpNameServer = 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 TCP: Interfaces\{A51701BB-A804-4E1B-8457-21AFA11167D2}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FF - ProfilePath - c:\users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\103qzzmr.default-1436867989260\ . . ------- Dateityp-Verknüpfung ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Toolbar-Locked - (no file) AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @DACL=(02 0013) @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] @DACL=(02 0012) "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @DACL=(02 0012) @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @DACL=(02 0012) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @DACL=(02 0011) @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] @DACL=(02 0011) "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @DACL=(02 0011) @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @DACL=(02 0011) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DACL=(02 0011) @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.mfp] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.spl] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.swf] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{31CAF6E4-D6AA-4090-A050-A5AC8972E9EF}] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @DACL=(02 0011) @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @DACL=(02 0011) @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1] @DACL=(02 0011) @="131473" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @DACL=(02 0011) @="ShockwaveFlash.ShockwaveFlash.18" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @DACL=(02 0011) @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @DACL=(02 0011) @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @DACL=(02 0011) @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @DACL=(02 0011) @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DACL=(02 0011) @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @DACL=(02 0011) @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @DACL=(02 0011) @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable] @DACL=(02 0011) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @DACL=(02 0011) @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @DACL=(02 0011) @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @DACL=(02 0011) @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @DACL=(02 0011) @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*] "v5Licence0"="15-CNTT-FCAV-PCMW-RR5U-3RDQ-2BENZUW" "Activated"="N" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . Zeit der Fertigstellung: 2015-07-22 09:39:05 ComboFix-quarantined-files.txt 2015-07-22 07:39 ComboFix2.txt 2015-07-13 09:47 ComboFix3.txt 2015-04-08 16:35 ComboFix4.txt 2015-01-21 10:48 . Vor Suchlauf: 44 Verzeichnis(se), 49.353.809.920 Bytes frei Nach Suchlauf: 46 Verzeichnis(se), 48.325.853.184 Bytes frei . - - End Of File - - A0C708E8AA079F3836478D08A9745EEE Gruß, Ontop144 |
23.07.2015, 05:41 | #6 |
/// the machine /// TB-Ausbilder | http://your-home-page.net Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> http://your-home-page.net |
23.07.2015, 14:52 | #7 |
| http://your-home-page.net So, jetzt habe ich die Logfiles. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.4.7 (07.13.2015:1) OS: Windows 7 Ultimate x64 Ran by michael.schmaus on 23.07.2015 at 15:40:55,39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\REN26F6.tmp ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] C:\Users\MSC\AppData\Roaming\mozilla\firefox\profiles\103qzzmr.default-1436867989260\extensions\toolbar@gmx.net Successfully deleted the following from C:\Users\MSC\AppData\Roaming\mozilla\firefox\profiles\103qzzmr.default-1436867989260\prefs.js user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true); Emptied folder: C:\Users\MSC\AppData\Roaming\mozilla\firefox\profiles\103qzzmr.default-1436867989260\minidumps [1 files] ~~~ Chrome [C:\Users\MSC\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\MSC\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\MSC\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\MSC\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.07.2015 at 15:46:01,04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 23/07/2015 um 15:38:38 # Aktualisiert 09/07/2015 von Xplode # Datenbank : 2015-07-15.1 [Server] # Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64) # Benutzername : michael.schmaus - NB1140 # Gestarted von : C:\Users\MSC\Desktop\adwcleaner_4.208.exe # Option : Suchlauf ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gefunden : C:\ProgramData\{cd5b4ee3-71a9-ecd7-cd5b-b4ee371a3b8d} ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local> Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} ***** [ Internetbrowser ] ***** -\\ Internet Explorer v10.0.9200.17410 -\\ Mozilla Firefox v39.0 (x86 de) -\\ Google Chrome v43.0.2357.134 ************************* AdwCleaner[R12].txt - [2343 Bytes] - [21/10/2014 07:54:38] AdwCleaner[R15].txt - [6687 Bytes] - [20/05/2015 10:08:43] AdwCleaner[R16].txt - [1301 Bytes] - [20/05/2015 10:15:01] AdwCleaner[R18].txt - [1538 Bytes] - [14/07/2015 08:11:48] AdwCleaner[R19].txt - [1442 Bytes] - [14/07/2015 13:36:28] AdwCleaner[R1].txt - [1225 Bytes] - [14/10/2013 12:14:30] AdwCleaner[R20].txt - [1878 Bytes] - [23/07/2015 15:38:38] AdwCleaner[S10].txt - [6927 Bytes] - [20/05/2015 10:12:02] AdwCleaner[S12].txt - [1598 Bytes] - [14/07/2015 08:26:46] AdwCleaner[S1].txt - [1286 Bytes] - [14/10/2013 13:21:09] AdwCleaner[S7].txt - [2346 Bytes] - [21/10/2014 07:55:43] ########## EOF - C:\AdwCleaner\AdwCleaner[R20].txt - [2176 Bytes] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.07.2015 Suchlauf-Zeit: 15:13:33 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.07.23.02 Rootkit Datenbank: v2015.07.22.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: michael.schmaus Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 747005 Verstrichene Zeit: 10 Min, 42 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by michael.schmaus (administrator) on NB1140 on 23-07-2015 15:51:31 Running from H:\ Loaded Profiles: michael.schmaus (Available Profiles: Admin & postgres & sysaidinternal & AdminDE & Chris.Oleszczuk & michael.schmaus & michael.schmaus & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_x64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (Microsoft Corporation) C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\cmrcservice.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe (Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-07-25] (Broadcom Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-07-03] (IDT, Inc.) HKLM\...\Run: [qtsp_sso] => C:\windows\system32\qtsp_sso.exe [1171968 2012-12-21] (Avaya Inc.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MultiScreen] => [X] HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358944 2011-01-28] (Acronis) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-08-01] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-07-03] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-10-24] (Intel Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14336 2010-01-15] (IBM Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company) HKLM-x32\...\Run: [LyncAddin] => C:\Program Files (x86)\Avaya\Avaya Microsoft Lync Integration\LyncAddin.exe [1933824 2012-11-09] (Microsoft) HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe [826832 2013-12-04] (Check Point Software Technologies) HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [MultiScreen] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [823720 2015-07-01] (Webroot) HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [168464 2012-10-25] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [139792 2012-10-25] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5145824 2011-01-28] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [Akamai NetSession Interface] => C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-03-11] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-10-18] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIALit.lnk [2014-11-05] ShortcutTarget: DIALit.lnk -> C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (ek-soft GmbH) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-06] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIALit.lnk [2014-11-05] ShortcutTarget: DIALit.lnk -> C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (ek-soft GmbH) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-06] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) GroupPolicyScripts: Group Policy detected <======= ATTENTION GroupPolicyScripts\User: Group Policy detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Microsoft Web Recorder Helper -> {06D7D698-1ECD-407F-A1C9-EFA54860490A} -> C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Console\Microsoft.Mom.RecorderBarBHO.dll [2013-09-06] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1383306434877 Tcpip\Parameters: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{80710E33-1517-4612-A89E-CDD41C5A0DD9}: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{A51701BB-A804-4E1B-8457-21AFA11167D2}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\103qzzmr.default-1436867989260 FF SearchEngineOrder.2: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-24] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\MSC\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC) FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-30] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-18] FF HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Firefox\Extensions: [firefoxaddon@ek-soft.de] - C:\Program Files (x86)\CTI\DIALit-Client\Firefox FF Extension: ek-soft CTI Add ON - C:\Program Files (x86)\CTI\DIALit-Client\Firefox [2014-06-16] FF HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14] CHR Extension: (Google Drive) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-14] CHR Extension: (YouTube) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-14] CHR Extension: (GMX MailCheck) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-07-14] CHR Extension: (Google Search) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14] CHR Extension: (Google Wallet) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-14] CHR Extension: (Gmail) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdtAgent; C:\Windows\system32\AdtAgent.exe [410808 2013-09-06] (Microsoft Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation) R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577712 2014-05-29] (Microsoft Corporation) S3 Cwbrxd; C:\windows\cwbrxd.exe [94208 2010-01-15] (IBM Corporation) [File not signed] S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [File not signed] S2 gfi_lanss11_attservice; C:\Program Files (x86)\PatchManagementInstallation\Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-14] (SurfRight B.V.) S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard) S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-10-09] (Intel Corporation) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-24] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-24] (Intel Corporation) R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.) S2 MSSQL$ACRONIS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed] S2 NetOp Host for NT Service; C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE [1516568 2010-11-01] (Netop Business Solutions A/S) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed] S4 PuranDefrag; C:\windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed] S2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation) S2 sm_main; C:\Program Files\SEPsesam\bin\sesam\sm_main.exe [362696 2015-03-10] (SEP AG) R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation) S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation) S3 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-07-03] (IDT, Inc.) [File not signed] S2 SysAidAgent; C:\Program Files\SysAid\SysAidSM.exe [23192 2015-04-01] (SysAid Technology Ltd.) S4 System Center Management APM; C:\Program Files\Microsoft System Center 2012 R2\Service Manager\APMDOTNETAgent\InterceptSvc.exe [626872 2013-09-06] (Microsoft Corp.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [File not signed] R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [4880512 2013-12-04] (Check Point Software Technologies) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-07-25] (Broadcom Corporation) [File not signed] R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [823720 2015-07-01] (Webroot) S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X] S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-07-14] (Broadcom Corporation.) S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R3 dwVSCD; C:\Windows\System32\DRIVERS\dwvscd.sys [11904 2010-11-01] (Danware Data A/S) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-02] (Ericsson AB) R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2014-05-19] (Paragon Software Group) S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.) S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.) R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation) R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation) R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-14] (Microsoft Corporation) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) S3 sehutn; C:\Windows\System32\DRIVERS\sehutn.sys [49328 2013-10-08] (SEH Computertechnik GmbH) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-09] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-09] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-09] () R3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2012-09-20] (Check Point Software Technologies) R1 vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456952 2013-12-04] (Check Point Software Technologies Ltd.) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-07-01] (Webroot) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-25] (Ericsson AB) S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U0 dmboot; No ImagePath U0 SR; No ImagePath U2 srservice; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-23 15:46 - 2015-07-23 15:46 - 00001617 _____ C:\Users\MSC\Desktop\JRT.txt 2015-07-23 15:34 - 2015-07-23 15:36 - 00001210 _____ C:\mbam.txt 2015-07-23 14:04 - 2015-07-23 14:07 - 00018662 _____ C:\autoreply.txt 2015-07-23 08:50 - 2015-07-23 10:00 - 00011775 _____ C:\Windows\WindowsUpdate.log 2015-07-22 19:23 - 2015-07-22 19:23 - 00000000 ____D C:\Scripts 2015-07-22 18:52 - 2015-07-22 18:52 - 00000000 ____D C:\Users\MSC\AppData\Local\NuGet 2015-07-22 17:13 - 2015-07-22 17:13 - 00000000 ____D C:\Users\MSC\AppData\Roaming\NuGet 2015-07-22 17:12 - 2015-07-22 17:12 - 00000000 ____D C:\Users\MSC\AppData\Local\PackageManagement 2015-07-22 17:12 - 2015-07-22 17:12 - 00000000 ____D C:\Program Files\PackageManagement 2015-07-22 16:57 - 2015-07-22 16:57 - 00000000 ____D C:\Windows\SysWOW64\Configuration 2015-07-22 16:55 - 2015-04-23 05:13 - 02172928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-07-22 16:55 - 2015-04-23 05:13 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Register-CimProvider.exe 2015-07-22 16:55 - 2015-04-23 05:12 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-07-22 16:55 - 2015-04-23 05:12 - 00139264 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\DscCoreConfProv.dll 2015-07-22 16:55 - 2015-04-23 05:12 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidcom.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe 2015-07-22 16:55 - 2015-04-23 05:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prvdmofcomp.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe 2015-07-22 16:55 - 2015-04-23 05:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll 2015-07-22 16:55 - 2015-04-23 05:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll 2015-07-22 16:55 - 2015-04-23 05:09 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00535552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmGCDeps.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe 2015-07-22 16:55 - 2015-04-23 05:08 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2015-07-22 16:55 - 2015-04-23 05:08 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00201216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-07-22 16:55 - 2015-04-23 05:06 - 00384512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn2.dll 2015-07-22 16:55 - 2015-04-23 05:05 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimofcodec.dll 2015-07-22 16:55 - 2015-04-23 05:05 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mibincodec.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll 2015-07-22 16:55 - 2015-04-23 03:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\DscTimer.dll 2015-07-22 16:55 - 2015-04-23 03:55 - 02613760 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-07-22 16:55 - 2015-04-23 03:55 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\DscProxy.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\mpeval.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\wmidcom.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe 2015-07-22 16:55 - 2015-04-23 03:53 - 00196096 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DscCoreConfProv.dll 2015-07-22 16:55 - 2015-04-23 03:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\prvdmofcomp.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe 2015-07-22 16:55 - 2015-04-23 03:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe 2015-07-22 16:55 - 2015-04-23 03:51 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\WsmGCDeps.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\mi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\PSModuleDiscoveryProvider.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll 2015-07-22 16:55 - 2015-04-23 03:47 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn2.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\mpunits.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\mimofcodec.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\mibincodec.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll 2015-07-22 10:34 - 2015-07-22 10:34 - 00000000 ____D C:\LocalDumps 2015-07-22 09:39 - 2015-07-22 09:39 - 00039270 _____ C:\ComboFix.txt 2015-07-21 13:39 - 2015-07-23 15:51 - 00000000 ____D C:\FRST 2015-07-21 12:54 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-21 12:54 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-21 12:54 - 2015-07-02 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-21 12:54 - 2015-07-02 20:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-21 12:54 - 2015-06-29 15:30 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-21 12:54 - 2015-06-29 15:27 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-21 12:54 - 2015-06-17 15:28 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-21 12:54 - 2015-06-17 15:26 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-21 12:54 - 2015-06-17 15:26 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-21 12:54 - 2015-06-11 20:03 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-21 12:54 - 2015-06-11 19:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-21 12:54 - 2015-06-11 19:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-07-21 12:54 - 2015-06-11 19:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-07-21 12:53 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-21 12:53 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-21 12:53 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-21 12:53 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-20 16:42 - 2015-07-20 16:42 - 00000000 ____D C:\Users\MSC\AppData\Local\CEF 2015-07-20 13:21 - 2015-07-20 13:21 - 00000000 ____D C:\ProgramData\VIPRE 2015-07-20 13:21 - 2015-07-20 13:21 - 00000000 ____D C:\Program Files\Common Files\AV 2015-07-20 13:12 - 2015-07-21 15:26 - 00000000 ____D C:\ProgramData\STOPzilla! 2015-07-20 13:12 - 2015-07-20 13:12 - 00000000 ____D C:\Program Files (x86)\iS3 2015-07-20 12:41 - 2015-07-20 13:00 - 00000000 ____D C:\ProgramData\{cd5b4ee3-71a9-ecd7-cd5b-b4ee371a3b8d} 2015-07-16 09:31 - 2015-07-16 09:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-15 10:21 - 2015-03-30 00:47 - 00083624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 10:21 - 2015-03-30 00:43 - 00089264 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 10:10 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-07-15 10:10 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-15 10:10 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-15 10:10 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-15 10:10 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-07-15 10:09 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-07-15 09:26 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 09:26 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 09:26 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 09:26 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-15 09:26 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-07-15 09:26 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-07-15 09:26 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-07-15 09:26 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-07-15 09:26 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-07-15 09:26 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-07-15 09:26 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-07-15 09:26 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-07-15 09:26 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-07-15 09:26 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-07-15 09:26 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-07-15 09:26 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 09:26 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 09:26 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 09:26 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-15 09:26 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 09:26 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 09:26 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-15 09:26 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-15 09:26 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 09:26 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 09:26 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 09:26 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-15 09:26 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 09:26 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-15 09:26 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-07-15 09:26 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-07-15 09:26 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-07-15 09:26 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-07-15 09:26 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-15 09:26 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-14 14:54 - 2015-07-14 14:54 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-14 14:54 - 2015-07-14 14:54 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-07-14 14:54 - 2015-07-14 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-14 14:21 - 2015-07-15 09:33 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-14 14:21 - 2015-07-14 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-14 14:20 - 2015-07-23 15:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-14 14:20 - 2015-07-23 09:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-14 14:20 - 2015-07-16 09:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-14 14:20 - 2015-07-16 09:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-14 13:47 - 2015-07-14 13:47 - 00000207 _____ C:\Windows\tweaking.com-regbackup-NB1140-Windows-7-Ultimate-(64-bit).dat 2015-07-14 13:47 - 2015-07-14 13:47 - 00000000 ____D C:\RegBackup 2015-07-14 13:43 - 2015-07-14 13:43 - 03034266 _____ (Malwarebytes Corporation) C:\Users\MSC\Desktop\JRT.exe 2015-07-14 11:59 - 2015-07-14 11:59 - 00000000 ____D C:\Users\MSC\Desktop\Alte Firefox-Daten 2015-07-14 10:47 - 2015-07-20 13:00 - 00000410 _____ C:\Windows\system32\.crusader 2015-07-14 10:40 - 2015-07-14 10:40 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2015-07-14 10:40 - 2015-07-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-07-13 18:01 - 2015-07-13 18:01 - 00002018 _____ C:\Users\MSC\Documents\Silverlieght in allen Browsern aktivieren.txt 2015-07-13 14:17 - 2015-07-14 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-13 14:08 - 2015-07-13 14:08 - 00003122 _____ C:\Windows\System32\Tasks\Samsung_PSSD_Registration 2015-07-13 11:30 - 2015-07-13 11:29 - 02248704 _____ C:\Users\MSC\Desktop\adwcleaner_4.208.exe 2015-07-13 11:09 - 2015-04-08 18:32 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-07-07 08:55 - 2015-07-07 08:55 - 00000000 ____D C:\Users\MSC\AppData\Roaming\SysAid 2015-07-03 09:33 - 2015-07-23 15:38 - 00005591 _____ C:\Users\MSC\Documents\ETG-Server.rdg 2015-07-02 13:41 - 2011-08-04 00:48 - 120893960 _____ (Oracle ) C:\Users\MSC\Downloads\SmartView.exe 2015-07-02 08:50 - 2015-07-02 08:50 - 00001088 _____ C:\Users\MSC\Documents\WER_Debug.reg 2015-07-02 08:44 - 2015-07-16 10:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-07-02 08:44 - 2015-07-02 08:44 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-07-01 11:23 - 2015-07-01 11:23 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-07-01 11:23 - 2015-07-01 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files\iTunes 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files\iPod 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-06-30 08:26 - 2015-06-30 14:21 - 00002234 ____H C:\Users\adminde\Documents\Default.rdp 2015-06-30 08:26 - 2015-06-30 08:26 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Intel Corporation 2015-06-30 08:25 - 2015-06-30 14:19 - 00000000 ____D C:\Users\adminde\Tracing 2015-06-30 08:25 - 2015-06-30 08:25 - 00124488 _____ C:\Users\adminde\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\Documents\IBM 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\Documents\Bluetooth Exchange Folder 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Synaptics 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\ICAClient 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\IBM 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\hpqLog 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Hewlett-Packard 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Avaya 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Apple Computer 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Packages 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Hewlett-Packard_Developme 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Citrix 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Broadcom 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Adobe 2015-06-30 08:24 - 2015-07-20 11:05 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0B921448-3CB6-4172-AC13-1384D54539F1} 2015-06-30 08:24 - 2015-07-20 11:05 - 00001200 __RSH C:\Users\adminde\ntuser.pol 2015-06-30 08:24 - 2015-07-20 11:05 - 00000000 ____D C:\Users\adminde 2015-06-30 08:24 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Adobe 2015-06-30 08:24 - 2015-06-30 08:24 - 00001425 _____ C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Vorlagen 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Startmenü 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Netzwerkumgebung 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Lokale Einstellungen 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Eigene Dateien 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Druckumgebung 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Documents\Eigene Musik 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Documents\Eigene Bilder 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Local\Verlauf 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Local\Anwendungsdaten 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Anwendungsdaten 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 ____D C:\Users\adminde\AppData\Local\Google 2015-06-30 08:24 - 2013-09-12 15:58 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Macromedia 2015-06-30 08:24 - 2013-07-20 07:02 - 00000000 ____D C:\Users\adminde\AppData\Local\Microsoft Help 2015-06-30 08:24 - 2013-04-14 01:33 - 00000000 ___HD C:\Users\adminde\Documents\hp.system.package.metadata 2015-06-30 08:24 - 2011-02-11 07:19 - 00000020 ___SH C:\Users\adminde\ntuser.ini 2015-06-30 08:24 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-30 08:24 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ___SD C:\Windows\system32\GWX 2015-06-27 12:27 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-27 12:27 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-27 12:27 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-27 12:27 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-27 12:27 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-27 12:27 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-27 12:27 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-27 12:27 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-27 12:27 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-27 12:27 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-27 12:27 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-27 12:27 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-27 12:27 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-23 15:47 - 2013-07-05 11:11 - 00000580 _____ C:\Windows\SMSCFG.ini 2015-07-23 15:44 - 2013-07-03 12:02 - 00002072 _____ C:\Windows\system32\config\netlogon.ftl 2015-07-23 15:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv 2015-07-23 15:40 - 2014-11-14 13:14 - 00000000 ____D C:\ProgramData\WRData 2015-07-23 15:39 - 2013-10-14 12:14 - 00000000 ____D C:\AdwCleaner 2015-07-23 15:37 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\CrashDumps 2015-07-23 15:37 - 2012-02-09 16:30 - 00000000 ____D C:\Users\MSC\Documents\Outlook-Dateien 2015-07-23 15:21 - 2013-04-14 01:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-23 15:13 - 2015-05-20 10:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-23 14:53 - 2012-02-09 16:12 - 00000000 ____D C:\Users\MSC\Documents\WindowsPowershell 2015-07-23 13:38 - 2009-07-14 06:45 - 00042336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-23 13:38 - 2009-07-14 06:45 - 00042336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-23 10:25 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-07-23 09:59 - 2013-07-03 14:11 - 00026804 __RSH C:\ProgramData\ntuser.pol 2015-07-23 09:15 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Deployment 2015-07-23 08:56 - 2012-02-09 12:10 - 00000000 ____D C:\Users\MSC\Documents\DIALIT 2015-07-23 08:52 - 2013-04-13 22:35 - 00993636 _____ C:\Windows\system32\perfh007.dat 2015-07-23 08:52 - 2013-04-13 22:35 - 00255424 _____ C:\Windows\system32\perfc007.dat 2015-07-23 08:52 - 2009-07-14 07:13 - 02420374 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-23 08:49 - 2014-01-31 10:49 - 00000000 ____D C:\Users\MSC\Tracing 2015-07-23 08:48 - 2015-05-29 10:52 - 00000782 _____ C:\Users\Public\Desktop\SysAid.lnk 2015-07-23 08:48 - 2015-05-29 10:52 - 00000000 ____D C:\Program Files\SysAid 2015-07-23 08:48 - 2014-08-15 14:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-07-23 08:48 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-22 18:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Windows\system32\dsc 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Windows\system32\Configuration 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Program Files\WindowsPowerShell 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Program Files (x86)\WindowsPowerShell 2015-07-22 16:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-22 09:39 - 2013-11-15 10:41 - 00000000 ____D C:\Qoobox 2015-07-22 09:39 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Apps\2.0 2015-07-22 09:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-07-22 09:28 - 2013-11-15 10:38 - 05632853 ____R (Swearware) C:\Users\MSC\Desktop\ComboFix.exe 2015-07-21 13:34 - 2011-02-11 07:14 - 00000000 ____D C:\Windows\Panther 2015-07-21 13:29 - 2009-07-14 06:45 - 00529888 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-21 07:47 - 2013-06-21 00:13 - 00000000 ____D C:\Windows\Hewlett-Packard 2015-07-20 16:03 - 2013-10-14 12:11 - 00000000 ____D C:\Program Files\HitmanPro 2015-07-20 15:45 - 2013-07-30 18:13 - 00000600 _____ C:\Users\MSC\AppData\Roaming\winscp.rnd 2015-07-20 15:45 - 2013-07-30 18:07 - 00000600 _____ C:\Users\MSC\AppData\Local\PUTTY.RND 2015-07-20 11:28 - 2013-07-30 12:45 - 00000000 ____D C:\Users\MSC 2015-07-20 11:11 - 2013-08-01 12:49 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{02EBB676-2F51-4EB5-BF5C-EFF12763F7AF} 2015-07-20 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool 2015-07-17 13:06 - 2015-01-26 13:24 - 00000000 ____D C:\Program Files\Java 2015-07-17 12:45 - 2015-01-26 13:24 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-07-17 10:28 - 2012-02-09 16:30 - 00000000 ____D C:\Users\MSC\IPViewer 2015-07-17 08:19 - 2013-07-30 12:05 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 2015-07-17 08:08 - 2013-08-02 09:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-07-15 11:21 - 2013-11-20 19:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-15 11:21 - 2013-04-14 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-15 11:21 - 2013-04-14 01:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-15 10:50 - 2014-12-10 19:58 - 00000000 ____D C:\Windows\system32\appraiser 2015-07-15 10:50 - 2014-05-05 09:18 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-15 10:26 - 2013-04-14 01:02 - 02394654 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-07-15 10:23 - 2013-07-19 13:08 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-15 10:20 - 2013-08-01 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2015-07-15 10:20 - 2013-08-01 12:34 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2015-07-15 10:17 - 2013-07-25 17:46 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 14:36 - 2014-06-16 11:18 - 00001062 _____ C:\Users\Public\Desktop\DIALit.lnk 2015-07-14 14:36 - 2014-06-16 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIALit 2015-07-14 14:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech 2015-07-14 14:21 - 2015-01-27 16:16 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-14 14:21 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Google 2015-07-14 10:47 - 2014-07-26 10:46 - 00000000 ____D C:\Users\MSC\AppData\Roaming\NirSoft Utilities 2015-07-14 10:47 - 2013-10-14 12:06 - 00000000 ____D C:\ProgramData\HitmanPro 2015-07-14 09:04 - 2013-07-05 11:09 - 00000000 ____D C:\Windows\ccmsetup 2015-07-13 11:08 - 2015-05-27 14:47 - 00002549 _____ C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk 2015-07-13 11:08 - 2013-07-30 13:49 - 00001527 _____ C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-13 11:08 - 2013-07-03 10:57 - 00001529 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-13 11:08 - 2013-07-03 10:57 - 00001523 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-07-13 09:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-07 08:56 - 2014-05-14 09:38 - 00000000 ____D C:\Program Files (x86)\Citrix 2015-07-07 08:55 - 2013-07-03 14:17 - 00000000 ____D C:\Windows\system32\appmgmt 2015-07-07 08:55 - 2013-04-14 01:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-06 17:38 - 2012-02-08 15:35 - 00000000 ____D C:\Temp 2015-07-03 09:17 - 2015-02-17 08:23 - 00006219 _____ C:\Users\MSC\Documents\ETS-Server.rdg.old 2015-07-03 08:43 - 2013-07-25 17:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-07-02 13:59 - 2013-07-30 13:49 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Adobe 2015-07-02 13:58 - 2014-08-22 10:32 - 00000000 ____D C:\Users\MSC\AppData\Local\Adobe 2015-07-02 11:29 - 2014-11-12 12:43 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieBrowserModeList 2015-07-02 11:29 - 2014-04-09 14:33 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieUserList 2015-07-02 11:29 - 2014-04-09 14:33 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieSiteList 2015-07-02 08:44 - 2013-07-30 12:03 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-02 08:43 - 2013-07-30 12:03 - 00000000 ____D C:\ProgramData\Adobe 2015-07-01 14:25 - 2014-11-14 13:14 - 00167632 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2015-07-01 14:25 - 2014-11-14 13:14 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2015-07-01 14:25 - 2014-11-14 13:14 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll 2015-07-01 11:26 - 2013-07-30 18:09 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Apple Computer 2015-07-01 11:22 - 2015-03-18 14:44 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-01 11:22 - 2015-03-18 14:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-06-30 09:18 - 2015-04-14 15:02 - 00000000 ____D C:\Users\MSC\Documents\Wohnung 2015-06-30 08:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2015-06-29 08:43 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-06-29 08:43 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-06-27 12:29 - 2014-09-09 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync 2015-06-27 12:29 - 2014-09-09 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync 2015-06-27 12:28 - 2014-09-09 12:36 - 00000000 ____D C:\Program Files\Microsoft Lync 2015-06-27 12:28 - 2013-07-25 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-06-23 13:30 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2013-07-30 18:12 - 2013-01-24 18:35 - 0023176 _____ () C:\Users\MSC\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-07-30 18:12 - 2014-10-06 12:53 - 0023164 _____ () C:\Users\MSC\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-11-08 14:24 - 2015-02-09 18:50 - 0081642 _____ () C:\Users\MSC\AppData\Roaming\MultiScreen_log.log 2015-04-16 08:46 - 2015-04-16 08:46 - 0033193 _____ () C:\Users\MSC\AppData\Roaming\UserTile.png 2013-07-30 18:13 - 2015-07-20 15:45 - 0000600 _____ () C:\Users\MSC\AppData\Roaming\winscp.rnd 2013-07-30 18:04 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\AtStart.txt 2013-07-30 18:04 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\DSwitch.txt 2013-07-30 18:07 - 2015-07-20 15:45 - 0000600 _____ () C:\Users\MSC\AppData\Local\PUTTY.RND 2013-07-30 18:07 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\QSwitch.txt 2013-07-30 18:07 - 2012-12-02 16:08 - 0001832 _____ () C:\Users\MSC\AppData\Local\SLC_msc.prx 2013-10-18 17:29 - 2013-10-18 18:23 - 0000826 _____ () C:\ProgramData\hpzinstall.log 2013-08-01 12:45 - 2013-08-01 12:45 - 0000266 _____ () C:\ProgramData\LEDM_AdaptorInstall.log 2013-12-09 11:21 - 2013-12-09 14:12 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ZeroAccess: C:\Users\MSC\AppData\Local\682008ce C:\Users\MSC\AppData\Local\682008ce\@ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-23 13:29 ==================== End of log ============================ |
24.07.2015, 06:47 | #8 |
/// the machine /// TB-Ausbilder | http://your-home-page.netESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.07.2015, 10:01 | #9 |
| http://your-home-page.net Hier ist das ESET log file Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a33c1c9574edc549a0cb5452eff3393f # engine=15485 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-10-15 12:29:23 # local_time=2013-10-15 02:29:23 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776638 100 94 5875794 133470013 0 0 # scanned=313738 # found=4 # cleaned=0 # scan_time=17166 sh=EA48CD96C476F65D0AECD0F977A972FFD154A6FA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\dfqc50@ytkxfpxaf.co.uk\content\bg.js" sh=CAC59A2DA32C0D7480153E6390C4C4283971EDD2 ft=0 fh=0000000000000000 vn="probably a variant of Win32/SdBot.NAOGICU trojan" ac=I fn="D:\Downloads\LOGINventory.v4.5.7.0.1637-BEAN.zip" sh=72DEE4B364218DE2C89907F8E06535C0B1FA74AE ft=0 fh=0000000000000000 vn="a variant of Win32/Kryptik.BEPP trojan" ac=I fn="D:\Downloads\VMWare_ESX_v4_1_keygen.zip" sh=0727DBE20918D3AF151357456F669892A58F2429 ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.YMC trojan" ac=I fn="D:\Downloads\VMware_vCenter_Server_version_5_keygen.zip" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a33c1c9574edc549a0cb5452eff3393f # engine=15491 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-10-15 12:56:48 # local_time=2013-10-15 02:56:48 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776638 100 94 5877439 133471658 0 0 # scanned=72496 # found=0 # cleaned=0 # scan_time=825 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=a33c1c9574edc549a0cb5452eff3393f # end=init # utc_time=2015-07-24 06:02:14 # local_time=2015-07-24 08:02:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24953 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=a33c1c9574edc549a0cb5452eff3393f # end=updated # utc_time=2015-07-24 06:04:41 # local_time=2015-07-24 08:04:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=a33c1c9574edc549a0cb5452eff3393f # engine=24953 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-07-24 07:28:47 # local_time=2015-07-24 09:28:47 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776637 100 94 55086 189352777 0 0 # compatibility_mode_1='Webroot SecureAnywhere' # compatibility_mode=16130 16777213 42 66 1969409 15771424 0 0 # scanned=411577 # found=26 # cleaned=0 # scan_time=5045 sh=66A6A2E76557FE695CDED1844C17C9F6D431D222 ft=1 fh=c71c00119cc71bfd vn="Variante von Win32/Adware.MultiPlug.FL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.dll.vir" sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.exe.vir" sh=52FBBE6C9D6469D3DD991F0A70A724D9FB28BBBC ft=1 fh=c71c001152e2de0d vn="Win64/Adware.MultiPlug.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.x64.dll.vir" sh=68D4D432614D2532628C80E31D08BBA59D26EED9 ft=1 fh=c71c001116eff48f vn="Variante von Win32/Adware.MultiPlug.IX Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir" sh=5ECA1EB94D04DDBE04B94FFBD20363B5D4A33471 ft=1 fh=2c78867d4da1feb7 vn="Variante von Win32/Adware.MultiPlug.HY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{e8f62260-3bf5-9a5e-e8f6-622603bf8980}\AOMEI.Dynamic.Disk.Manager.Pro.1.2.0.0.rar.exe.vir" sh=5EAF7A8708BD380D1E5C6DCB08C81F01EA51B55C ft=1 fh=0a01f86c9f1de115 vn="Win32/DownWare.W evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\PC-WELT-Fix-it-Pack\Tools\driveridentifier_setup.exe" sh=71AF1BB6BA76B100120AB2F5B9E82767F03A296A ft=1 fh=cc3978980b7840b4 vn="Win32/Packed.ASProtect.AAB Trojaner" ac=I fn="C:\Program Files (x86)\Avaya\C3000\Fax Printer\pdfspme.dll" sh=C126957A944E8B606A06D08B9DC69171275D43C4 ft=1 fh=7d8f2496a41e1a7b vn="Variante von Win32/BrowseFox.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\See Results Hub\Extensions\c3cbfe5d-53c1-44f9-8442-6faaf005aaa9.dll.vir" sh=0AF20A38416D2CFABC0742C2BA528F5E78BEA4C0 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\hog1wvxp@mumnjwtj.com\content\bg.js.vir" sh=DDB9F1EDAA69AB1CD80CE820F0B8ED73E3BC2DB1 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\rbyi2@uibieo.co.uk\content\bg.js.vir" sh=DF678B81D0A2C063E5467C5113DCCFF238B44DC4 ft=1 fh=55941976f4437196 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\swsetup\WinZBas\Setup.exe" sh=35598302B1F171080A5C6649D455E10B7B753CD8 ft=1 fh=d9acd49d2d33c7ed vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\Tools\ExcelRecovery\setup.exe" sh=5F5C2B79CC1C584AAA11B5960AA618E2AD958BBA ft=1 fh=9ae7f7a15173a472 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\MSC\AppData\Local\InstallShare\2_16472_installer.exe" sh=17FED21A8547CFA0C488795F76F3AA0F870E3CBD ft=0 fh=0000000000000000 vn="Win32/Packed.ASProtect.AAB Trojaner" ac=I fn="C:\Windows\Installer\932638.msi" sh=B49883F9F0353B15AEE87E3BFA81E3055C3B2363 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\98d22a2.msi" sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.R evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\HP_(Hewlett_Packard)_ProBook_5320m_Treiber_Update_10-2014.exe" sh=D99A141433D1E004A35266106958ABAB59660FA7 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\Downloads\Installer (Right Click and select extract)(1).zip" sh=3ED9E7DFE76114EF89AA5EF870541E62ED4AEFA9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\Downloads\Installer (Right Click and select extract).zip" sh=7117F97780A260A8B073968FBE56553B6A3F3649 ft=1 fh=14c0a9ac9cd14c4b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\olftag15 - CHIP-Installer.exe" sh=51AA2470380CAF060A73AAB30046BDE692276BE7 ft=1 fh=e5d17b5d6f6decc1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe" sh=DFDE43AD609CB0B51DDC88BDAD7C9EA8FFE25453 ft=1 fh=01c79f91cc830746 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Paragon Partition Manager 2014 Free - CHIP-Installer.exe" sh=D151864F5F2D772D0FC4ACBA9A22F37C4A8F9F50 ft=1 fh=d9076f755b74a6f8 vn="Win32/DownWare.W evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\pcwWinFixItPack_setup.exe" sh=F1EFF6451CED129C0E5C0A510955F234A01158A0 ft=1 fh=332b4278a72373e2 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\Unlocker1.9.2.exe" sh=72DEE4B364218DE2C89907F8E06535C0B1FA74AE ft=0 fh=0000000000000000 vn="Variante von Win32/Kryptik.BEPP Trojaner" ac=I fn="D:\Downloads\VMWare_ESX_v4_1_keygen.zip" sh=0727DBE20918D3AF151357456F669892A58F2429 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.YMC Trojaner" ac=I fn="D:\Downloads\VMware_vCenter_Server_version_5_keygen.zip" sh=3DED641B6A1921CDFF92D210CEB8543BBB243DFF ft=1 fh=e0b2a7a263ddc9d0 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\wclassic2 - CHIP-Installer.exe" Code:
ATTFilter Results of screen317's Security Check version 1.004 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java version 32-bit out of Date! Adobe Flash Player 18.0.0.209 Mozilla Firefox (39.0) Google Chrome (43.0.2357.132) Google Chrome (43.0.2357.134) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Common Files Microsoft Shared Microsoft Online Services MSOIDSVC.EXE Common Files Microsoft Shared Microsoft Online Services MSOIDSvcm.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by michael.schmaus (administrator) on NB1140 on 24-07-2015 10:59:51 Running from D:\Downloads Loaded Profiles: michael.schmaus (Available Profiles: Admin & postgres & sysaidinternal & AdminDE & Chris.Oleszczuk & michael.schmaus & michael.schmaus & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\psxss.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Netop Business Solutions A/S) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (SEP AG) C:\Program Files\SEPsesam\bin\sesam\sm_main.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (SEP AG) C:\Program Files\SEPsesam\bin\sesam\sm_ctrld_main.exe () C:\Program Files\SEPsesam\bin\sesam\sm_sshd.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (SysAid Technology Ltd.) C:\Program Files\SysAid\SysAidSM.exe (Microsoft Corporation) C:\Windows\SysWOW64\snmp.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe (SysAid Technology Ltd.) C:\Program Files\SysAid\SysAidWorker.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (GFI Software Development Ltd.) C:\Program Files (x86)\PatchManagementInstallation\Agent\lnssatt.exe (Apache Software Foundation) C:\Program Files (x86)\PatchManagementInstallation\Agent\Httpd\bin\httpd.exe (Apache Software Foundation) C:\Program Files (x86)\PatchManagementInstallation\Agent\Httpd\bin\httpd.exe (GFI Software Development Ltd.) C:\Program Files (x86)\PatchManagementInstallation\Agent\mantle.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\cmrcservice.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Avaya Inc.) C:\Windows\System32\qtsp_sso.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Akamai Technologies, Inc.) C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ek-soft GmbH) C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (Akamai Technologies, Inc.) C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe (MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_x64.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Microsoft) C:\Program Files (x86)\Avaya\Avaya Microsoft Lync Integration\LyncAddin.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (ek-soft GmbH) C:\Program Files (x86)\CTI\DIALit-Client\TeleTab.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtwLyncIntf\BtwLyncIntf.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Inedo, LLC) C:\Program Files\ProGet\Service\ProGet.Service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-07-25] (Broadcom Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-07-03] (IDT, Inc.) HKLM\...\Run: [qtsp_sso] => C:\windows\system32\qtsp_sso.exe [1171968 2012-12-21] (Avaya Inc.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MultiScreen] => [X] HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358944 2011-01-28] (Acronis) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-08-01] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-07-03] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-10-24] (Intel Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14336 2010-01-15] (IBM Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company) HKLM-x32\...\Run: [LyncAddin] => C:\Program Files (x86)\Avaya\Avaya Microsoft Lync Integration\LyncAddin.exe [1933824 2012-11-09] (Microsoft) HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe [826832 2013-12-04] (Check Point Software Technologies) HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [MultiScreen] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [823720 2015-07-01] (Webroot) HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [168464 2012-10-25] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [139792 2012-10-25] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5145824 2011-01-28] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [Akamai NetSession Interface] => C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-03-11] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-10-18] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIALit.lnk [2014-11-05] ShortcutTarget: DIALit.lnk -> C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (ek-soft GmbH) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-06] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIALit.lnk [2014-11-05] ShortcutTarget: DIALit.lnk -> C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (ek-soft GmbH) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-06] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) GroupPolicyScripts: Group Policy detected <======= ATTENTION GroupPolicyScripts\User: Group Policy detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Microsoft Web Recorder Helper -> {06D7D698-1ECD-407F-A1C9-EFA54860490A} -> C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Console\Microsoft.Mom.RecorderBarBHO.dll [2013-09-06] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1383306434877 Tcpip\Parameters: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{80710E33-1517-4612-A89E-CDD41C5A0DD9}: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{A51701BB-A804-4E1B-8457-21AFA11167D2}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 FireFox: ======== FF ProfilePath: C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\103qzzmr.default-1436867989260 FF SearchEngineOrder.2: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-24] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\MSC\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC) FF Extension: GMX MailCheck - C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\103qzzmr.default-1436867989260\Extensions\toolbar@gmx.net [2015-07-23] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-30] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-18] FF HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Firefox\Extensions: [firefoxaddon@ek-soft.de] - C:\Program Files (x86)\CTI\DIALit-Client\Firefox FF Extension: ek-soft CTI Add ON - C:\Program Files (x86)\CTI\DIALit-Client\Firefox [2014-06-16] FF HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14] CHR Extension: (Google Drive) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-14] CHR Extension: (YouTube) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-14] CHR Extension: (GMX MailCheck) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-07-14] CHR Extension: (Google Search) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14] CHR Extension: (Google Wallet) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-14] CHR Extension: (Gmail) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdtAgent; C:\Windows\system32\AdtAgent.exe [410808 2013-09-06] (Microsoft Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation) R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577712 2014-05-29] (Microsoft Corporation) S3 Cwbrxd; C:\windows\cwbrxd.exe [94208 2010-01-15] (IBM Corporation) [File not signed] S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [File not signed] R2 gfi_lanss11_attservice; C:\Program Files (x86)\PatchManagementInstallation\Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-14] (SurfRight B.V.) S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-10-09] (Intel Corporation) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation) R2 INEDOPROGETSVC; C:\Program Files\ProGet\Service\ProGet.Service.exe [133120 2015-07-16] (Inedo, LLC) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-24] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-24] (Intel Corporation) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.) R2 MSSQL$ACRONIS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation) R2 MSSQL$PROGET; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed] R2 NetOp Host for NT Service; C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE [1516568 2010-11-01] (Netop Business Solutions A/S) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed] S4 PuranDefrag; C:\windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation) R2 sm_main; C:\Program Files\SEPsesam\bin\sesam\sm_main.exe [362696 2015-03-10] (SEP AG) R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation) S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation) R3 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-07-03] (IDT, Inc.) [File not signed] R2 SysAidAgent; C:\Program Files\SysAid\SysAidSM.exe [23192 2015-04-01] (SysAid Technology Ltd.) S4 System Center Management APM; C:\Program Files\Microsoft System Center 2012 R2\Service Manager\APMDOTNETAgent\InterceptSvc.exe [626872 2013-09-06] (Microsoft Corp.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [File not signed] R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [4880512 2013-12-04] (Check Point Software Technologies) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-07-25] (Broadcom Corporation) [File not signed] R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [823720 2015-07-01] (Webroot) S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X] S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-07-14] (Broadcom Corporation.) S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R3 dwVSCD; C:\Windows\System32\DRIVERS\dwvscd.sys [11904 2010-11-01] (Danware Data A/S) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-02] (Ericsson AB) R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2014-05-19] (Paragon Software Group) S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.) S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.) R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation) R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation) R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-14] (Microsoft Corporation) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) S3 sehutn; C:\Windows\System32\DRIVERS\sehutn.sys [49328 2013-10-08] (SEH Computertechnik GmbH) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-09] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-09] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-09] () R3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2012-09-20] (Check Point Software Technologies) R1 vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456952 2013-12-04] (Check Point Software Technologies Ltd.) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-07-01] (Webroot) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-25] (Ericsson AB) S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U0 dmboot; No ImagePath U0 SR; No ImagePath U2 srservice; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-24 09:15 - 2015-07-24 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Inedo 2015-07-24 09:14 - 2015-07-24 09:15 - 00000000 ____D C:\ProgramData\ProGet 2015-07-24 09:14 - 2015-07-24 09:14 - 00000000 ____D C:\Program Files\ProGet 2015-07-24 09:04 - 2015-07-24 09:04 - 00003034 _____ C:\Users\MSC\Desktop\(X.systems.press) Peter Monadjemi (auth.)-PowerShell für die Windows-Administration_ Ein kompakter und praxisnaher Überblick-Vieweg+Teubner Verlag (2014).pdf - Verknüpfung.lnk 2015-07-24 08:10 - 2015-07-24 08:17 - 00000000 ____D C:\Users\MSC\Documents\Powershell 2015-07-24 08:01 - 2015-07-24 08:01 - 00022257 _____ C:\Users\MSC\Desktop\Error_ProGet.txt 2015-07-24 08:00 - 2015-07-24 07:58 - 02870984 _____ (ESET) C:\Users\MSC\Desktop\esetsmartinstaller_deu.exe 2015-07-23 15:46 - 2015-07-23 15:46 - 00001617 _____ C:\Users\MSC\Desktop\JRT.txt 2015-07-23 15:34 - 2015-07-23 15:36 - 00001210 _____ C:\mbam.txt 2015-07-23 14:04 - 2015-07-23 14:07 - 00018662 _____ C:\autoreply.txt 2015-07-23 08:50 - 2015-07-24 10:59 - 00021530 _____ C:\Windows\WindowsUpdate.log 2015-07-22 19:23 - 2015-07-22 19:23 - 00000000 ____D C:\Scripts 2015-07-22 18:52 - 2015-07-22 18:52 - 00000000 ____D C:\Users\MSC\AppData\Local\NuGet 2015-07-22 17:13 - 2015-07-22 17:13 - 00000000 ____D C:\Users\MSC\AppData\Roaming\NuGet 2015-07-22 17:12 - 2015-07-22 17:12 - 00000000 ____D C:\Users\MSC\AppData\Local\PackageManagement 2015-07-22 17:12 - 2015-07-22 17:12 - 00000000 ____D C:\Program Files\PackageManagement 2015-07-22 16:57 - 2015-07-22 16:57 - 00000000 ____D C:\Windows\SysWOW64\Configuration 2015-07-22 16:55 - 2015-04-23 05:13 - 02172928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-07-22 16:55 - 2015-04-23 05:13 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Register-CimProvider.exe 2015-07-22 16:55 - 2015-04-23 05:12 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-07-22 16:55 - 2015-04-23 05:12 - 00139264 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\DscCoreConfProv.dll 2015-07-22 16:55 - 2015-04-23 05:12 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidcom.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe 2015-07-22 16:55 - 2015-04-23 05:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prvdmofcomp.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe 2015-07-22 16:55 - 2015-04-23 05:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll 2015-07-22 16:55 - 2015-04-23 05:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll 2015-07-22 16:55 - 2015-04-23 05:09 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00535552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmGCDeps.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe 2015-07-22 16:55 - 2015-04-23 05:08 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2015-07-22 16:55 - 2015-04-23 05:08 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00201216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-07-22 16:55 - 2015-04-23 05:06 - 00384512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn2.dll 2015-07-22 16:55 - 2015-04-23 05:05 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimofcodec.dll 2015-07-22 16:55 - 2015-04-23 05:05 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mibincodec.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll 2015-07-22 16:55 - 2015-04-23 03:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\DscTimer.dll 2015-07-22 16:55 - 2015-04-23 03:55 - 02613760 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-07-22 16:55 - 2015-04-23 03:55 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\DscProxy.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\mpeval.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\wmidcom.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe 2015-07-22 16:55 - 2015-04-23 03:53 - 00196096 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DscCoreConfProv.dll 2015-07-22 16:55 - 2015-04-23 03:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\prvdmofcomp.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe 2015-07-22 16:55 - 2015-04-23 03:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe 2015-07-22 16:55 - 2015-04-23 03:51 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\WsmGCDeps.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\mi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\PSModuleDiscoveryProvider.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll 2015-07-22 16:55 - 2015-04-23 03:47 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn2.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\mpunits.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\mimofcodec.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\mibincodec.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll 2015-07-22 10:34 - 2015-07-22 10:34 - 00000000 ____D C:\LocalDumps 2015-07-22 09:39 - 2015-07-22 09:39 - 00039270 _____ C:\ComboFix.txt 2015-07-21 13:39 - 2015-07-24 10:59 - 00000000 ____D C:\FRST 2015-07-21 12:54 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-21 12:54 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-21 12:54 - 2015-07-02 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-21 12:54 - 2015-07-02 20:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-21 12:54 - 2015-06-29 15:30 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-21 12:54 - 2015-06-29 15:27 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-21 12:54 - 2015-06-17 15:28 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-21 12:54 - 2015-06-17 15:26 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-21 12:54 - 2015-06-17 15:26 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-21 12:54 - 2015-06-11 20:03 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-21 12:54 - 2015-06-11 19:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-21 12:54 - 2015-06-11 19:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-07-21 12:54 - 2015-06-11 19:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-07-21 12:53 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-21 12:53 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-21 12:53 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-21 12:53 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-20 16:42 - 2015-07-20 16:42 - 00000000 ____D C:\Users\MSC\AppData\Local\CEF 2015-07-20 13:21 - 2015-07-20 13:21 - 00000000 ____D C:\ProgramData\VIPRE 2015-07-20 13:21 - 2015-07-20 13:21 - 00000000 ____D C:\Program Files\Common Files\AV 2015-07-20 13:12 - 2015-07-21 15:26 - 00000000 ____D C:\ProgramData\STOPzilla! 2015-07-20 13:12 - 2015-07-20 13:12 - 00000000 ____D C:\Program Files (x86)\iS3 2015-07-20 12:41 - 2015-07-20 13:00 - 00000000 ____D C:\ProgramData\{cd5b4ee3-71a9-ecd7-cd5b-b4ee371a3b8d} 2015-07-16 09:31 - 2015-07-16 09:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-15 10:21 - 2015-03-30 00:47 - 00083624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 10:21 - 2015-03-30 00:43 - 00089264 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 10:10 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-07-15 10:10 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-15 10:10 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-15 10:10 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-15 10:10 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-07-15 10:09 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-07-15 09:26 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 09:26 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 09:26 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 09:26 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-15 09:26 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-07-15 09:26 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-07-15 09:26 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-07-15 09:26 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-07-15 09:26 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-07-15 09:26 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-07-15 09:26 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-07-15 09:26 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-07-15 09:26 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-07-15 09:26 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-07-15 09:26 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-07-15 09:26 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 09:26 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 09:26 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 09:26 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-15 09:26 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 09:26 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 09:26 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-15 09:26 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-15 09:26 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 09:26 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 09:26 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 09:26 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-15 09:26 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 09:26 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-15 09:26 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-07-15 09:26 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-07-15 09:26 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-07-15 09:26 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-07-15 09:26 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-15 09:26 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-14 14:54 - 2015-07-14 14:54 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-14 14:54 - 2015-07-14 14:54 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-07-14 14:54 - 2015-07-14 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-14 14:21 - 2015-07-15 09:33 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-14 14:21 - 2015-07-14 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-14 14:20 - 2015-07-24 10:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-14 14:20 - 2015-07-24 09:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-14 14:20 - 2015-07-16 09:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-14 14:20 - 2015-07-16 09:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-14 13:47 - 2015-07-14 13:47 - 00000207 _____ C:\Windows\tweaking.com-regbackup-NB1140-Windows-7-Ultimate-(64-bit).dat 2015-07-14 13:47 - 2015-07-14 13:47 - 00000000 ____D C:\RegBackup 2015-07-14 13:43 - 2015-07-14 13:43 - 03034266 _____ (Malwarebytes Corporation) C:\Users\MSC\Desktop\JRT.exe 2015-07-14 11:59 - 2015-07-14 11:59 - 00000000 ____D C:\Users\MSC\Desktop\Alte Firefox-Daten 2015-07-14 10:47 - 2015-07-20 13:00 - 00000410 _____ C:\Windows\system32\.crusader 2015-07-14 10:40 - 2015-07-14 10:40 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2015-07-14 10:40 - 2015-07-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-07-13 18:01 - 2015-07-13 18:01 - 00002018 _____ C:\Users\MSC\Documents\Silverlieght in allen Browsern aktivieren.txt 2015-07-13 14:17 - 2015-07-14 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-13 14:08 - 2015-07-13 14:08 - 00003122 _____ C:\Windows\System32\Tasks\Samsung_PSSD_Registration 2015-07-13 11:30 - 2015-07-13 11:29 - 02248704 _____ C:\Users\MSC\Desktop\adwcleaner_4.208.exe 2015-07-13 11:09 - 2015-04-08 18:32 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-07-07 08:55 - 2015-07-07 08:55 - 00000000 ____D C:\Users\MSC\AppData\Roaming\SysAid 2015-07-03 09:33 - 2015-07-24 08:01 - 00006026 _____ C:\Users\MSC\Documents\ETG-Server.rdg 2015-07-02 13:41 - 2011-08-04 00:48 - 120893960 _____ (Oracle ) C:\Users\MSC\Downloads\SmartView.exe 2015-07-02 08:50 - 2015-07-02 08:50 - 00001088 _____ C:\Users\MSC\Documents\WER_Debug.reg 2015-07-02 08:44 - 2015-07-16 10:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-07-02 08:44 - 2015-07-02 08:44 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-07-01 11:23 - 2015-07-01 11:23 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-07-01 11:23 - 2015-07-01 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files\iTunes 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files\iPod 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-06-30 08:26 - 2015-06-30 14:21 - 00002234 ____H C:\Users\adminde\Documents\Default.rdp 2015-06-30 08:26 - 2015-06-30 08:26 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Intel Corporation 2015-06-30 08:25 - 2015-06-30 14:19 - 00000000 ____D C:\Users\adminde\Tracing 2015-06-30 08:25 - 2015-06-30 08:25 - 00124488 _____ C:\Users\adminde\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\Documents\IBM 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\Documents\Bluetooth Exchange Folder 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Synaptics 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\ICAClient 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\IBM 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\hpqLog 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Hewlett-Packard 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Avaya 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Apple Computer 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Packages 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Hewlett-Packard_Developme 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Citrix 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Broadcom 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Adobe 2015-06-30 08:24 - 2015-07-20 11:05 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0B921448-3CB6-4172-AC13-1384D54539F1} 2015-06-30 08:24 - 2015-07-20 11:05 - 00001200 __RSH C:\Users\adminde\ntuser.pol 2015-06-30 08:24 - 2015-07-20 11:05 - 00000000 ____D C:\Users\adminde 2015-06-30 08:24 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Adobe 2015-06-30 08:24 - 2015-06-30 08:24 - 00001425 _____ C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Vorlagen 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Startmenü 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Netzwerkumgebung 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Lokale Einstellungen 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Eigene Dateien 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Druckumgebung 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Documents\Eigene Musik 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Documents\Eigene Bilder 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Local\Verlauf 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Local\Anwendungsdaten 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Anwendungsdaten 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 ____D C:\Users\adminde\AppData\Local\Google 2015-06-30 08:24 - 2013-09-12 15:58 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Macromedia 2015-06-30 08:24 - 2013-07-20 07:02 - 00000000 ____D C:\Users\adminde\AppData\Local\Microsoft Help 2015-06-30 08:24 - 2013-04-14 01:33 - 00000000 ___HD C:\Users\adminde\Documents\hp.system.package.metadata 2015-06-30 08:24 - 2011-02-11 07:19 - 00000020 ___SH C:\Users\adminde\ntuser.ini 2015-06-30 08:24 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-30 08:24 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ___SD C:\Windows\system32\GWX 2015-06-27 12:27 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-27 12:27 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-27 12:27 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-27 12:27 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-27 12:27 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-27 12:27 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-27 12:27 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-27 12:27 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-27 12:27 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-27 12:27 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-27 12:27 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-27 12:27 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-27 12:27 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-24 10:59 - 2015-01-29 16:23 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2015-07-24 10:59 - 2013-07-30 18:09 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Notepad++ 2015-07-24 10:59 - 2013-07-03 14:11 - 00026804 __RSH C:\ProgramData\ntuser.pol 2015-07-24 10:58 - 2014-11-14 13:14 - 00000000 ____D C:\ProgramData\WRData 2015-07-24 10:55 - 2013-07-03 12:02 - 00002072 _____ C:\Windows\system32\config\netlogon.ftl 2015-07-24 10:48 - 2012-02-09 16:30 - 00000000 ____D C:\Users\MSC\Documents\Outlook-Dateien 2015-07-24 10:21 - 2013-04-14 01:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-24 09:18 - 2015-05-20 10:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-24 09:14 - 2013-08-01 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2015-07-24 09:14 - 2013-04-14 01:02 - 02449500 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-07-24 09:14 - 2013-04-13 22:35 - 01040974 _____ C:\Windows\system32\perfh007.dat 2015-07-24 09:14 - 2013-04-13 22:35 - 00273456 _____ C:\Windows\system32\perfc007.dat 2015-07-24 08:54 - 2012-02-09 16:12 - 00000000 ____D C:\Users\MSC\Documents\WindowsPowershell 2015-07-24 07:59 - 2013-10-15 09:36 - 00852662 _____ C:\Users\MSC\Desktop\SecurityCheck.exe 2015-07-24 07:36 - 2013-08-02 09:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-07-24 07:36 - 2009-07-14 06:45 - 00042336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-24 07:36 - 2009-07-14 06:45 - 00042336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-24 07:31 - 2014-01-31 10:49 - 00000000 ____D C:\Users\MSC\Tracing 2015-07-24 07:31 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\CrashDumps 2015-07-24 07:31 - 2012-02-09 12:10 - 00000000 ____D C:\Users\MSC\Documents\DIALIT 2015-07-24 07:28 - 2009-07-14 07:13 - 02420374 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-24 07:26 - 2013-07-05 11:11 - 00000580 _____ C:\Windows\SMSCFG.ini 2015-07-24 07:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv 2015-07-24 07:24 - 2015-05-29 10:52 - 00000782 _____ C:\Users\Public\Desktop\SysAid.lnk 2015-07-24 07:23 - 2015-05-29 10:52 - 00000000 ____D C:\Program Files\SysAid 2015-07-24 07:23 - 2014-08-15 14:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-07-24 07:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-23 15:39 - 2013-10-14 12:14 - 00000000 ____D C:\AdwCleaner 2015-07-23 10:25 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-07-23 09:15 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Deployment 2015-07-22 18:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Windows\system32\dsc 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Windows\system32\Configuration 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Program Files\WindowsPowerShell 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Program Files (x86)\WindowsPowerShell 2015-07-22 16:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-22 09:39 - 2013-11-15 10:41 - 00000000 ____D C:\Qoobox 2015-07-22 09:39 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Apps\2.0 2015-07-22 09:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-07-22 09:28 - 2013-11-15 10:38 - 05632853 ____R (Swearware) C:\Users\MSC\Desktop\ComboFix.exe 2015-07-21 13:34 - 2011-02-11 07:14 - 00000000 ____D C:\Windows\Panther 2015-07-21 13:29 - 2009-07-14 06:45 - 00529888 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-21 07:47 - 2013-06-21 00:13 - 00000000 ____D C:\Windows\Hewlett-Packard 2015-07-20 16:03 - 2013-10-14 12:11 - 00000000 ____D C:\Program Files\HitmanPro 2015-07-20 15:45 - 2013-07-30 18:13 - 00000600 _____ C:\Users\MSC\AppData\Roaming\winscp.rnd 2015-07-20 15:45 - 2013-07-30 18:07 - 00000600 _____ C:\Users\MSC\AppData\Local\PUTTY.RND 2015-07-20 11:28 - 2013-07-30 12:45 - 00000000 ____D C:\Users\MSC 2015-07-20 11:11 - 2013-08-01 12:49 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{02EBB676-2F51-4EB5-BF5C-EFF12763F7AF} 2015-07-20 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool 2015-07-17 13:06 - 2015-01-26 13:24 - 00000000 ____D C:\Program Files\Java 2015-07-17 12:45 - 2015-01-26 13:24 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-07-17 10:28 - 2012-02-09 16:30 - 00000000 ____D C:\Users\MSC\IPViewer 2015-07-17 08:19 - 2013-07-30 12:05 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 2015-07-15 11:21 - 2013-11-20 19:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-15 11:21 - 2013-04-14 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-15 11:21 - 2013-04-14 01:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-15 10:50 - 2014-12-10 19:58 - 00000000 ____D C:\Windows\system32\appraiser 2015-07-15 10:50 - 2014-05-05 09:18 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-15 10:23 - 2013-07-19 13:08 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-15 10:20 - 2013-08-01 12:34 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2015-07-15 10:17 - 2013-07-25 17:46 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 14:36 - 2014-06-16 11:18 - 00001062 _____ C:\Users\Public\Desktop\DIALit.lnk 2015-07-14 14:36 - 2014-06-16 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIALit 2015-07-14 14:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech 2015-07-14 14:21 - 2015-01-27 16:16 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-14 14:21 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Google 2015-07-14 10:47 - 2014-07-26 10:46 - 00000000 ____D C:\Users\MSC\AppData\Roaming\NirSoft Utilities 2015-07-14 10:47 - 2013-10-14 12:06 - 00000000 ____D C:\ProgramData\HitmanPro 2015-07-14 09:04 - 2013-07-05 11:09 - 00000000 ____D C:\Windows\ccmsetup 2015-07-13 11:08 - 2015-05-27 14:47 - 00002549 _____ C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk 2015-07-13 11:08 - 2013-07-30 13:49 - 00001527 _____ C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-13 11:08 - 2013-07-03 10:57 - 00001529 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-13 11:08 - 2013-07-03 10:57 - 00001523 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-07-13 09:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-07 08:56 - 2014-05-14 09:38 - 00000000 ____D C:\Program Files (x86)\Citrix 2015-07-07 08:55 - 2013-07-03 14:17 - 00000000 ____D C:\Windows\system32\appmgmt 2015-07-07 08:55 - 2013-04-14 01:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-06 17:38 - 2012-02-08 15:35 - 00000000 ____D C:\Temp 2015-07-03 09:17 - 2015-02-17 08:23 - 00006219 _____ C:\Users\MSC\Documents\ETS-Server.rdg.old 2015-07-03 08:43 - 2013-07-25 17:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-07-02 13:59 - 2013-07-30 13:49 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Adobe 2015-07-02 13:58 - 2014-08-22 10:32 - 00000000 ____D C:\Users\MSC\AppData\Local\Adobe 2015-07-02 11:29 - 2014-11-12 12:43 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieBrowserModeList 2015-07-02 11:29 - 2014-04-09 14:33 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieUserList 2015-07-02 11:29 - 2014-04-09 14:33 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieSiteList 2015-07-02 08:44 - 2013-07-30 12:03 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-02 08:43 - 2013-07-30 12:03 - 00000000 ____D C:\ProgramData\Adobe 2015-07-01 14:25 - 2014-11-14 13:14 - 00167632 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2015-07-01 14:25 - 2014-11-14 13:14 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2015-07-01 14:25 - 2014-11-14 13:14 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll 2015-07-01 11:26 - 2013-07-30 18:09 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Apple Computer 2015-07-01 11:22 - 2015-03-18 14:44 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-01 11:22 - 2015-03-18 14:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-06-30 09:18 - 2015-04-14 15:02 - 00000000 ____D C:\Users\MSC\Documents\Wohnung 2015-06-30 08:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2015-06-29 08:43 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-06-29 08:43 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-06-27 12:29 - 2014-09-09 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync 2015-06-27 12:29 - 2014-09-09 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync 2015-06-27 12:28 - 2014-09-09 12:36 - 00000000 ____D C:\Program Files\Microsoft Lync 2015-06-27 12:28 - 2013-07-25 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ==================== Files in the root of some directories ======= 2013-07-30 18:12 - 2013-01-24 18:35 - 0023176 _____ () C:\Users\MSC\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-07-30 18:12 - 2014-10-06 12:53 - 0023164 _____ () C:\Users\MSC\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-11-08 14:24 - 2015-02-09 18:50 - 0081642 _____ () C:\Users\MSC\AppData\Roaming\MultiScreen_log.log 2015-04-16 08:46 - 2015-04-16 08:46 - 0033193 _____ () C:\Users\MSC\AppData\Roaming\UserTile.png 2013-07-30 18:13 - 2015-07-20 15:45 - 0000600 _____ () C:\Users\MSC\AppData\Roaming\winscp.rnd 2013-07-30 18:04 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\AtStart.txt 2013-07-30 18:04 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\DSwitch.txt 2013-07-30 18:07 - 2015-07-20 15:45 - 0000600 _____ () C:\Users\MSC\AppData\Local\PUTTY.RND 2013-07-30 18:07 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\QSwitch.txt 2013-07-30 18:07 - 2012-12-02 16:08 - 0001832 _____ () C:\Users\MSC\AppData\Local\SLC_msc.prx 2013-10-18 17:29 - 2013-10-18 18:23 - 0000826 _____ () C:\ProgramData\hpzinstall.log 2013-08-01 12:45 - 2013-08-01 12:45 - 0000266 _____ () C:\ProgramData\LEDM_AdaptorInstall.log 2013-12-09 11:21 - 2013-12-09 14:12 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ZeroAccess: C:\Users\MSC\AppData\Local\682008ce C:\Users\MSC\AppData\Local\682008ce\@ Some files in TEMP: ==================== C:\Users\MSC\AppData\Local\Temp\npp.6.7.9.2.Installer.exe C:\Users\MSC\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-23 13:29 ==================== End of log ============================ |
24.07.2015, 16:38 | #10 |
/// the machine /// TB-Ausbilder | http://your-home-page.net Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\dfqc50@ytkxfpxaf.co.uk\content\bg.js D:\Downloads\LOGINventory.v4.5.7.0.1637-BEAN.zip D:\Downloads\VMWare_ESX_v4_1_keygen.zip D:\Downloads\VMware_vCenter_Server_version_5_keygen.zip C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.x64.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir C:\AdwCleaner\Quarantine\C\ProgramData\{e8f62260-3bf5-9a5e-e8f6-622603bf8980}\AOMEI.Dynamic.Disk.Manager.Pro.1.2.0.0.rar.exe.vir C:\Program Files\PC-WELT-Fix-it-Pack\Tools\driveridentifier_setup.exe C:\Program Files (x86)\Avaya\C3000\Fax Printer\pdfspme.dll C:\Qoobox\Quarantine\C\Program Files (x86)\See Results Hub\Extensions\c3cbfe5d-53c1-44f9-8442-6faaf005aaa9.dll.vir C:\Qoobox\Quarantine\C\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\hog1wvxp@mumnjwtj.com\content\bg.js.vir C:\Qoobox\Quarantine\C\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\rbyi2@uibieo.co.uk\content\bg.js.vir C:\swsetup\WinZBas\Setup.exe C:\Tools\ExcelRecovery\setup.exe C:\Users\MSC\AppData\Local\InstallShare\2_16472_installer.exe C:\Windows\Installer\932638.msi C:\Windows\Installer\98d22a2.msi D:\Downloads\HP_ D:\Downloads\Installer D:\Downloads\Installer D:\Downloads\olftag15 - CHIP-Installer.exe D:\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe D:\Downloads\Paragon Partition Manager 2014 Free - CHIP-Installer.exe D:\Downloads\pcwWinFixItPack_setup.exe D:\Downloads\Unlocker1.9.2.exe D:\Downloads\wclassic2 - CHIP-Installer.exe GroupPolicyScripts: Group Policy detected <======= ATTENTION GroupPolicyScripts\User: Group Policy detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Tcpip\Parameters: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{80710E33-1517-4612-A89E-CDD41C5A0DD9}: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{A51701BB-A804-4E1B-8457-21AFA11167D2}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 ZeroAccess: C:\Users\MSC\AppData\Local\682008ce C:\Users\MSC\AppData\Local\682008ce\@ Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.07.2015, 08:39 | #11 |
| http://your-home-page.net Guten Morgen Schrauber, hier ist nur das Fixlog mit dem aktuellen FRST log Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-07-2015 durchgeführt von michael.schmaus an 2015-07-27 09:30:58 Run:1 Gestartet von C:\Users\MSC\Desktop Geladene Profile: michael.schmaus (Verfügbare Profile: Admin & postgres & sysaidinternal & AdminDE & Chris.Oleszczuk & michael.schmaus & michael.schmaus & Administrator) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\dfqc50@ytkxfpxaf.co.uk\content\bg.js D:\Downloads\LOGINventory.v4.5.7.0.1637-BEAN.zip D:\Downloads\VMWare_ESX_v4_1_keygen.zip D:\Downloads\VMware_vCenter_Server_version_5_keygen.zip C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.exe.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.x64.dll.vir C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir C:\AdwCleaner\Quarantine\C\ProgramData\{e8f62260-3bf5-9a5e-e8f6-622603bf8980}\AOMEI.Dynamic.Disk.Manager.Pro.1.2.0.0.rar.exe.vir C:\Program Files\PC-WELT-Fix-it-Pack\Tools\driveridentifier_setup.exe C:\Program Files (x86)\Avaya\C3000\Fax Printer\pdfspme.dll C:\Qoobox\Quarantine\C\Program Files (x86)\See Results Hub\Extensions\c3cbfe5d-53c1-44f9-8442-6faaf005aaa9.dll.vir C:\Qoobox\Quarantine\C\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\hog1wvxp@mumnjwtj.com\content\bg.js.vir C:\Qoobox\Quarantine\C\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\rbyi2@uibieo.co.uk\content\bg.js.vir C:\swsetup\WinZBas\Setup.exe C:\Tools\ExcelRecovery\setup.exe C:\Users\MSC\AppData\Local\InstallShare\2_16472_installer.exe C:\Windows\Installer\932638.msi C:\Windows\Installer\98d22a2.msi D:\Downloads\HP_ D:\Downloads\Installer D:\Downloads\Installer D:\Downloads\olftag15 - CHIP-Installer.exe D:\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe D:\Downloads\Paragon Partition Manager 2014 Free - CHIP-Installer.exe D:\Downloads\pcwWinFixItPack_setup.exe D:\Downloads\Unlocker1.9.2.exe D:\Downloads\wclassic2 - CHIP-Installer.exe GroupPolicyScripts: Group Policy detected <======= ATTENTION GroupPolicyScripts\User: Group Policy detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Tcpip\Parameters: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{80710E33-1517-4612-A89E-CDD41C5A0DD9}: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{A51701BB-A804-4E1B-8457-21AFA11167D2}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 ZeroAccess: C:\Users\MSC\AppData\Local\682008ce C:\Users\MSC\AppData\Local\682008ce\@ Emptytemp: ***************** "C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\dfqc50@ytkxfpxaf.co.uk\content\bg.js" => Datei/Ordner nicht gefunden. D:\Downloads\LOGINventory.v4.5.7.0.1637-BEAN.zip => erfolgreich verschoben. D:\Downloads\VMWare_ESX_v4_1_keygen.zip => erfolgreich verschoben. D:\Downloads\VMware_vCenter_Server_version_5_keygen.zip => erfolgreich verschoben. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.dll.vir => erfolgreich verschoben. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.exe.vir => erfolgreich verschoben. C:\AdwCleaner\Quarantine\C\Program Files (x86)\BRowsiNNgclearrly\XfDXgxTjauslkg.x64.dll.vir => erfolgreich verschoben. C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir => erfolgreich verschoben. C:\AdwCleaner\Quarantine\C\ProgramData\{e8f62260-3bf5-9a5e-e8f6-622603bf8980}\AOMEI.Dynamic.Disk.Manager.Pro.1.2.0.0.rar.exe.vir => erfolgreich verschoben. C:\Program Files\PC-WELT-Fix-it-Pack\Tools\driveridentifier_setup.exe => erfolgreich verschoben. C:\Program Files (x86)\Avaya\C3000\Fax Printer\pdfspme.dll => erfolgreich verschoben. C:\Qoobox\Quarantine\C\Program Files (x86)\See Results Hub\Extensions\c3cbfe5d-53c1-44f9-8442-6faaf005aaa9.dll.vir => erfolgreich verschoben. C:\Qoobox\Quarantine\C\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\hog1wvxp@mumnjwtj.com\content\bg.js.vir => erfolgreich verschoben. C:\Qoobox\Quarantine\C\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\g51m6ksp.default\extensions\rbyi2@uibieo.co.uk\content\bg.js.vir => erfolgreich verschoben. C:\swsetup\WinZBas\Setup.exe => erfolgreich verschoben. C:\Tools\ExcelRecovery\setup.exe => erfolgreich verschoben. C:\Users\MSC\AppData\Local\InstallShare\2_16472_installer.exe => erfolgreich verschoben. C:\Windows\Installer\932638.msi => erfolgreich verschoben. C:\Windows\Installer\98d22a2.msi => erfolgreich verschoben. "D:\Downloads\HP_" => Datei/Ordner nicht gefunden. "D:\Downloads\Installer" => Datei/Ordner nicht gefunden. "D:\Downloads\Installer" => Datei/Ordner nicht gefunden. D:\Downloads\olftag15 - CHIP-Installer.exe => erfolgreich verschoben. D:\Downloads\Paragon Backup Recovery 2014 Free - CHIP-Installer.exe => erfolgreich verschoben. D:\Downloads\Paragon Partition Manager 2014 Free - CHIP-Installer.exe => erfolgreich verschoben. D:\Downloads\pcwWinFixItPack_setup.exe => erfolgreich verschoben. D:\Downloads\Unlocker1.9.2.exe => erfolgreich verschoben. D:\Downloads\wclassic2 - CHIP-Installer.exe => erfolgreich verschoben. C:\Windows\system32\GroupPolicy\Machine => erfolgreich verschoben. C:\Windows\system32\GroupPolicy\GPT.ini => erfolgreich verschoben. C:\Windows\system32\GroupPolicy\User => erfolgreich verschoben. "HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => Wert erfolgreich entfernt HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80710E33-1517-4612-A89E-CDD41C5A0DD9}\\DhcpNameServer => Wert erfolgreich entfernt HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A51701BB-A804-4E1B-8457-21AFA11167D2}\\NameServer => Wert erfolgreich entfernt ZeroAccess: => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden. C:\Users\MSC\AppData\Local\682008ce => erfolgreich verschoben. "C:\Users\MSC\AppData\Local\682008ce\@" => Datei/Ordner nicht gefunden. EmptyTemp: => 117.8 MB temporäre Dateien entfernt. Das System musste neu gestartet werden.. ==== Ende von Fixlog 09:31:10 ==== Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:26-07-2015 durchgeführt von michael.schmaus (Administrator) auf NB1140 (27-07-2015 09:36:58) Gestartet von C:\Users\MSC\Desktop Geladene Profile: michael.schmaus (Verfügbare Profile: Admin & postgres & sysaidinternal & AdminDE & Chris.Oleszczuk & michael.schmaus & michael.schmaus & Administrator) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 10 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Windows\System32\psxss.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Inedo, LLC) C:\Program Files\ProGet\Service\ProGet.Service.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Netop Business Solutions A/S) C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (SEP AG) C:\Program Files\SEPsesam\bin\sesam\sm_main.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (SEP AG) C:\Program Files\SEPsesam\bin\sesam\sm_ctrld_main.exe () C:\Program Files\SEPsesam\bin\sesam\sm_sshd.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (SysAid Technology Ltd.) C:\Program Files\SysAid\SysAidSM.exe (Microsoft Corporation) C:\Windows\SysWOW64\snmp.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe (SysAid Technology Ltd.) C:\Program Files\SysAid\SysAidWorker.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (GFI Software Development Ltd.) C:\Program Files (x86)\PatchManagementInstallation\Agent\lnssatt.exe (Apache Software Foundation) C:\Program Files (x86)\PatchManagementInstallation\Agent\Httpd\bin\httpd.exe (Apache Software Foundation) C:\Program Files (x86)\PatchManagementInstallation\Agent\Httpd\bin\httpd.exe (GFI Software Development Ltd.) C:\Program Files (x86)\PatchManagementInstallation\Agent\mantle.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\cmrcservice.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Microsoft Policy Platform\policyHost.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe (Webroot) C:\Program Files (x86)\Webroot\WRSA.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_x64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Avaya Inc.) C:\Windows\System32\qtsp_sso.exe (Hewlett-Packard Company, L.P.) C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Akamai Technologies, Inc.) C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (ek-soft GmbH) C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (Akamai Technologies, Inc.) C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Microsoft) C:\Program Files (x86)\Avaya\Avaya Microsoft Lync Integration\LyncAddin.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (ek-soft GmbH) C:\Program Files (x86)\CTI\DIALit-Client\TeleTab.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtwLyncIntf\BtwLyncIntf.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [8641536 2014-07-25] (Broadcom Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-07-03] (IDT, Inc.) HKLM\...\Run: [qtsp_sso] => C:\windows\system32\qtsp_sso.exe [1171968 2012-12-21] (Avaya Inc.) HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MultiScreen] => [X] HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358944 2011-01-28] (Acronis) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-08-01] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2013-07-03] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-10-24] (Intel Corporation) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14336 2010-01-15] (IBM Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-02-10] (Hewlett-Packard Company) HKLM-x32\...\Run: [LyncAddin] => C:\Program Files (x86)\Avaya\Avaya Microsoft Lync Integration\LyncAddin.exe [1933824 2012-11-09] (Microsoft) HKLM-x32\...\Run: [Check Point VPN] => C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGui.exe [826832 2013-12-04] (Check Point Software Technologies) HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2014-04-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [MultiScreen] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [822728 2015-07-24] (Webroot) HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [168464 2012-10-25] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [139792 2012-10-25] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5145824 2011-01-28] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Run: [Akamai NetSession Interface] => C:\Users\MSC\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-03-11] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-10-18] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIALit.lnk [2014-11-05] ShortcutTarget: DIALit.lnk -> C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (ek-soft GmbH) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-06] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DIALit.lnk [2014-11-05] ShortcutTarget: DIALit.lnk -> C:\Program Files (x86)\CTI\DIALit-Client\Dialit32.exe (ek-soft GmbH) Startup: C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-08-06] ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\SOFTWARE\Policies\Microsoft\Internet Explorer: Richtlinienbeschränkung <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Microsoft Web Recorder Helper -> {06D7D698-1ECD-407F-A1C9-EFA54860490A} -> C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Console\Microsoft.Mom.RecorderBarBHO.dll [2013-09-06] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-27] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3799292098-3196119086-2381476900-3276 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Keine Datei DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1383306434877 Tcpip\Parameters: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 Tcpip\..\Interfaces\{80710E33-1517-4612-A89E-CDD41C5A0DD9}: [DhcpNameServer] 10.101.0.54 10.101.0.55 10.101.0.5 10.101.0.6 FireFox: ======== FF ProfilePath: C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\103qzzmr.default-1436867989260 FF SearchEngineOrder.2: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] () FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-24] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\MSC\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC) FF Extension: GMX MailCheck - C:\Users\MSC\AppData\Roaming\Mozilla\Firefox\Profiles\103qzzmr.default-1436867989260\Extensions\toolbar@gmx.net [2015-07-23] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-07-30] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-18] FF HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Firefox\Extensions: [firefoxaddon@ek-soft.de] - C:\Program Files (x86)\CTI\DIALit-Client\Firefox FF Extension: ek-soft CTI Add ON - C:\Program Files (x86)\CTI\DIALit-Client\Firefox [2014-06-16] FF HKU\S-1-5-21-3799292098-3196119086-2381476900-3276\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14] CHR Extension: (Google Drive) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-14] CHR Extension: (YouTube) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-14] CHR Extension: (GMX MailCheck) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2015-07-14] CHR Extension: (Google Search) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-14] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14] CHR Extension: (Google Wallet) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-14] CHR Extension: (Gmail) - C:\Users\MSC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14] ==================== Services (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S4 AdtAgent; C:\Windows\system32\AdtAgent.exe [410808 2013-09-06] (Microsoft Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation) R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577712 2014-05-29] (Microsoft Corporation) S3 Cwbrxd; C:\windows\cwbrxd.exe [94208 2010-01-15] (IBM Corporation) [Datei ist nicht signiert] S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [Datei ist nicht signiert] R2 gfi_lanss11_attservice; C:\Program Files (x86)\PatchManagementInstallation\Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-07-14] (SurfRight B.V.) S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-02-10] (Hewlett-Packard Company) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-10-09] (Intel Corporation) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation) R2 INEDOPROGETSVC; C:\Program Files\ProGet\Service\ProGet.Service.exe [133120 2015-07-16] (Inedo, LLC) [Datei ist nicht signiert] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-24] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-10-24] (Intel Corporation) R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.) R2 MSSQL$ACRONIS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 MSSQL$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation) R2 MSSQL$PROGET; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [Datei ist nicht signiert] R2 NetOp Host for NT Service; C:\Program Files (x86)\Netop\Netop Remote Control\Host\NHOSTSVC.EXE [1516568 2010-11-01] (Netop Business Solutions A/S) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [Datei ist nicht signiert] S4 PuranDefrag; C:\windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [Datei ist nicht signiert] R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation) R2 sm_main; C:\Program Files\SEPsesam\bin\sesam\sm_main.exe [362696 2015-03-10] (SEP AG) R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation) S4 SQLAgent$HPWJA; C:\Program Files\Microsoft SQL Server\MSSQL10.HPWJA\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation) R3 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-07-03] (IDT, Inc.) [Datei ist nicht signiert] R2 SysAidAgent; C:\Program Files\SysAid\SysAidSM.exe [23192 2015-04-01] (SysAid Technology Ltd.) S4 System Center Management APM; C:\Program Files\Microsoft System Center 2012 R2\Service Manager\APMDOTNETAgent\InterceptSvc.exe [626872 2013-09-06] (Microsoft Corp.) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [Datei ist nicht signiert] R2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [4880512 2013-12-04] (Check Point Software Technologies) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5894144 2014-07-25] (Broadcom Corporation) [Datei ist nicht signiert] R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [689560 2012-10-18] (Ericsson AB) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [822728 2015-07-24] (Webroot) S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X] S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X] ==================== Drivers (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2014-07-14] (Broadcom Corporation.) S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R3 dwVSCD; C:\Windows\System32\DRIVERS\dwvscd.sys [11904 2010-11-01] (Danware Data A/S) R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB) R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB) R3 h36wgps; C:\Windows\System32\DRIVERS\h36wgps64.sys [103184 2012-03-02] (Ericsson AB) R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2014-05-19] (Paragon Software Group) S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.) S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.) R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [443648 2013-04-22] (MCCI Corporation) R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [455936 2013-04-22] (MCCI Corporation) R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [22272 2013-04-22] (MCCI Corporation) R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [508160 2013-04-22] (MCCI Corporation) R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation) R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-14] (Microsoft Corporation) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) S3 sehutn; C:\Windows\System32\DRIVERS\sehutn.sys [49328 2013-10-08] (SEH Computertechnik GmbH) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-05-09] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-05-09] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700296 2014-05-09] () R3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2012-09-20] (Check Point Software Technologies) R1 vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456952 2013-12-04] (Check Point Software Technologies Ltd.) R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-07-24] (Webroot) R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-25] (Ericsson AB) S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U0 dmboot; No ImagePath U0 SR; No ImagePath U2 srservice; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-07-27 09:30 - 2015-07-27 09:30 - 00000000 ____D C:\Users\MSC\Desktop\FRST-OlderVersion 2015-07-27 09:29 - 2015-07-27 09:36 - 00035572 _____ C:\Users\MSC\Desktop\FRST.txt 2015-07-27 09:29 - 2015-07-27 09:30 - 02146816 _____ (Farbar) C:\Users\MSC\Desktop\FRST64.exe 2015-07-27 09:29 - 2015-07-24 11:01 - 00112785 _____ C:\Users\MSC\Desktop\Addition.txt 2015-07-24 14:24 - 2015-07-24 14:24 - 00000255 _____ C:\Users\MSC\SimpleConfig.ps1 2015-07-24 14:04 - 2015-07-24 14:34 - 00000849 _____ C:\Users\MSC\M2_Demo.ps1 2015-07-24 13:48 - 2015-07-24 15:35 - 00000000 ____D C:\DSC 2015-07-24 13:47 - 2015-07-24 13:48 - 00000412 _____ C:\Users\MSC\LCM_Push_NewWay.ps1 2015-07-24 11:10 - 2015-07-27 09:35 - 00026146 ____N C:\Windows\WindowsUpdate.log 2015-07-24 09:15 - 2015-07-24 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Inedo 2015-07-24 09:14 - 2015-07-24 09:15 - 00000000 ____D C:\ProgramData\ProGet 2015-07-24 09:14 - 2015-07-24 09:14 - 00000000 ____D C:\Program Files\ProGet 2015-07-24 09:04 - 2015-07-24 09:04 - 00003034 _____ C:\Users\MSC\Desktop\(X.systems.press) Peter Monadjemi (auth.)-PowerShell für die Windows-Administration_ Ein kompakter und praxisnaher Überblick-Vieweg+Teubner Verlag (2014).pdf - Verknüpfung.lnk 2015-07-24 08:10 - 2015-07-24 08:17 - 00000000 ____D C:\Users\MSC\Documents\Powershell 2015-07-24 08:01 - 2015-07-24 08:01 - 00022257 _____ C:\Users\MSC\Desktop\Error_ProGet.txt 2015-07-24 08:00 - 2015-07-24 07:58 - 02870984 _____ (ESET) C:\Users\MSC\Desktop\esetsmartinstaller_deu.exe 2015-07-23 15:46 - 2015-07-23 15:46 - 00001617 _____ C:\Users\MSC\Desktop\JRT.txt 2015-07-23 15:34 - 2015-07-23 15:36 - 00001210 _____ C:\mbam.txt 2015-07-23 14:04 - 2015-07-23 14:07 - 00018662 _____ C:\autoreply.txt 2015-07-22 19:23 - 2015-07-22 19:23 - 00000000 ____D C:\Scripts 2015-07-22 18:52 - 2015-07-22 18:52 - 00000000 ____D C:\Users\MSC\AppData\Local\NuGet 2015-07-22 17:13 - 2015-07-22 17:13 - 00000000 ____D C:\Users\MSC\AppData\Roaming\NuGet 2015-07-22 17:12 - 2015-07-22 17:12 - 00000000 ____D C:\Users\MSC\AppData\Local\PackageManagement 2015-07-22 17:12 - 2015-07-22 17:12 - 00000000 ____D C:\Program Files\PackageManagement 2015-07-22 16:57 - 2015-07-22 16:57 - 00000000 ____D C:\Windows\SysWOW64\Configuration 2015-07-22 16:55 - 2015-04-23 05:13 - 02172928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-07-22 16:55 - 2015-04-23 05:13 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Register-CimProvider.exe 2015-07-22 16:55 - 2015-04-23 05:12 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-07-22 16:55 - 2015-04-23 05:12 - 00139264 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\DscCoreConfProv.dll 2015-07-22 16:55 - 2015-04-23 05:12 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmidcom.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll 2015-07-22 16:55 - 2015-04-23 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe 2015-07-22 16:55 - 2015-04-23 05:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prvdmofcomp.dll 2015-07-22 16:55 - 2015-04-23 05:10 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe 2015-07-22 16:55 - 2015-04-23 05:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Management.Infrastructure.Native.Unmanaged.dll 2015-07-22 16:55 - 2015-04-23 05:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll 2015-07-22 16:55 - 2015-04-23 05:09 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00535552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmGCDeps.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mi.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe 2015-07-22 16:55 - 2015-04-23 05:08 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PSModuleDiscoveryProvider.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2015-07-22 16:55 - 2015-04-23 05:08 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2015-07-22 16:55 - 2015-04-23 05:08 - 00001536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00201216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll 2015-07-22 16:55 - 2015-04-23 05:07 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-07-22 16:55 - 2015-04-23 05:06 - 00384512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn2.dll 2015-07-22 16:55 - 2015-04-23 05:05 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mimofcodec.dll 2015-07-22 16:55 - 2015-04-23 05:05 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mibincodec.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2015-07-22 16:55 - 2015-04-23 05:03 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll 2015-07-22 16:55 - 2015-04-23 03:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\DscTimer.dll 2015-07-22 16:55 - 2015-04-23 03:55 - 02613760 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-07-22 16:55 - 2015-04-23 03:55 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\DscProxy.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\mpeval.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\wmidcom.dll 2015-07-22 16:55 - 2015-04-23 03:54 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe 2015-07-22 16:55 - 2015-04-23 03:53 - 00196096 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DscCoreConfProv.dll 2015-07-22 16:55 - 2015-04-23 03:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\prvdmofcomp.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll 2015-07-22 16:55 - 2015-04-23 03:52 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe 2015-07-22 16:55 - 2015-04-23 03:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.Management.Infrastructure.Native.Unmanaged.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll 2015-07-22 16:55 - 2015-04-23 03:51 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe 2015-07-22 16:55 - 2015-04-23 03:51 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\WsmGCDeps.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\mi.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\PSModuleDiscoveryProvider.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-07-22 16:55 - 2015-04-23 03:49 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2015-07-22 16:55 - 2015-04-23 03:49 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll 2015-07-22 16:55 - 2015-04-23 03:47 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn2.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\mpunits.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\mimofcodec.dll 2015-07-22 16:55 - 2015-04-23 03:46 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\mibincodec.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2015-07-22 16:55 - 2015-04-23 03:43 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll 2015-07-22 10:34 - 2015-07-22 10:34 - 00000000 ____D C:\LocalDumps 2015-07-22 09:39 - 2015-07-22 09:39 - 00039270 _____ C:\ComboFix.txt 2015-07-21 13:39 - 2015-07-27 09:36 - 00000000 ____D C:\FRST 2015-07-21 12:54 - 2015-07-02 22:31 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-21 12:54 - 2015-07-02 21:15 - 14384640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-21 12:54 - 2015-07-02 20:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-21 12:54 - 2015-07-02 20:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-21 12:54 - 2015-06-29 15:30 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-21 12:54 - 2015-06-29 15:27 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 13771264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-21 12:54 - 2015-06-17 15:28 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-21 12:54 - 2015-06-17 15:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-21 12:54 - 2015-06-17 15:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-21 12:54 - 2015-06-17 15:26 - 15415296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-21 12:54 - 2015-06-17 15:26 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-21 12:54 - 2015-06-17 15:26 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-21 12:54 - 2015-06-11 20:03 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-21 12:54 - 2015-06-11 19:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-21 12:54 - 2015-06-11 19:38 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-07-21 12:54 - 2015-06-11 19:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-07-21 12:53 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-21 12:53 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-21 12:53 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-21 12:53 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-21 12:53 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-21 12:53 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-20 16:42 - 2015-07-20 16:42 - 00000000 ____D C:\Users\MSC\AppData\Local\CEF 2015-07-20 13:21 - 2015-07-20 13:21 - 00000000 ____D C:\ProgramData\VIPRE 2015-07-20 13:21 - 2015-07-20 13:21 - 00000000 ____D C:\Program Files\Common Files\AV 2015-07-20 13:12 - 2015-07-21 15:26 - 00000000 ____D C:\ProgramData\STOPzilla! 2015-07-20 13:12 - 2015-07-20 13:12 - 00000000 ____D C:\Program Files (x86)\iS3 2015-07-20 12:41 - 2015-07-20 13:00 - 00000000 ____D C:\ProgramData\{cd5b4ee3-71a9-ecd7-cd5b-b4ee371a3b8d} 2015-07-16 09:31 - 2015-07-16 09:31 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-15 10:21 - 2015-03-30 00:47 - 00083624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 10:21 - 2015-03-30 00:43 - 00089264 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4042.0.dll 2015-07-15 10:10 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-15 10:10 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-15 10:10 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-07-15 10:10 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-15 10:10 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-15 10:10 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-15 10:10 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-07-15 10:10 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-07-15 10:10 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-07-15 10:10 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-07-15 10:09 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2015-07-15 09:26 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 09:26 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 09:26 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 09:26 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-15 09:26 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-07-15 09:26 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-07-15 09:26 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-07-15 09:26 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-07-15 09:26 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-07-15 09:26 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-07-15 09:26 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-07-15 09:26 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-07-15 09:26 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-07-15 09:26 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-07-15 09:26 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-07-15 09:26 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-07-15 09:26 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-07-15 09:26 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-07-15 09:26 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 09:26 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 09:26 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 09:26 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-15 09:26 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 09:26 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 09:26 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-15 09:26 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-15 09:26 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-15 09:26 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 09:26 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 09:26 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 09:26 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-15 09:26 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 09:26 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-15 09:26 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-07-15 09:26 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-07-15 09:26 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-07-15 09:26 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-07-15 09:26 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-07-15 09:26 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-07-15 09:26 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-15 09:26 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-14 14:54 - 2015-07-14 14:54 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-14 14:54 - 2015-07-14 14:54 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-07-14 14:54 - 2015-07-14 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-14 14:21 - 2015-07-15 09:33 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-14 14:21 - 2015-07-14 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-14 14:20 - 2015-07-27 09:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-14 14:20 - 2015-07-27 09:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-14 14:20 - 2015-07-16 09:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-14 14:20 - 2015-07-16 09:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-14 13:47 - 2015-07-14 13:47 - 00000207 _____ C:\Windows\tweaking.com-regbackup-NB1140-Windows-7-Ultimate-(64-bit).dat 2015-07-14 13:47 - 2015-07-14 13:47 - 00000000 ____D C:\RegBackup 2015-07-14 13:43 - 2015-07-14 13:43 - 03034266 _____ (Malwarebytes Corporation) C:\Users\MSC\Desktop\JRT.exe 2015-07-14 11:59 - 2015-07-14 11:59 - 00000000 ____D C:\Users\MSC\Desktop\Alte Firefox-Daten 2015-07-14 10:47 - 2015-07-20 13:00 - 00000410 _____ C:\Windows\system32\.crusader 2015-07-14 10:40 - 2015-07-14 10:40 - 00001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2015-07-14 10:40 - 2015-07-14 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-07-13 18:01 - 2015-07-13 18:01 - 00002018 _____ C:\Users\MSC\Documents\Silverlieght in allen Browsern aktivieren.txt 2015-07-13 14:17 - 2015-07-14 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-13 14:08 - 2015-07-13 14:08 - 00003122 _____ C:\Windows\System32\Tasks\Samsung_PSSD_Registration 2015-07-13 11:30 - 2015-07-13 11:29 - 02248704 _____ C:\Users\MSC\Desktop\adwcleaner_4.208.exe 2015-07-13 11:09 - 2015-04-08 18:32 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak 2015-07-07 08:55 - 2015-07-07 08:55 - 00000000 ____D C:\Users\MSC\AppData\Roaming\SysAid 2015-07-03 09:33 - 2015-07-27 09:30 - 00006026 _____ C:\Users\MSC\Documents\ETG-Server.rdg 2015-07-02 13:41 - 2011-08-04 00:48 - 120893960 _____ (Oracle ) C:\Users\MSC\Downloads\SmartView.exe 2015-07-02 08:50 - 2015-07-02 08:50 - 00001088 _____ C:\Users\MSC\Documents\WER_Debug.reg 2015-07-02 08:44 - 2015-07-16 10:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-07-02 08:44 - 2015-07-02 08:44 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-07-01 11:23 - 2015-07-01 11:23 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk 2015-07-01 11:23 - 2015-07-01 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files\iTunes 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files\iPod 2015-07-01 11:22 - 2015-07-01 11:22 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-06-30 08:26 - 2015-06-30 14:21 - 00002234 ____H C:\Users\adminde\Documents\Default.rdp 2015-06-30 08:26 - 2015-06-30 08:26 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Intel Corporation 2015-06-30 08:25 - 2015-06-30 14:19 - 00000000 ____D C:\Users\adminde\Tracing 2015-06-30 08:25 - 2015-06-30 08:25 - 00124488 _____ C:\Users\adminde\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\Documents\IBM 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\Documents\Bluetooth Exchange Folder 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Synaptics 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\ICAClient 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\IBM 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\hpqLog 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Hewlett-Packard 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Avaya 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Apple Computer 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Packages 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Hewlett-Packard_Developme 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Citrix 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Broadcom 2015-06-30 08:25 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Local\Adobe 2015-06-30 08:24 - 2015-07-20 11:05 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0B921448-3CB6-4172-AC13-1384D54539F1} 2015-06-30 08:24 - 2015-07-20 11:05 - 00001200 __RSH C:\Users\adminde\ntuser.pol 2015-06-30 08:24 - 2015-07-20 11:05 - 00000000 ____D C:\Users\adminde 2015-06-30 08:24 - 2015-06-30 08:25 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Adobe 2015-06-30 08:24 - 2015-06-30 08:24 - 00001425 _____ C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Vorlagen 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Startmenü 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Netzwerkumgebung 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Lokale Einstellungen 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Eigene Dateien 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Druckumgebung 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Documents\Eigene Musik 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Documents\Eigene Bilder 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Local\Verlauf 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\AppData\Local\Anwendungsdaten 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 _SHDL C:\Users\adminde\Anwendungsdaten 2015-06-30 08:24 - 2015-06-30 08:24 - 00000000 ____D C:\Users\adminde\AppData\Local\Google 2015-06-30 08:24 - 2013-09-12 15:58 - 00000000 ____D C:\Users\adminde\AppData\Roaming\Macromedia 2015-06-30 08:24 - 2013-07-20 07:02 - 00000000 ____D C:\Users\adminde\AppData\Local\Microsoft Help 2015-06-30 08:24 - 2013-04-14 01:33 - 00000000 ___HD C:\Users\adminde\Documents\hp.system.package.metadata 2015-06-30 08:24 - 2011-02-11 07:19 - 00000020 ___SH C:\Users\adminde\ntuser.ini 2015-06-30 08:24 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-06-30 08:24 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\adminde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-06-27 12:29 - 2015-06-27 12:29 - 00000000 ___SD C:\Windows\system32\GWX 2015-06-27 12:27 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-27 12:27 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-27 12:27 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-27 12:27 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-27 12:27 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-27 12:27 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-27 12:27 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-27 12:27 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-27 12:27 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-27 12:27 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-27 12:27 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-27 12:27 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-27 12:27 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-27 12:27 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-27 12:27 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-27 12:27 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-27 12:27 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-27 12:27 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-27 12:27 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-07-27 09:36 - 2014-01-31 10:49 - 00000000 ____D C:\Users\MSC\Tracing 2015-07-27 09:36 - 2013-07-30 13:45 - 00000492 __RSH C:\Users\MSC\ntuser.pol 2015-07-27 09:36 - 2013-07-30 12:45 - 00000000 ____D C:\Users\MSC 2015-07-27 09:36 - 2013-04-13 22:35 - 01040974 _____ C:\Windows\system32\perfh007.dat 2015-07-27 09:36 - 2013-04-13 22:35 - 00273456 _____ C:\Windows\system32\perfc007.dat 2015-07-27 09:36 - 2012-02-09 12:10 - 00000000 ____D C:\Users\MSC\Documents\DIALIT 2015-07-27 09:36 - 2009-07-14 07:13 - 02553832 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-27 09:34 - 2013-07-05 11:11 - 00000580 _____ C:\Windows\SMSCFG.ini 2015-07-27 09:34 - 2013-07-03 14:11 - 00025130 __RSH C:\ProgramData\ntuser.pol 2015-07-27 09:34 - 2013-07-03 12:02 - 00002072 _____ C:\Windows\system32\config\netlogon.ftl 2015-07-27 09:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\inetsrv 2015-07-27 09:32 - 2015-05-29 10:52 - 00000782 _____ C:\Users\Public\Desktop\SysAid.lnk 2015-07-27 09:32 - 2015-05-29 10:52 - 00000000 ____D C:\Program Files\SysAid 2015-07-27 09:31 - 2014-11-14 13:14 - 00000000 ____D C:\ProgramData\WRData 2015-07-27 09:31 - 2014-08-15 14:19 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-07-27 09:31 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\InstallShare 2015-07-27 09:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-27 09:31 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-07-27 09:27 - 2009-07-14 06:45 - 00042336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-27 09:27 - 2009-07-14 06:45 - 00042336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-27 09:21 - 2013-04-14 01:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-24 15:42 - 2012-02-09 16:30 - 00000000 ____D C:\Users\MSC\Documents\Outlook-Dateien 2015-07-24 13:10 - 2014-11-14 13:14 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll 2015-07-24 13:10 - 2014-11-14 13:14 - 00116224 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys 2015-07-24 13:10 - 2014-11-14 13:14 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll 2015-07-24 11:05 - 2015-05-20 10:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-24 11:04 - 2013-07-30 18:09 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Notepad++ 2015-07-24 10:59 - 2015-01-29 16:23 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2015-07-24 09:14 - 2013-08-01 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server 2015-07-24 09:14 - 2013-04-14 01:02 - 02449500 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-07-24 08:54 - 2012-02-09 16:12 - 00000000 ____D C:\Users\MSC\Documents\WindowsPowershell 2015-07-24 07:59 - 2013-10-15 09:36 - 00852662 _____ C:\Users\MSC\Desktop\SecurityCheck.exe 2015-07-24 07:36 - 2013-08-02 09:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2015-07-24 07:31 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\CrashDumps 2015-07-23 15:39 - 2013-10-14 12:14 - 00000000 ____D C:\AdwCleaner 2015-07-23 10:25 - 2009-07-14 06:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-07-23 09:15 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Deployment 2015-07-22 18:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Windows\system32\dsc 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Windows\system32\Configuration 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Program Files\WindowsPowerShell 2015-07-22 16:57 - 2013-11-07 14:59 - 00000000 ____D C:\Program Files (x86)\WindowsPowerShell 2015-07-22 16:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-22 09:39 - 2013-11-15 10:41 - 00000000 ____D C:\Qoobox 2015-07-22 09:39 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Apps\2.0 2015-07-22 09:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-07-22 09:28 - 2013-11-15 10:38 - 05632853 ____R (Swearware) C:\Users\MSC\Desktop\ComboFix.exe 2015-07-21 13:34 - 2011-02-11 07:14 - 00000000 ____D C:\Windows\Panther 2015-07-21 13:29 - 2009-07-14 06:45 - 00529888 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-21 07:47 - 2013-06-21 00:13 - 00000000 ____D C:\Windows\Hewlett-Packard 2015-07-20 16:03 - 2013-10-14 12:11 - 00000000 ____D C:\Program Files\HitmanPro 2015-07-20 15:45 - 2013-07-30 18:13 - 00000600 _____ C:\Users\MSC\AppData\Roaming\winscp.rnd 2015-07-20 15:45 - 2013-07-30 18:07 - 00000600 _____ C:\Users\MSC\AppData\Local\PUTTY.RND 2015-07-20 11:11 - 2013-08-01 12:49 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{02EBB676-2F51-4EB5-BF5C-EFF12763F7AF} 2015-07-20 10:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool 2015-07-17 13:06 - 2015-01-26 13:24 - 00000000 ____D C:\Program Files\Java 2015-07-17 12:45 - 2015-01-26 13:24 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-07-17 10:28 - 2012-02-09 16:30 - 00000000 ____D C:\Users\MSC\IPViewer 2015-07-17 08:19 - 2013-07-30 12:05 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk 2015-07-17 08:19 - 2013-07-30 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 2015-07-15 11:21 - 2013-11-20 19:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-15 11:21 - 2013-04-14 01:38 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-15 11:21 - 2013-04-14 01:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-15 10:50 - 2014-12-10 19:58 - 00000000 ____D C:\Windows\system32\appraiser 2015-07-15 10:50 - 2014-05-05 09:18 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-15 10:23 - 2013-07-19 13:08 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-15 10:20 - 2013-08-01 12:34 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2015-07-15 10:17 - 2013-07-25 17:46 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 14:36 - 2014-06-16 11:18 - 00001062 _____ C:\Users\Public\Desktop\DIALit.lnk 2015-07-14 14:36 - 2014-06-16 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIALit 2015-07-14 14:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Speech 2015-07-14 14:21 - 2015-01-27 16:16 - 00000000 ____D C:\Program Files (x86)\Google 2015-07-14 14:21 - 2013-07-30 18:04 - 00000000 ____D C:\Users\MSC\AppData\Local\Google 2015-07-14 10:47 - 2014-07-26 10:46 - 00000000 ____D C:\Users\MSC\AppData\Roaming\NirSoft Utilities 2015-07-14 10:47 - 2013-10-14 12:06 - 00000000 ____D C:\ProgramData\HitmanPro 2015-07-14 09:04 - 2013-07-05 11:09 - 00000000 ____D C:\Windows\ccmsetup 2015-07-13 11:08 - 2015-05-27 14:47 - 00002549 _____ C:\Users\Public\Desktop\Paragon Backup and Recovery™ 2014 Free.lnk 2015-07-13 11:08 - 2013-07-30 13:49 - 00001527 _____ C:\Users\MSC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-13 11:08 - 2013-07-03 10:57 - 00001529 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-13 11:08 - 2013-07-03 10:57 - 00001523 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-07-13 09:20 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-07 08:56 - 2014-05-14 09:38 - 00000000 ____D C:\Program Files (x86)\Citrix 2015-07-07 08:55 - 2013-07-03 14:17 - 00000000 ____D C:\Windows\system32\appmgmt 2015-07-07 08:55 - 2013-04-14 01:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-06 17:38 - 2012-02-08 15:35 - 00000000 ____D C:\Temp 2015-07-03 09:17 - 2015-02-17 08:23 - 00006219 _____ C:\Users\MSC\Documents\ETS-Server.rdg.old 2015-07-03 08:43 - 2013-07-25 17:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-07-02 13:59 - 2013-07-30 13:49 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Adobe 2015-07-02 13:58 - 2014-08-22 10:32 - 00000000 ____D C:\Users\MSC\AppData\Local\Adobe 2015-07-02 11:29 - 2014-11-12 12:43 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieBrowserModeList 2015-07-02 11:29 - 2014-04-09 14:33 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieUserList 2015-07-02 11:29 - 2014-04-09 14:33 - 00000000 __SHD C:\Users\MSC\AppData\Local\EmieSiteList 2015-07-02 08:44 - 2013-07-30 12:03 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-02 08:43 - 2013-07-30 12:03 - 00000000 ____D C:\ProgramData\Adobe 2015-07-01 11:26 - 2013-07-30 18:09 - 00000000 ____D C:\Users\MSC\AppData\Roaming\Apple Computer 2015-07-01 11:22 - 2015-03-18 14:44 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-07-01 11:22 - 2015-03-18 14:44 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-06-30 09:18 - 2015-04-14 15:02 - 00000000 ____D C:\Users\MSC\Documents\Wohnung 2015-06-30 08:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2015-06-29 08:43 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-06-29 08:43 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-06-27 12:29 - 2014-09-09 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync 2015-06-27 12:29 - 2014-09-09 12:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync 2015-06-27 12:28 - 2014-09-09 12:36 - 00000000 ____D C:\Program Files\Microsoft Lync 2015-06-27 12:28 - 2013-07-25 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2013-07-30 18:12 - 2013-01-24 18:35 - 0023176 _____ () C:\Users\MSC\AppData\Roaming\Kommagetrennte Werte (Windows).ADR 2013-07-30 18:12 - 2014-10-06 12:53 - 0023164 _____ () C:\Users\MSC\AppData\Roaming\Microsoft Excel 97-2003.ADR 2013-11-08 14:24 - 2015-02-09 18:50 - 0081642 _____ () C:\Users\MSC\AppData\Roaming\MultiScreen_log.log 2015-04-16 08:46 - 2015-04-16 08:46 - 0033193 _____ () C:\Users\MSC\AppData\Roaming\UserTile.png 2013-07-30 18:13 - 2015-07-20 15:45 - 0000600 _____ () C:\Users\MSC\AppData\Roaming\winscp.rnd 2013-07-30 18:04 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\AtStart.txt 2013-07-30 18:04 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\DSwitch.txt 2013-07-30 18:07 - 2015-07-20 15:45 - 0000600 _____ () C:\Users\MSC\AppData\Local\PUTTY.RND 2013-07-30 18:07 - 2012-10-31 16:05 - 0000000 _____ () C:\Users\MSC\AppData\Local\QSwitch.txt 2013-07-30 18:07 - 2012-12-02 16:08 - 0001832 _____ () C:\Users\MSC\AppData\Local\SLC_msc.prx 2013-10-18 17:29 - 2013-10-18 18:23 - 0000826 _____ () C:\ProgramData\hpzinstall.log 2013-08-01 12:45 - 2013-08-01 12:45 - 0000266 _____ () C:\ProgramData\LEDM_AdaptorInstall.log 2013-12-09 11:21 - 2013-12-09 14:12 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap Check ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\System32\winlogon.exe => Datei ist digital signiert C:\Windows\System32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\System32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\System32\services.exe => Datei ist digital signiert C:\Windows\System32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\System32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\System32\rpcss.dll => Datei ist digital signiert C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-07-23 13:29 ==================== Ende von log ============================ |
28.07.2015, 06:41 | #12 | |
/// the machine /// TB-Ausbilder | http://your-home-page.netZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
28.07.2015, 07:16 | #13 |
| http://your-home-page.net Ja, das passt. Sind unsere DNS-Server. Gruß, Michael |
28.07.2015, 11:24 | #14 |
/// the machine /// TB-Ausbilder | http://your-home-page.net ok Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu http://your-home-page.net |
adobe, akamai, antivirus, bonjour, browser, combofix, computer, defender, desktop, excel, explorer, firefox, flash player, google, installation, mozilla, registry, rundll, scan, security, software, system, usb, windows, winlogon.exe |