Trojaner-Board - Windows 7, diverse Trojaner? ungewollte "Programme"

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7, diverse Trojaner? ungewollte "Programme" (https://www.trojaner-board.de/164162-windows-7-diverse-trojaner-ungewollte-programme.html)

Windows 7, diverse Trojaner? ungewollte "Programme"

Hallo zusammen!

Ich habe hier ein Problem mit nem Netbook von meinem Vater der sich wohl so einiges eingefangen hat...

Ein Programm versucht sich ständig "upzudaten": "continue live installation", der Browser verhielt sich komisch mit viel Werbung und die Tabs erhielten "taplika" als Adresse, nen Programm "shoperz" & "RocketTab" war/ist installiert...

Ich habe gestern Malwarebyte laufen lassen, leider finde ich das LOG gerade nicht, sorry.

Hier die heutigen LOGs entsprechend der Anleitung "Für alle Hilfe suchenden"

Würde mich freuen wenn mir bei diesem Problem jemand behilflich sein könnte! Dafür jetzt schonmal Danke!

Gruß
Rik

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 15:34 on 18/02/2015 (PePur)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015

Ran by PePur (administrator) on NETBOOK on 18-02-2015 15:40:31

Running from E:\Trojaner

Loaded Profiles: PePur (Available profiles: PePur)

Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: taplika.exe)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files\WinZipper\winzipersvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe

() C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\JOSrv.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

() C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe

() C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsh910.tmp

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe

(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

() E:\Trojaner\Defogger.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-21] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1529128 2009-05-29] (Synaptics Incorporated)

HKLM\...\Run: [VeriFaceManager] => C:\Program Files\Lenovo\VeriFace\PManage.exe

HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)

HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-27] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-04-23] (Microsoft Corporation)

AppInit_DLLs: C:/PROGRA~2/{B4E05~1/171~1.0/tare.dll => C:/PROGRA~2/{B4E05~1/171~1.0/tare.dll [649216 2015-02-17] ()

IFEO\bbqleads.exe: [Debugger] TaskList.exe

IFEO\bbqleadsapplication.exe: [Debugger] TaskList.exe

IFEO\bbqleadsservice.exe: [Debugger] TaskList.exe

IFEO\bbqquotes.exe: [Debugger] TaskList.exe

IFEO\ContentExplorer.exe: [Debugger] TaskList.exe

IFEO\donutleads.exe: [Debugger] TaskList.exe

IFEO\donutquotes.exe: [Debugger] TaskList.exe

IFEO\internetenhancer.exe: [Debugger] TaskList.exe

IFEO\internetenhancerservice.exe: [Debugger] TaskList.exe

IFEO\pastaleads.exe: [Debugger] TaskList.exe

IFEO\pastaquotes.exe: [Debugger] TaskList.exe

IFEO\theanswerfinder.exe: [Debugger] TaskList.exe

IFEO\wajaminternetenhancer.exe: [Debugger] TaskList.exe

IFEO\WajamInternetEnhancerApp.exe: [Debugger] TaskList.exe

IFEO\WajamInternetEnhancerAppservice.exe: [Debugger] TaskList.exe

IFEO\wajaminternetenhancerservice.exe: [Debugger] TaskList.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\PePur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398089536&from=smt&uid=WDCXWD1600BEVT-22ZCT0_WD-WXB0A793321633216&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398089536&from=smt&uid=WDCXWD1600BEVT-22ZCT0_WD-WXB0A793321633216&q={searchTerms}

HKU\S-1-5-21-4185872467-282433234-656447781-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1420113157&from=wpm12311&uid=WDCXWD1600BEVT-22ZCT0_WD-WXB0A793321633216&q={searchTerms}

SearchScopes: HKU\S-1-5-21-4185872467-282433234-656447781-1000 -> DefaultScope {EBFB468A-B909-4032-BF5C-C09A2905ED79} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto15_15_08&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByC0B0AtAtB0ByCtDyC0FtAtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyBtA0C0C0D0E0EtGzytA0ByCtGyD0DtA0EtGtByDyD0AtGtAtC0AtAtD0AtDyDtD0BtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzyyBzzyEyD0A0DtGzz0AyDyCtGyE0FyCyEtGzytAtC0FtG0CyD0CyC0ByEtCyDyCtA0D0D2Q&cr=1465210661&ir=

SearchScopes: HKU\S-1-5-21-4185872467-282433234-656447781-1000 -> {EBFB468A-B909-4032-BF5C-C09A2905ED79} URL = hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto15_15_08&cd=2XzuyEtN2Y1L1QzutD0CyCtDyByC0B0AtAtB0ByCtDyC0FtAtN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyCyBtA0C0C0D0E0EtGzytA0ByCtGyD0DtA0EtGtByDyD0AtGtAtC0AtAtD0AtDyDtD0BtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzyyBzzyEyD0A0DtGzz0AyDyCtGyE0FyCyEtGzytAtC0FtG0CyD0CyC0ByEtCyDyCtA0D0D2Q&cr=1465210661&ir=

BHO: Faostsalleri -> {06e9cb53-73dd-4ff2-812f-2aac9329ea08} -> C:\Program Files\Faostsalleri\trcZ1oaOOMATDU.dll ()

BHO: nitrOadeoail -> {88ba1417-45de-4a4e-9ed6-45b77d37ff45} -> C:\Program Files\nitrOadeoail\ajwDSCHIP23pfI.dll ()

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 212.37.37.50

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Firefox\Extensions: [{E778513A-4128-E4CB-BEF2-7F4E0841656E}] - C:\Program Files\ver9TheBestDeals\189.xpi
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 38a94c45; c:\Program Files\RelayEdit\RelayEdit.dll [1648640 2015-02-17] () [File not signed]

S2 bb1a24ab; c:\Program Files\RelayStasis\RelayStasis.dll [1625600 2015-02-17] () [File not signed]

R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [582944 2009-08-11] (Broadcom Corporation.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 EpsonScanSvc; C:\windows\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)

R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [441176 2014-08-27] (Garmin Ltd or its subsidiaries)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)

R2 serverjo; C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\JOSrv.exe [128000 2015-02-17] () [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [425136 2014-12-31] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

R2 WMCoreService; C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [430080 2009-09-24] () [File not signed]

R2 wynyliho; C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsh910.tmp [192000 2015-02-17] () [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)

R3 e36gbus; C:\windows\System32\DRIVERS\e36gbus.sys [285056 2009-06-30] (MCCI Corporation)

R3 e36gmdfl; C:\windows\System32\DRIVERS\e36gmdfl.sys [14848 2009-06-30] (MCCI Corporation)

R3 e36gmdm; C:\windows\System32\DRIVERS\e36gmdm.sys [374272 2009-06-30] (MCCI Corporation)

R3 e36gmgmt; C:\windows\System32\DRIVERS\e36gmgmt.sys [357376 2009-06-30] (MCCI Corporation)

R3 e36wgps; C:\windows\System32\DRIVERS\e36wgps.sys [82984 2009-07-10] (Ericsson AB)

R3 ecnssndis; C:\windows\System32\Drivers\wwanuss.sys [10240 2009-09-22] (Ericsson AB)

R3 ecnssndisfltr; C:\windows\System32\Drivers\wwanussf.sys [14848 2009-09-22] (Ericsson AB)

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)

R1 MpKsl0b3c83ef; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F223AF6F-5B48-424C-89F1-52C09F236F2C}\MpKsl0b3c83ef.sys [39464 2015-02-18] (Microsoft Corporation)

R1 MpKslc1659fc8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F223AF6F-5B48-424C-89F1-52C09F236F2C}\MpKslc1659fc8.sys [39464 2015-02-17] (Microsoft Corporation)

R2 webTinstMK; C:\windows\system32\Drivers\webTinstMK.sys [43560 2015-02-17] ()

S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

R3 WwanUsbServ; C:\windows\System32\DRIVERS\WwanUsbMp.sys [216616 2009-09-22] (Ericsson AB)

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-18 15:40 - 2015-02-18 15:40 - 00000000 ____D () C:\FRST

2015-02-18 15:34 - 2015-02-18 15:34 - 00000000 _____ () C:\Users\PePur\defogger_reenable

2015-02-18 14:55 - 2015-02-18 14:56 - 00000000 ____D () C:\Program Files\Custom RSS News

2015-02-18 14:54 - 2015-02-18 14:56 - 00000000 ____D () C:\Program Files\nitrOadeoail

2015-02-18 14:54 - 2015-02-18 14:56 - 00000000 ____D () C:\Program Files\laowrratte

2015-02-18 14:51 - 2015-02-18 14:55 - 00000000 ____D () C:\Program Files\Faostsalleri

2015-02-18 14:50 - 2015-02-18 14:55 - 00000000 ____D () C:\Program Files\buyandbirowsoe

2015-02-18 14:49 - 2015-02-18 14:55 - 00000000 ____D () C:\ProgramData\12866579417585573116

2015-02-18 14:48 - 2015-02-18 14:53 - 00000000 ____D () C:\Program Files\ccheaPP4aalLL

2015-02-17 21:51 - 2015-02-18 14:18 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-17 21:49 - 2015-02-17 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-17 21:48 - 2015-02-17 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-02-17 21:48 - 2015-02-17 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-17 21:48 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2015-02-17 21:48 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2015-02-17 21:48 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2015-02-17 20:29 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll

2015-02-17 20:29 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys

2015-02-17 20:29 - 2012-08-23 14:52 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll

2015-02-17 20:29 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll

2015-02-17 20:29 - 2012-08-23 11:08 - 02739712 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2015-02-17 20:12 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2015-02-17 20:03 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2015-02-17 20:03 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-02-17 20:03 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-02-17 20:03 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2015-02-17 20:03 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2015-02-17 20:03 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2015-02-17 20:03 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2015-02-17 20:03 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2015-02-17 20:03 - 2013-10-02 00:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2015-02-17 20:03 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2015-02-17 20:03 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2015-02-17 20:03 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2015-02-17 19:48 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll

2015-02-17 19:36 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe

2015-02-17 19:36 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll

2015-02-17 19:36 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys

2015-02-17 19:36 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys

2015-02-17 19:36 - 2012-06-02 15:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2015-02-17 19:29 - 2015-02-18 13:52 - 00000065 _____ () C:\Users\PePur\AppData\Roaming\WB.CFG

2015-02-17 18:26 - 2015-02-17 18:26 - 00000000 ____D () C:\ProgramData\{B4E05C23-E462-8DA5-55E4-FD2785662EA9}

2015-02-17 18:23 - 2015-02-17 21:22 - 00000364 _____ () C:\windows\Tasks\APSnotifierPP3.job

2015-02-17 18:23 - 2015-02-17 21:22 - 00000364 _____ () C:\windows\Tasks\APSnotifierPP2.job

2015-02-17 18:23 - 2015-02-17 18:43 - 00000366 _____ () C:\windows\Tasks\APSnotifierPP1.job

2015-02-17 18:19 - 2015-02-17 18:18 - 00628496 _____ (CMI Limited) C:\Users\PePur\AppData\Local\nsjD34.tmp

2015-02-17 18:18 - 2015-02-17 18:18 - 00000000 __SHD () C:\Users\PePur\AppData\Roaming\AnyProtectEx

2015-02-17 17:58 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll

2015-02-17 17:58 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll

2015-02-17 17:58 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe

2015-02-17 17:57 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll

2015-02-17 17:56 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll

2015-02-17 17:56 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll

2015-02-17 17:56 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll

2015-02-17 17:56 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll

2015-02-17 17:56 - 2012-07-06 20:23 - 00393728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys

2015-02-17 17:55 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL

2015-02-17 17:55 - 2014-07-08 23:30 - 00419992 _____ () C:\windows\system32\locale.nls

2015-02-17 17:55 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll

2015-02-17 17:55 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll

2015-02-17 17:55 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll

2015-02-17 17:55 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys

2015-02-17 17:54 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll

2015-02-17 17:54 - 2014-02-04 03:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys

2015-02-17 17:54 - 2014-02-04 03:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys

2015-02-17 17:54 - 2014-02-04 03:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys

2015-02-17 17:54 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll

2015-02-17 17:54 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys

2015-02-17 17:53 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2015-02-17 17:53 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2015-02-17 17:53 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2015-02-17 17:52 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll

2015-02-17 17:52 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2015-02-17 17:52 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2015-02-17 17:51 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2015-02-17 17:51 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2015-02-17 17:51 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2015-02-17 17:51 - 2014-01-24 03:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

2015-02-17 17:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll

2015-02-17 17:51 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys

2015-02-17 17:51 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys

2015-02-17 17:38 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe

2015-02-17 17:38 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\windows\system32\esent.dll

2015-02-17 17:37 - 2011-03-11 06:39 - 00143744 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys

2015-02-17 17:37 - 2011-03-11 06:39 - 00117120 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00332160 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00080256 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00022400 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys

2015-02-17 17:37 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\fsutil.exe

2015-02-17 17:37 - 2011-03-11 05:01 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS

2015-02-17 17:32 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2015-02-17 17:29 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll

2015-02-17 17:29 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll

2015-02-17 17:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2015-02-17 17:27 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2015-02-17 17:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll

2015-02-17 16:59 - 2015-02-18 14:54 - 00001049 _____ () C:\Users\PePur\Desktop\Continue Live Installation.lnk

2015-02-17 16:38 - 2015-02-18 13:51 - 00000000 ____D () C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC

2015-02-17 16:34 - 2015-02-17 16:34 - 00043560 _____ () C:\windows\system32\Drivers\webTinstMK.sys

2015-02-17 16:34 - 2015-02-17 16:34 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf

2015-02-17 16:23 - 2015-02-17 16:23 - 00000000 ____D () C:\Program Files\RelayStasis

2015-02-17 16:15 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-02-17 16:15 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2015-02-17 16:15 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2015-02-17 16:15 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2015-02-17 16:15 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-02-17 16:15 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe

2015-02-17 16:15 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2015-02-17 16:15 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2015-02-17 16:15 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-02-17 16:15 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll

2015-02-17 16:15 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-02-17 16:15 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2015-02-17 16:14 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe

2015-02-17 16:14 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-02-17 16:09 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-02-17 16:07 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-02-17 16:07 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-02-17 16:07 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-02-17 16:07 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-02-17 16:07 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-02-17 16:07 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-02-17 16:07 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-02-17 16:07 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-02-17 16:07 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-02-17 16:07 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-02-17 16:07 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-02-17 16:07 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-02-17 16:07 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-02-17 16:07 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-02-17 16:07 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-02-17 16:07 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-02-17 16:07 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-02-17 16:07 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-02-17 16:07 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-02-17 16:07 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-02-17 16:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-02-17 16:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-02-17 16:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-02-17 16:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-02-17 16:06 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-02-17 16:06 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-02-17 16:06 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-02-17 16:06 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-02-17 16:06 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-02-17 16:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-02-17 15:54 - 2015-02-17 15:54 - 00000000 ____D () C:\ProgramData\shoppilation

2015-02-17 15:51 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2015-02-17 15:51 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll

2015-02-17 15:31 - 2015-02-17 15:31 - 00000000 ____D () C:\Program Files\RelayEdit

2015-02-17 14:40 - 2015-02-17 14:40 - 00000000 ____D () C:\Program Files\predm

2015-01-19 21:53 - 2015-01-19 21:53 - 00000000 ____D () C:\Users\PePur\AppData\Local\b69ba874-d850-4c43-a0aa-753d45c167b4
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-18 15:35 - 2009-11-02 09:59 - 01618320 _____ () C:\windows\system32\PerfStringBackup.INI

2015-02-18 15:34 - 2014-04-21 12:23 - 00000000 ____D () C:\Users\PePur

2015-02-18 15:33 - 2009-07-14 05:39 - 00100084 _____ () C:\windows\setupact.log

2015-02-18 15:27 - 2014-09-18 15:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-02-18 15:05 - 2009-12-08 07:51 - 01411900 _____ () C:\windows\WindowsUpdate.log

2015-02-18 14:46 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\system32\FxsTmp

2015-02-18 14:44 - 2014-06-15 14:44 - 00000917 _____ () C:\windows\Tasks\EPSON XP-215 217 Series Update {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job

2015-02-18 14:44 - 2014-06-15 14:44 - 00000731 _____ () C:\windows\Tasks\EPSON XP-215 217 Series Invitation {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job

2015-02-18 14:17 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-18 14:17 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-18 14:13 - 2014-04-21 13:57 - 00000000 ____D () C:\Users\PePur\AppData\Roaming\Skype

2015-02-18 14:06 - 2009-11-02 10:18 - 01023188 _____ () C:\windows\PFRO.log

2015-02-18 14:06 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-02-18 14:06 - 2009-07-14 05:33 - 00340968 _____ () C:\windows\system32\FNTCACHE.DAT

2015-02-18 14:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\SchCache

2015-02-18 13:54 - 2015-01-01 12:53 - 00000000 ____D () C:\Program Files\WinZipper

2015-02-17 22:44 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET

2015-02-17 21:46 - 2014-04-21 13:11 - 00000000 ____D () C:\Users\PePur\AppData\Local\Adobe

2015-02-17 21:26 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-17 21:17 - 2009-11-02 17:34 - 00000000 ____D () C:\windows\system32\Drivers\de-DE

2015-02-17 21:17 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing

2015-02-17 21:17 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE

2015-02-17 20:56 - 2014-04-23 02:02 - 00000000 ____D () C:\windows\system32\MRT

2015-02-17 20:33 - 2014-04-23 02:02 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2015-02-17 19:55 - 2009-12-08 08:20 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-17 19:21 - 2014-04-21 13:19 - 00002155 _____ () C:\windows\epplauncher.mif

2015-02-17 19:20 - 2014-04-21 13:17 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-02-17 19:19 - 2014-04-21 13:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-02-17 16:33 - 2014-12-30 14:41 - 00000045 _____ () C:\user.js

2015-02-17 15:36 - 2014-04-21 12:55 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

2015-02-17 15:36 - 2014-04-21 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
 

==================== Files in the root of some directories =======
 

2015-02-17 19:29 - 2015-02-18 13:52 - 0000065 _____ () C:\Users\PePur\AppData\Roaming\WB.CFG

2015-02-17 18:19 - 2015-02-17 18:18 - 0628496 _____ (CMI Limited) C:\Users\PePur\AppData\Local\nsjD34.tmp
 

Some content of TEMP:

====================

C:\Users\PePur\AppData\Local\Temp\09F72235-2CA4-05DA-96EA-DF35A1B37A10.exe

C:\Users\PePur\AppData\Local\Temp\2C4DAF96-674C-1A12-76A8-2C690C23CD8A.dll

C:\Users\PePur\AppData\Local\Temp\2C4DAF96-674C-1A12-76A8-2C690C23CD8A.exe

C:\Users\PePur\AppData\Local\Temp\nsnCEDB.exe

C:\Users\PePur\AppData\Local\Temp\sysad.exe

C:\Users\PePur\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\PePur\AppData\Local\Temp\System.Data.SQLiteb69ba874-d850-4c43-a0aa-753d45c167b4.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\windows\explorer.exe => File is digitally signed

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-07 13:53
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-02-18 16:31:05

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 149,05GB

Running: Gmer-19357.exe; Driver: C:\Users\PePur\AppData\Local\Temp\uxddqpog.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntoskrnl.exe!ZwRequestWaitReplyPort + 1499                                                       8208B995 1 Byte  [06]

.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           820AB612 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

?               System32\drivers\oeytbvgt.sys                                                                    Das System kann den angegebenen Pfad nicht finden. !
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
 

Device          \Driver\BTHUSB \Device\0000006d                                                                  bthport.sys

Device          \Driver\BTHUSB \Device\0000006f                                                                  bthport.sys
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076ba32b6                      

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076ba32b6 (not active ControlSet)  

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize                    1357
 

---- EOF - GMER 2.1 ----

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-02-2015

Ran by PePur at 2015-02-18 15:43:22

Running from E:\Trojaner

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)

Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 5.30.18.0 - )

Elevated Installer (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo)

Epson Event Manager (HKLM\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)

Garmin Express (HKLM\...\{22939821-cd61-449c-8a03-cff0af03c156}) (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries)

Garmin Express (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (Version: 3.2.18.0 - Garmin Ltd or its subsidiaries) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)

Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mobile Broadband drivers (HKLM\...\{AF1260EC-04B7-4679-9394-0C28223C152B}) (Version: 6.1.9.5 - Ericsson AB)

Mobile Broadband Manager (HKLM\...\{67673F8F-3896-4A3E-BC17-ED0CD3F83730}) (Version: 6.1.6.2 - Ericsson AB)

Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5942 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)

Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Software Updater (HKLM\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.1.2.0 - Synaptics Incorporated)

TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)

Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.68 - Crystal Office Systems)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

WinZipper (HKLM\...\WinZipper) (Version: 1.5.77 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-4185872467-282433234-656447781-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\PePur\AppData\Local\Taplika\Application\31.0.1650.23\delegate_execute.exe" No File
 

==================== Restore Points  =========================
 

27-12-2014 17:15:43 Windows Update

30-12-2014 22:32:34 Windows Update

14-01-2015 12:17:37 Windows Update

14-01-2015 12:42:24 Windows Update

14-01-2015 20:48:57 Windows Update

21-01-2015 18:42:40 Windows Update

17-02-2015 15:17:14 Windows Update

17-02-2015 18:01:41 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {01F64A32-9CDA-4E67-B960-FD977E8C75C0} - System32\Tasks\RunTool => C:\Users\PePur\AppData\Local\b69ba874-d850-4c43-a0aa-753d45c167b4\sysad.exe [2015-02-17] ()

Task: {09377C56-D869-4BAB-AC55-53E621C1F35D} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {58100C0D-5889-41D9-9645-AE506053010D} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {5BE6C65C-54F6-4B4E-B016-9F86371ADD16} - \RocketTab No Task File <==== ATTENTION

Task: {6EA0559F-9CC2-4EE2-BAA3-D7B61BDC4DBA} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-27] ()

Task: {75D189F5-6977-4740-A3F2-003E016D24DF} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat

Task: {9BE5CC6B-F002-466A-90FE-727C4C72020A} - System32\Tasks\EPSON XP-215 217 Series Invitation {4BB6AA71-CA22-45E3-B1C7-06D450552EB8} => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {A538195E-946D-4EEB-AB83-D62C8C328059} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {B44D6460-3933-491E-9EF7-0C8B0CC05160} - \RocketTab Update Task No Task File <==== ATTENTION

Task: {B53849E5-7A61-4367-9A39-86E9820AAD0F} - System32\Tasks\EPSON XP-215 217 Series Update {4BB6AA71-CA22-45E3-B1C7-06D450552EB8} => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {CEC50DAA-2A99-45AE-A89C-6815FA76C39C} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {E802EDF6-AEC3-4B07-B291-4C70EED7E5ED} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-17] (Adobe Systems Incorporated)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\windows\Tasks\EPSON XP-215 217 Series Invitation {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE

Task: C:\windows\Tasks\EPSON XP-215 217 Series Update {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE
 

==================== Loaded Modules (whitelisted) ==============
 

2015-01-01 12:53 - 2014-12-31 05:34 - 00612528 _____ () C:\Program Files\WinZipper\sqlite3.dll

2009-08-11 17:10 - 2009-08-11 17:10 - 00132384 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll

2015-02-17 15:31 - 2015-02-17 15:32 - 01648640 _____ () c:\Program Files\RelayEdit\RelayEdit.dll

2015-02-17 16:40 - 2015-02-17 16:40 - 00128000 _____ () C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\JOSrv.exe

2009-09-24 11:54 - 2009-09-24 11:54 - 00430080 ____R () C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe

2009-03-25 22:08 - 2009-03-25 22:08 - 00058880 ____R () C:\Program Files\Mobile Broadband Drivers\WMCore\MBMDebug.dll

2015-02-17 23:27 - 2015-02-17 23:27 - 00192000 _____ () C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsh910.tmp

2009-12-08 08:15 - 2008-12-20 04:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll

2009-12-08 08:15 - 2008-12-20 04:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll

2015-02-18 15:32 - 2015-02-18 15:02 - 00050477 _____ () E:\Trojaner\Defogger.exe
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-4185872467-282433234-656447781-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg

DNS Servers: 8.8.8.8 - 212.37.37.50
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-4185872467-282433234-656447781-500 - Administrator - Disabled)

Gast (S-1-5-21-4185872467-282433234-656447781-501 - Limited - Disabled)

PePur (S-1-5-21-4185872467-282433234-656447781-1000 - Administrator - Enabled) => C:\Users\PePur
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/18/2015 01:54:04 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm nse75D6.tmp, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 116c
 

Startzeit: 01d04af512b3af4f
 

Endzeit: 327
 

Anwendungspfad: C:\Users\PePur\AppData\Local\Temp\nse75D6.tmp
 

Berichts-ID:
 

Error: (02/17/2015 09:55:05 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm mbam.exe, Version 1.0.1.711 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1458
 

Startzeit: 01d04af352c27b26
 

Endzeit: 10608
 

Anwendungspfad: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 

Berichts-ID: 1f3ac59c-b6e7-11e4-9065-0c6076ba32b6
 

Error: (02/17/2015 06:02:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
 

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsled20df0a.
 

System Error:

Das System kann die angegebene Datei nicht finden.

.
 

Error: (01/22/2015 09:02:44 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c

Ausnahmecode: 0xc0000374

Fehleroffset: 0x000c3873

ID des fehlerhaften Prozesses: 0x1388

Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0

Pfad der fehlerhaften Anwendung: iexplore.exe1

Pfad des fehlerhaften Moduls: iexplore.exe2

Berichtskennung: iexplore.exe3
 

Error: (01/22/2015 09:00:34 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c

Ausnahmecode: 0xc00000fd

Fehleroffset: 0x00052c26

ID des fehlerhaften Prozesses: 0x1638

Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0

Pfad der fehlerhaften Anwendung: iexplore.exe1

Pfad des fehlerhaften Moduls: iexplore.exe2

Berichtskennung: iexplore.exe3
 

Error: (01/22/2015 08:59:22 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17496, Zeitstempel: 0x546fddcc

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c

Ausnahmecode: 0xc00000fd

Fehleroffset: 0x00052c26

ID des fehlerhaften Prozesses: 0x1638

Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0

Pfad der fehlerhaften Anwendung: iexplore.exe1

Pfad des fehlerhaften Moduls: iexplore.exe2

Berichtskennung: iexplore.exe3
 

Error: (01/19/2015 00:46:55 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: )

Description: Accepted Safe Mode action : Microsoft Office Outlook.
 

Error: (01/15/2015 00:27:34 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm OUTLOOK.EXE, Version 12.0.6691.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 13d4
 

Startzeit: 01d030b51826255b
 

Endzeit: 1390
 

Anwendungspfad: C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
 

Berichts-ID: 59321dab-9ca9-11e4-af18-0c6076ba32b6
 

Error: (01/15/2015 00:19:41 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: )

Description: Accepted Safe Mode action : Microsoft Office Outlook.
 

Error: (01/14/2015 00:23:39 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 658
 

Startzeit: 01d02fe984a13a3d
 

Endzeit: 1184
 

Anwendungspfad: C:\windows\Explorer.EXE
 

Berichts-ID: b4970a7a-9bdf-11e4-9014-0c6076ba32b6
 
 

System errors:

=============

Error: (02/18/2015 02:26:50 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (02/18/2015 02:17:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (02/18/2015 02:11:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Audiosrv erreicht.
 

Error: (02/18/2015 02:10:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (02/18/2015 02:08:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (02/18/2015 02:08:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
 

Error: (02/18/2015 02:07:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RelayStasis erreicht.
 

Error: (02/18/2015 02:02:55 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 

Error: (02/18/2015 05:41:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht.
 

Error: (02/17/2015 09:48:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 
 

Microsoft Office Sessions:

=========================

Error: (12/30/2014 10:37:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2063 seconds with 240 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz

Percentage of memory in use: 69%

Total physical RAM: 1013.95 MB

Available physical RAM: 308.3 MB

Total Pagefile: 2242.95 MB

Available Pagefile: 1071.81 MB

Total Virtual: 2047.88 MB

Available Virtual: 1906.62 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:103.85 GB) (Free:66.42 GB) NTFS

Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:30.12 GB) NTFS

Drive e: (1GB) (Removable) (Total:0.97 GB) (Free:0.39 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 6F90267D)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=103.9 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 996 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=995 MB) - (Type=06)
 

==================== End Of Log ============================

hi,

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

WinZipper
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hi schrauber!

Danke für Deine Tipps!

Mit "revo" habe ich nun winzipper entfernt. So weit, so gut.
Allerdings führt das ausführen von Combofix zu einem Systemabsturz von Windows und das Netbook bootet sich von alleine neu

Soll ich Combofix im abgesicherten Modus versuchen zu starten?

so, habe es nun im abgesicherten Modus versucht und es hat anscheinend funktioniert. Zumindest ist er nicht abgestürzt
Allerdings hat er beim ersten Durchlauf keine Log-Datei abgespeichert, erst beim zweiten Durchlauf:

Code:

ComboFix 15-02-16.01 - PePur 18.02.2015  21:17:05.2.2 - x86 MINIMAL

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.491 [GMT 1:00]

ausgeführt von:: c:\users\PePur\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-01-18 bis 2015-02-18  ))))))))))))))))))))))))))))))

.

.

2015-02-18 20:27 . 2015-02-18 20:27        --------        d-----w-        c:\users\Default\AppData\Local\temp

2015-02-18 20:00 . 2015-02-18 20:27        --------        d-----w-        c:\users\PePur\AppData\Local\temp

2015-02-18 18:55 . 2014-09-05 01:52        5703168        ----a-w-        c:\windows\system32\mstscax.dll

2015-02-18 18:53 . 2014-08-29 01:44        2744320        ----a-w-        c:\windows\system32\rdpcorets.dll

2015-02-18 18:35 . 2015-02-18 18:35        --------        d-----w-        c:\program files\deAl2odeAlit

2015-02-18 18:35 . 2015-02-18 18:35        --------        d-----w-        c:\program files\DisecounntLocaator

2015-02-18 18:35 . 2015-02-18 18:35        --------        d-----w-        c:\program files\sHaopndroup

2015-02-18 17:53 . 2015-02-18 17:53        --------        d-----w-        c:\program files\Paste Lorem ipsum

2015-02-18 16:47 . 2015-01-29 09:49        9041640        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0995560-14D8-451A-8E32-B0D5A28C4537}\mpengine.dll

2015-02-18 16:37 . 2015-02-18 16:38        --------        d-----w-        c:\program files\Revo Uninstaller

2015-02-18 15:45 . 2015-01-29 09:49        9041640        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2015-02-18 14:40 . 2015-02-18 14:46        --------        d-----w-        C:\FRST

2015-02-18 14:04 . 2014-05-08 09:06        13824        ----a-w-        c:\windows\system32\RdpGroupPolicyExtension.dll

2015-02-18 14:04 . 2015-01-23 03:43        620032        ----a-w-        c:\windows\system32\jscript9diag.dll

2015-02-18 14:04 . 2015-01-23 03:17        4300800        ----a-w-        c:\windows\system32\jscript9.dll

2015-02-18 13:55 . 2015-02-18 13:56        --------        d-----w-        c:\program files\Custom RSS News

2015-02-18 13:54 . 2015-02-18 13:56        --------        d-----w-        c:\program files\laowrratte

2015-02-18 13:50 . 2015-02-18 13:55        --------        d-----w-        c:\program files\buyandbirowsoe

2015-02-18 13:48 . 2015-02-18 13:53        --------        d-----w-        c:\program files\ccheaPP4aalLL

2015-02-17 20:51 . 2015-02-18 13:18        114904        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-02-17 20:48 . 2014-11-21 05:14        75480        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2015-02-17 20:48 . 2014-11-21 05:14        51928        ----a-w-        c:\windows\system32\drivers\mwac.sys

2015-02-17 20:48 . 2014-11-21 05:14        23256        ----a-w-        c:\windows\system32\drivers\mbam.sys

2015-02-17 20:48 . 2015-02-17 20:49        --------        d-----w-        c:\program files\Malwarebytes Anti-Malware

2015-02-17 20:48 . 2015-02-17 20:48        --------        d-----w-        c:\programdata\Malwarebytes

2015-02-17 19:29 . 2012-08-23 14:44        14848        ----a-w-        c:\windows\system32\drivers\rdpvideominiport.sys

2015-02-17 19:29 . 2012-08-23 14:48        221184        ----a-w-        c:\windows\system32\rdpudd.dll

2015-02-17 19:29 . 2012-08-23 11:12        192000        ----a-w-        c:\windows\system32\rdpendp_winip.dll

2015-02-17 19:12 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\system32\mf.dll

2015-02-17 19:03 . 2013-10-01 23:45        32256        ----a-w-        c:\windows\system32\TsUsbGDCoInstaller.dll

2015-02-17 19:03 . 2013-10-02 00:32        12800        ----a-w-        c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-02-17 19:03 . 2013-10-02 00:42        49152        ----a-w-        c:\windows\system32\drivers\TsUsbFlt.sys

2015-02-17 19:03 . 2013-10-02 00:30        14336        ----a-w-        c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-02-17 19:03 . 2013-10-02 00:14        17920        ----a-w-        c:\windows\system32\wksprtPS.dll

2015-02-17 19:03 . 2013-10-02 00:14        50176        ----a-w-        c:\windows\system32\MsRdpWebAccess.dll

2015-02-17 19:03 . 2013-10-01 23:58        53248        ----a-w-        c:\windows\system32\tsgqec.dll

2015-02-17 19:03 . 2013-10-01 23:08        855552        ----a-w-        c:\windows\system32\rdvidcrl.dll

2015-02-17 19:03 . 2013-10-01 23:00        76288        ----a-w-        c:\windows\system32\TSWbPrxy.exe

2015-02-17 19:03 . 2013-10-01 22:53        350208        ----a-w-        c:\windows\system32\wksprt.exe

2015-02-17 19:03 . 2013-10-01 22:34        1068544        ----a-w-        c:\windows\system32\mstsc.exe

2015-02-17 18:48 . 2014-06-27 01:45        2285056        ----a-w-        c:\windows\system32\msmpeg2vdec.dll

2015-02-17 18:36 . 2012-07-26 02:32        155136        ----a-w-        c:\windows\system32\drivers\WUDFRd.sys

2015-02-17 18:36 . 2012-07-26 02:33        66560        ----a-w-        c:\windows\system32\drivers\WUDFPf.sys

2015-02-17 18:36 . 2012-07-26 03:20        73216        ----a-w-        c:\windows\system32\WUDFSvc.dll

2015-02-17 18:36 . 2012-07-26 03:20        172032        ----a-w-        c:\windows\system32\WUDFPlatform.dll

2015-02-17 18:36 . 2012-07-26 03:20        38912        ----a-w-        c:\windows\system32\WUDFCoinstaller.dll

2015-02-17 18:36 . 2012-07-26 03:21        196608        ----a-w-        c:\windows\system32\WUDFHost.exe

2015-02-17 18:36 . 2012-07-26 03:20        613888        ----a-w-        c:\windows\system32\WUDFx.dll

2015-02-17 17:58 . 2015-02-17 17:58        --------        d-----w-        c:\windows\Migration

2015-02-17 17:26 . 2015-02-17 17:26        --------        d-----w-        c:\programdata\{B4E05C23-E462-8DA5-55E4-FD2785662EA9}

2015-02-17 16:58 . 2013-12-04 01:54        594944        ----a-w-        c:\windows\system32\RMActivate_isv.exe

2015-02-17 16:58 . 2013-12-04 01:54        572416        ----a-w-        c:\windows\system32\RMActivate.exe

2015-02-17 16:58 . 2013-12-04 01:54        508928        ----a-w-        c:\windows\system32\RMActivate_ssp_isv.exe

2015-02-17 16:58 . 2013-12-04 01:54        510976        ----a-w-        c:\windows\system32\RMActivate_ssp.exe

2015-02-17 16:58 . 2013-12-04 02:03        423936        ----a-w-        c:\windows\system32\secproc_isv.dll

2015-02-17 16:58 . 2013-12-04 02:03        87040        ----a-w-        c:\windows\system32\secproc_ssp.dll

2015-02-17 16:58 . 2013-12-04 02:03        428032        ----a-w-        c:\windows\system32\secproc.dll

2015-02-17 16:58 . 2013-12-04 02:02        390144        ----a-w-        c:\windows\system32\msdrm.dll

2015-02-17 16:58 . 2013-12-04 02:03        87040        ----a-w-        c:\windows\system32\secproc_ssp_isv.dll

2015-02-17 16:57 . 2013-05-10 03:20        24576        ----a-w-        c:\windows\system32\cryptdlg.dll

2015-02-17 16:56 . 2012-07-06 19:23        393728        ----a-w-        c:\windows\system32\drivers\bthport.sys

2015-02-17 16:56 . 2014-01-28 02:07        185344        ----a-w-        c:\windows\system32\wwansvc.dll

2015-02-17 16:56 . 2013-03-19 03:33        40960        ----a-w-        c:\windows\system32\wwanprotdim.dll

2015-02-17 16:56 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\system32\dhcpcore6.dll

2015-02-17 16:56 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\system32\dhcpcsvc6.dll

2015-02-17 16:55 . 2014-07-09 01:29        6144        ----a-w-        c:\windows\system32\KBDYAK.DLL

2015-02-17 16:55 . 2014-07-09 01:29        6144        ----a-w-        c:\windows\system32\KBDBASH.DLL

2015-02-17 16:55 . 2014-08-01 11:35        793600        ----a-w-        c:\windows\system32\TSWorkspace.dll

2015-02-17 16:55 . 2012-10-03 16:40        499712        ----a-w-        c:\windows\system32\iphlpsvc.dll

2015-02-17 16:55 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\system32\netcorehc.dll

2015-02-17 16:55 . 2012-10-03 15:21        35328        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2015-02-17 16:55 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\system32\netevent.dll

2015-02-17 16:54 . 2013-08-05 01:56        133056        ----a-w-        c:\windows\system32\drivers\ataport.sys

2015-02-17 16:54 . 2014-11-26 03:32        571904        ----a-w-        c:\windows\system32\oleaut32.dll

2015-02-17 16:54 . 2014-02-04 02:07        149440        ----a-w-        c:\windows\system32\drivers\storport.sys

2015-02-17 16:54 . 2014-02-04 02:07        234432        ----a-w-        c:\windows\system32\drivers\msiscsi.sys

2015-02-17 16:54 . 2014-02-04 02:07        27072        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2015-02-17 16:54 . 2014-02-04 02:00        2048        ----a-w-        c:\windows\system32\iologmsg.dll

2015-02-17 16:53 . 2014-09-25 01:40        519680        ----a-w-        c:\windows\system32\qdvd.dll

2015-02-17 16:53 . 2014-06-24 02:59        1987584        ----a-w-        c:\windows\system32\d3d10warp.dll

2015-02-17 16:53 . 2014-11-08 02:45        2048        ----a-w-        c:\windows\system32\tzres.dll

2015-02-17 16:52 . 2013-07-04 11:57        205824        ----a-w-        c:\windows\system32\WebClnt.dll

2015-02-17 16:52 . 2013-07-04 11:51        81920        ----a-w-        c:\windows\system32\davclnt.dll

2015-02-17 16:52 . 2013-08-28 00:57        434688        ----a-w-        c:\windows\system32\scavengeui.dll

2015-02-17 16:51 . 2013-10-30 02:19        301568        ----a-w-        c:\windows\system32\msieftp.dll

2015-02-17 16:51 . 2014-10-30 01:45        155136        ----a-w-        c:\windows\system32\charmap.exe

2015-02-17 16:51 . 2014-01-24 02:18        1212352        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2015-02-17 16:51 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys

2015-02-17 16:51 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys

2015-02-17 16:51 . 2014-10-14 01:50        2363904        ----a-w-        c:\windows\system32\msi.dll

2015-02-17 16:38 . 2012-08-21 20:12        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe

2015-02-17 16:38 . 2011-03-11 05:33        1699328        ----a-w-        c:\windows\system32\esent.dll

2015-02-17 16:37 . 2011-03-11 05:38        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys

2015-02-17 16:37 . 2011-03-11 05:38        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys

2015-02-17 16:37 . 2011-03-11 05:39        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys

2015-02-17 16:37 . 2011-03-11 05:39        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys

2015-02-17 16:37 . 2011-03-11 05:38        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys

2015-02-17 16:37 . 2011-03-11 05:31        74240        ----a-w-        c:\windows\system32\fsutil.exe

2015-02-17 16:32 . 2014-11-11 01:32        74752        ----a-w-        c:\windows\system32\drivers\tdx.sys

2015-02-17 16:29 . 2013-10-04 01:58        152576        ----a-w-        c:\windows\system32\SmartcardCredentialProvider.dll

2015-02-17 16:29 . 2013-10-04 01:56        168960        ----a-w-        c:\windows\system32\credui.dll

2015-02-17 16:27 . 2015-01-09 02:48        27136        ----a-w-        c:\windows\system32\powertracker.dll

2015-02-17 16:27 . 2015-01-09 02:48        76800        ----a-w-        c:\windows\system32\wdi.dll

2015-02-17 16:27 . 2015-01-09 02:48        635904        ----a-w-        c:\windows\system32\perftrack.dll

2015-02-17 16:27 . 2013-11-23 18:26        417792        ----a-w-        c:\windows\system32\WMPhoto.dll

2015-02-17 16:27 . 2014-10-03 01:45        1177088        ----a-w-        c:\windows\system32\WsmSvc.dll

2015-02-17 16:27 . 2014-10-03 01:45        248832        ----a-w-        c:\windows\system32\WSManMigrationPlugin.dll

2015-02-17 16:27 . 2014-10-03 01:45        214016        ----a-w-        c:\windows\system32\WsmWmiPl.dll

2015-02-17 16:27 . 2014-10-03 01:45        145920        ----a-w-        c:\windows\system32\WsmAuto.dll

2015-02-17 16:27 . 2014-10-03 01:44        198656        ----a-w-        c:\windows\system32\WSManHTTPConfig.exe

2015-02-17 16:27 . 2014-12-12 05:07        1174528        ----a-w-        c:\windows\system32\crypt32.dll

2015-02-17 15:38 . 2015-02-18 17:09        --------        d-----w-        c:\users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC

2015-02-17 15:34 . 2015-02-17 15:34        43560        ----a-w-        c:\windows\system32\drivers\webTinstMK.sys

2015-02-17 15:23 . 2015-02-17 15:23        --------        d-----w-        c:\program files\RelayStasis

2015-02-17 15:15 . 2015-01-15 07:37        686080        ----a-w-        c:\windows\system32\adtschema.dll

2015-02-17 15:15 . 2015-01-15 07:46        67520        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2015-02-17 15:15 . 2015-01-15 07:46        136640        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2015-02-17 15:15 . 2015-01-15 07:42        1061376        ----a-w-        c:\windows\system32\lsasrv.dll

2015-02-17 15:15 . 2015-01-15 04:21        369968        ----a-w-        c:\windows\system32\drivers\cng.sys

2015-02-17 15:15 . 2015-01-15 07:43        15872        ----a-w-        c:\windows\system32\sspisrv.dll

2015-02-17 15:15 . 2015-01-15 07:43        100352        ----a-w-        c:\windows\system32\sspicli.dll

2015-02-17 15:15 . 2015-01-15 07:42        22016        ----a-w-        c:\windows\system32\secur32.dll

2015-02-17 15:15 . 2015-01-15 07:42        22528        ----a-w-        c:\windows\system32\lsass.exe

2015-02-17 15:15 . 2015-01-15 07:42        50176        ----a-w-        c:\windows\system32\auditpol.exe

2015-02-17 15:15 . 2015-01-15 07:39        60416        ----a-w-        c:\windows\system32\msobjs.dll

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-02-17 14:36 . 2014-04-21 11:55        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2015-02-17 14:36 . 2014-04-21 11:55        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2014-12-31 11:13 . 2014-04-21 11:51        249488        ------w-        c:\windows\system32\MpSigStub.exe

2014-12-31 04:34 . 2011-06-10 23:58        773808        ----a-w-        c:\windows\system32\msvcr100.dll

2014-12-31 04:34 . 2011-06-10 23:58        421040        ----a-w-        c:\windows\system32\msvcp100.dll

2014-12-19 02:43 . 2015-01-14 19:38        164864        ----a-w-        c:\windows\system32\profsvc.dll

2014-12-19 01:34 . 2015-01-14 11:38        116224        ----a-w-        c:\windows\system32\drivers\mrxdav.sys

2014-12-06 03:50 . 2015-01-14 11:38        242688        ----a-w-        c:\windows\system32\nlasvc.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE" [2013-01-24 260160]

"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2014-08-27 688984]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-21 7739936]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-29 1529128]

"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]

"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]

"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-11-01 2353880]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2014-05-02 1065024]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]

"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-04-23 280576]

.

c:\users\PePur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 38a94c45;RelayEdit;c:\windows\system32\rundll32.exe [2009-07-14 44544]

R2 bb1a24ab;RelayStasis;c:\windows\system32\rundll32.exe [2009-07-14 44544]

R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-11-01 173272]

R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]

R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]

R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2012-05-16 126128]

R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-08-27 441176]

R2 serverjo;JO Service component;c:\users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\JOSrv.exe [2015-02-17 128000]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]

R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]

R2 webTinstMK;webTinstMK;c:\windows\system32\Drivers\webTinstMK.sys [2015-02-17 43560]

R2 WMCoreService;Mobile Broadband Core Service;c:\program files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]

R2 wynyliho;Font Portal;c:\users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsh910.tmp [2015-02-17 192000]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 e36gmdfl;F3607gw Mobile Broadband Data Modem Filter (Win7);c:\windows\system32\DRIVERS\e36gmdfl.sys [2009-06-30 14848]

R3 e36gmdm;F3607gw Mobile Broadband Data Modem Driver (Win7);c:\windows\system32\DRIVERS\e36gmdm.sys [2009-06-30 374272]

R3 e36gmgmt;F3607gw Mobile Broadband Device Management Drivers (Win7);c:\windows\system32\DRIVERS\e36gmgmt.sys [2009-06-30 357376]

R3 e36wgps;F3607gw Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\e36wgps.sys [2009-07-10 82984]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]

R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]

R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-04 166912]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]

R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]

R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2009-09-22 216616]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]

S3 e36gbus;F3607gw Mobile Broadband Device driver (Win7);c:\windows\system32\DRIVERS\e36gbus.sys [2009-06-30 285056]

S3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\system32\Drivers\wwanuss.sys [2009-09-22 10240]

S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwanussf.sys [2009-09-22 14848]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc

.

Inhalt des "geplante Tasks" Ordners

.

2015-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-21 14:36]

.

2015-02-18 c:\windows\Tasks\EPSON XP-215 217 Series Invitation {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job

- c:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2014-06-15 23:20]

.

2015-02-18 c:\windows\Tasks\EPSON XP-215 217 Series Update {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job

- c:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2014-06-15 23:20]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = www.google.com

uDefault_Search_URL = www.google.com

mStart Page = www.google.com

uInternet Settings,ProxyOverride = <-loopback>

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 8.8.8.8 212.37.37.50

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wynyliho]

"ImagePath"="c:\users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsh910.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2015-02-18  21:32:56

ComboFix-quarantined-files.txt  2015-02-18 20:32

ComboFix2.txt  2015-02-18 20:00

.

Vor Suchlauf: 11 Verzeichnis(se), 77.477.797.888 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 77.294.612.480 Bytes frei

.

- - End Of File - - B57150A3B48EA61AE052D0F5ED92C844

A36C5E4F47E84449FF07ED3517B43A31

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hi & Danke!

here are the results ;)
HAbe alles im abgesicherten Modus laufen lassen (müssen), da bei Scan mit MBAM der Rechner abstürzte. Hoffe das war okay?

hier die LOGs:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 20.02.2015

Suchlauf-Zeit: 12:23:12

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.02.20.04

Rootkit Datenbank: v2015.02.03.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x86

Dateisystem: NTFS

Benutzer: PePur
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 313893

Verstrichene Zeit: 15 Min, 56 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 6

PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D831E399-50FE-84AE-F5F7-0A63AC282464}, In Quarantäne, [0aaad64a0e7c2412d9f99966e41ebd43], 

PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}, In Quarantäne, [e5cf43dd4941e0566072ff00e2208a76], 

PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}, In Quarantäne, [595b99874842e45216bce31c56ac3dc3], 

PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}, In Quarantäne, [24908898bbcf96a0696919e63dc54db3], 

PUP.Optional.WebTInst.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\webTinstMK, In Quarantäne, [fcb83fe1c5c5d3639b388110f50e9b65], 

PUP.Optional.JOSrv.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVERJO, In Quarantäne, [d6de28f8b2d8b97d97d95d3555aeba46], 
 

Registrierungswerte: 1

PUP.Optional.JOSrv.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVERJO|ImagePath, C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\JOSrv.exe, In Quarantäne, [d6de28f8b2d8b97d97d95d3555aeba46]
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 1

PUP.Optional.RelayStasis.A, C:\Program Files\RelayStasis, In Quarantäne, [6a4aed33a5e586b04e302b67d92a4eb2], 
 

Dateien: 8

PUP.Optional.Multiplug, C:\Program Files\deAl2odeAlit\deAl2odeAlit.exe, In Quarantäne, [0aaad64a0e7c2412d9f99966e41ebd43], 

PUP.Optional.Multiplug, C:\Program Files\DisecounntLocaator\DisecounntLocaator.exe, In Quarantäne, [e5cf43dd4941e0566072ff00e2208a76], 

PUP.Optional.Multiplug, C:\Program Files\Paste Lorem ipsum\Paste Lorem ipsum.exe, In Quarantäne, [595b99874842e45216bce31c56ac3dc3], 

PUP.Optional.Multiplug, C:\Program Files\sHaopndroup\sHaopndroup.exe, In Quarantäne, [24908898bbcf96a0696919e63dc54db3], 

PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\Msft_Kernel_webTinstMK_01009.Wdf, In Quarantäne, [4d67c06086043ff7617101906a9958a8], 

PUP.Optional.WebTInst.A, C:\Windows\System32\drivers\webTinstMK.sys, In Quarantäne, [fcb83fe1c5c5d3639b388110f50e9b65], 

PUP.Optional.RelayStasis.A, C:\Program Files\RelayStasis\RelayStasis.dll, In Quarantäne, [6a4aed33a5e586b04e302b67d92a4eb2], 

PUP.Optional.JOSrv.A, C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\JOSrv.exe, In Quarantäne, [d6de28f8b2d8b97d97d95d3555aeba46], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

Code:

# AdwCleaner v4.111 - Bericht erstellt 20/02/2015 um 13:55:44

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-02-18.3 [Lokal]

# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)

# Benutzername : PePur - NETBOOK

# Gestarted von : C:\Users\PePur\Desktop\AdwCleaner_4.111.exe

# Option : Suchlauf
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Datei Gefunden : C:\Users\PePur\Desktop\Continue Live Installation.lnk

Ordner Gefunden : C:\Program Files\deAl2odeAlit

Ordner Gefunden : C:\Program Files\DisecounntLocaator

Ordner Gefunden : C:\Program Files\predm

Ordner Gefunden : C:\Program Files\sHaopndroup

Ordner Gefunden : C:\ProgramData\b28f45cf6b8a5cfc

Ordner Gefunden : C:\ProgramData\shoppilation

Ordner Gefunden : C:\ProgramData\shoppilation

Ordner Gefunden : C:\ProgramData\WPM

Ordner Gefunden : C:\Users\PePur\Documents\PC Speed Maximizer
 

***** [ Geplante Tasks ] *****
 

Task Gefunden : APSnotifierPP1

Task Gefunden : APSnotifierPP2

Task Gefunden : APSnotifierPP3

Task Gefunden : RocketTab Update Task

Task Gefunden : RocketTab
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

Schlüssel Gefunden : HKCU\Software\AnyProtect

Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gefunden : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\TheBestDeals

Schlüssel Gefunden : HKCU\Software\InetStat

Schlüssel Gefunden : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EBFB468A-B909-4032-BF5C-C09A2905ED79}

Schlüssel Gefunden : HKCU\Software\Super Optimizer

Schlüssel Gefunden : HKCU\Software\Tutorials

Schlüssel Gefunden : HKCU\Software\Wajam

Schlüssel Gefunden : HKLM\SOFTWARE\Clara

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}

Schlüssel Gefunden : HKLM\SOFTWARE\hdcode

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

Schlüssel Gefunden : HKLM\SOFTWARE\V9

Schlüssel Gefunden : HKLM\SOFTWARE\winzipersvc

Schlüssel Gefunden : HKLM\SOFTWARE\Wpm

Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17631
 

*************************
 

AdwCleaner[R0].txt - [3035 Bytes] - [20/02/2015 13:55:44]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3094 Bytes] ##########

Code:

# AdwCleaner v4.111 - Bericht erstellt 20/02/2015 um 14:04:07

# Aktualisiert 18/02/2015 von Xplode

# Datenbank : 2015-02-18.3 [Lokal]

# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)

# Benutzername : PePur - NETBOOK

# Gestarted von : C:\Users\PePur\Desktop\AdwCleaner_4.111.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\WPM

Ordner Gelöscht : C:\ProgramData\shoppilation

Ordner Gelöscht : C:\ProgramData\b28f45cf6b8a5cfc

Ordner Gelöscht : C:\Program Files\predm

Ordner Gelöscht : C:\Program Files\deAl2odeAlit

Ordner Gelöscht : C:\Program Files\DisecounntLocaator

Ordner Gelöscht : C:\Program Files\sHaopndroup

Ordner Gelöscht : C:\Users\PePur\Documents\PC Speed Maximizer

Datei Gelöscht : C:\Users\PePur\Desktop\Continue Live Installation.lnk
 

***** [ Geplante Tasks ] *****
 

Task Gelöscht : APSnotifierPP1

Task Gelöscht : APSnotifierPP2

Task Gelöscht : APSnotifierPP3

Task Gelöscht : RocketTab Update Task

Task Gelöscht : RocketTab
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\Users\PePur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\PePur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\PePur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EBFB468A-B909-4032-BF5C-C09A2905ED79}

Schlüssel Gelöscht : HKCU\Software\AnyProtect

Schlüssel Gelöscht : HKCU\Software\InetStat

Schlüssel Gelöscht : HKCU\Software\Tutorials

Schlüssel Gelöscht : HKCU\Software\Wajam

Schlüssel Gelöscht : HKCU\Software\Super Optimizer

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TheBestDeals

Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode

Schlüssel Gelöscht : HKLM\SOFTWARE\V9

Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm

Schlüssel Gelöscht : HKLM\SOFTWARE\Clara

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com

Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17631
 
 

*************************
 

AdwCleaner[R0].txt - [3173 Bytes] - [20/02/2015 13:55:44]

AdwCleaner[S0].txt - [3461 Bytes] - [20/02/2015 14:04:07]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3520  Bytes] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.2 (02.02.2015:1)

OS: Windows 7 Starter x86

Ran by PePur on 20.02.2015 at 14:06:32,96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20.02.2015 at 14:09:38,61

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ab jezt dann nochmal im normalen Modus:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

diesmal tatsächlich ohne abgesicherten Modus :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=e7c953b669183946b69c82dc03f3f523

# engine=22584

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-02-21 06:06:13

# local_time=2015-02-21 07:06:13 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 348393 47525967 0 0

# scanned=120265

# found=10

# cleaned=0

# scan_time=8697

sh=F8F2FE59F86C196A9ABDE0407E9578F68B057563 ft=1 fh=c71c0011ad2662dc vn="Variante von Win32/SProtector.O evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\RelayEdit\RelayEdit.dll"

sh=2BBAAB7A917C6A3238C95FA4C9E04D9ED5AE9E27 ft=1 fh=c71c00111add6dd4 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\ApoptOOU\rA35uq5uuGBwac.dll.vir"

sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\ApoptOOU\rA35uq5uuGBwac.exe.vir"

sh=95D1086CCBD8467340D6FD7C2ED3CA56AAA110AC ft=1 fh=c71c0011755bc284 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\dowaNloaDDitKeoeP\FKnOreFzqzwIWI.dll.vir"

sh=0813518EC2DAEB0A49D7EE2C9482150CC0EB1136 ft=1 fh=c71c0011cf414413 vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\dowaNloaDDitKeoeP\FKnOreFzqzwIWI.exe.vir"

sh=F5989199EEC435AC9503DD2254019EA32AF3EF93 ft=1 fh=c71c001114722270 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\Faostsalleri\trcZ1oaOOMATDU.dll.vir"

sh=D1ED689D060F155C2A9B00D824EEDBD75DC8BCA5 ft=1 fh=c71c0011ed906c05 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\nitrOadeoail\ajwDSCHIP23pfI.dll.vir"

sh=64923FEE71A1BF6D5A96197597DB0ED6FC1A09EE ft=1 fh=fef3f203832e64e5 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\PePur\AppData\Local\nsjD34.tmp.vir"

sh=F8CC01C04A0ED7C8B49DDB08F828A84A2942D323 ft=1 fh=1f999cb7d011694f vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\PePur\AppData\Local\temp\ICReinstall_nse5BF0.tmp"

sh=F8CC01C04A0ED7C8B49DDB08F828A84A2942D323 ft=1 fh=1f999cb7d011694f vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\PePur\AppData\Local\temp\nse5BF0.tmp"

Code:

 Results of screen317's Security Check version 0.99.96  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

  (On Access scanning disabled!) 

 Error obtaining update status for antivirus!  
 `````````Anti-malware/Other Utilities Check:````````` 

  Java 64-bit 8 Update 31  

 Adobe Reader XI  
 ````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-02-2015

Ran by PePur (administrator) on NETBOOK on 21-02-2015 19:30:30

Running from E:\Trojaner

Loaded Profiles: PePur (Available profiles: PePur)

Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

() C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe

(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe

() C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsq6B99.tmp

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-21] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1529128 2009-05-29] (Synaptics Incorporated)

HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)

HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)

HKLM\...\RunOnce: [Update] => C:\Users\PePur\AppData\Roaming\VOPackage\VOPackage.exe /runonce

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-04-23] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\PePur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-4185872467-282433234-656447781-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4185872467-282433234-656447781-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Firefox\Extensions: [{E778513A-4128-E4CB-BEF2-7F4E0841656E}] - C:\Program Files\ver9TheBestDeals\189.xpi
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S2 38a94c45; c:\Program Files\RelayEdit\RelayEdit.dll [1648640 2015-02-17] () [File not signed]

R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [582944 2009-08-11] (Broadcom Corporation.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 EpsonScanSvc; C:\windows\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)

R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)

R2 nisyseri; C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsq6B99.tmp [141312 2015-02-21] () [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

R2 WMCoreService; C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [430080 2009-09-24] () [File not signed]

S2 bb1a24ab; "C:\windows\system32\rundll32.exe" "c:\Program Files\RelayStasis\RelayStasis.dll",serv
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)

R3 e36gbus; C:\windows\System32\DRIVERS\e36gbus.sys [285056 2009-06-30] (MCCI Corporation)

R3 e36gmdfl; C:\windows\System32\DRIVERS\e36gmdfl.sys [14848 2009-06-30] (MCCI Corporation)

R3 e36gmdm; C:\windows\System32\DRIVERS\e36gmdm.sys [374272 2009-06-30] (MCCI Corporation)

R3 e36gmgmt; C:\windows\System32\DRIVERS\e36gmgmt.sys [357376 2009-06-30] (MCCI Corporation)

R3 e36wgps; C:\windows\System32\DRIVERS\e36wgps.sys [82984 2009-07-10] (Ericsson AB)

R3 ecnssndis; C:\windows\System32\Drivers\wwanuss.sys [10240 2009-09-22] (Ericsson AB)

R3 ecnssndisfltr; C:\windows\System32\Drivers\wwanussf.sys [14848 2009-09-22] (Ericsson AB)

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)

S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

R3 WwanUsbServ; C:\windows\System32\DRIVERS\WwanUsbMp.sys [216616 2009-09-22] (Ericsson AB)

U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\PePur\AppData\Local\Temp\catchme.sys [X]

R1 MpKsl9f531608; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{656E7FD1-4066-40C1-BF2D-14DAF7325658}\MpKsl9f531608.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-21 19:27 - 2015-02-21 19:27 - 00000830 _____ () C:\Users\PePur\Desktop\checkup.txt

2015-02-21 19:17 - 2015-02-21 19:17 - 00852594 _____ () C:\Users\PePur\Desktop\SecurityCheck.exe

2015-02-21 16:56 - 2015-02-21 16:56 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2015-02-21 16:56 - 2015-02-21 16:56 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2015-02-21 16:54 - 2015-02-21 16:54 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2015-02-21 16:54 - 2015-02-21 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2015-02-21 16:37 - 2015-02-21 16:37 - 00000000 ____D () C:\Program Files\ESET

2015-02-21 16:33 - 2015-02-21 16:33 - 02347384 _____ (ESET) C:\Users\PePur\Desktop\esetsmartinstaller_deu.exe

2015-02-20 14:09 - 2015-02-20 14:09 - 00000620 _____ () C:\Users\PePur\Desktop\JRT.txt

2015-02-20 14:06 - 2015-02-20 11:17 - 01388274 _____ (Thisisu) C:\Users\PePur\Desktop\JRT.exe

2015-02-20 13:55 - 2015-02-20 14:04 - 00000000 ____D () C:\AdwCleaner

2015-02-20 13:55 - 2015-02-20 11:17 - 02126848 _____ () C:\Users\PePur\Desktop\AdwCleaner_4.111.exe

2015-02-20 13:54 - 2015-02-20 13:54 - 00003401 _____ () C:\Users\PePur\Desktop\mbam.txt

2015-02-20 11:50 - 2015-02-20 11:50 - 00151544 _____ () C:\windows\Minidump\022015-21044-01.dmp

2015-02-18 22:09 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2015-02-18 22:09 - 2012-02-11 06:37 - 00317440 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe

2015-02-18 22:08 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2015-02-18 22:07 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\windows\explorer.exe

2015-02-18 21:32 - 2015-02-18 21:32 - 00022361 _____ () C:\ComboFix.txt

2015-02-18 20:26 - 2015-02-18 20:26 - 00151592 _____ () C:\windows\Minidump\021815-19484-01.dmp

2015-02-18 19:55 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2015-02-18 19:53 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2015-02-18 19:45 - 2015-02-18 19:45 - 00151592 _____ () C:\windows\Minidump\021815-27175-01.dmp

2015-02-18 18:53 - 2015-02-20 13:44 - 00000000 ____D () C:\Program Files\Paste Lorem ipsum

2015-02-18 18:30 - 2015-02-18 18:30 - 00151592 _____ () C:\windows\Minidump\021815-25069-01.dmp

2015-02-18 18:18 - 2015-02-20 11:50 - 00000000 ____D () C:\windows\Minidump

2015-02-18 18:18 - 2015-02-18 18:18 - 00151592 _____ () C:\windows\Minidump\021815-79794-01.dmp

2015-02-18 18:17 - 2015-02-20 11:50 - 215872922 _____ () C:\windows\MEMORY.DMP

2015-02-18 18:11 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe

2015-02-18 18:11 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe

2015-02-18 18:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe

2015-02-18 18:10 - 2015-02-18 21:33 - 00000000 ____D () C:\Qoobox

2015-02-18 18:10 - 2015-02-18 20:57 - 00000000 ____D () C:\windows\erdnt

2015-02-18 18:08 - 2015-02-18 17:17 - 05611903 ____R (Swearware) C:\Users\PePur\Desktop\ComboFix.exe

2015-02-18 17:38 - 2015-02-18 17:38 - 00001056 _____ () C:\Users\PePur\Desktop\Revo Uninstaller.lnk

2015-02-18 15:40 - 2015-02-21 19:30 - 00000000 ____D () C:\FRST

2015-02-18 15:34 - 2015-02-18 15:34 - 00000000 _____ () C:\Users\PePur\defogger_reenable

2015-02-18 15:04 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-02-18 15:04 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-02-18 15:04 - 2014-05-08 10:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll

2015-02-18 14:55 - 2015-02-18 14:56 - 00000000 ____D () C:\Program Files\Custom RSS News

2015-02-18 14:54 - 2015-02-18 14:56 - 00000000 ____D () C:\Program Files\laowrratte

2015-02-18 14:50 - 2015-02-18 14:55 - 00000000 ____D () C:\Program Files\buyandbirowsoe

2015-02-18 14:48 - 2015-02-18 14:53 - 00000000 ____D () C:\Program Files\ccheaPP4aalLL

2015-02-17 21:51 - 2015-02-20 13:51 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-17 21:49 - 2015-02-17 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-17 21:48 - 2015-02-17 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-02-17 21:48 - 2015-02-17 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-17 21:48 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2015-02-17 21:48 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2015-02-17 21:48 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2015-02-17 20:29 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll

2015-02-17 20:29 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys

2015-02-17 20:29 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll

2015-02-17 20:12 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2015-02-17 20:03 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2015-02-17 20:03 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-02-17 20:03 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-02-17 20:03 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2015-02-17 20:03 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2015-02-17 20:03 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2015-02-17 20:03 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2015-02-17 20:03 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2015-02-17 20:03 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2015-02-17 20:03 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2015-02-17 19:48 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll

2015-02-17 19:36 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe

2015-02-17 19:36 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll

2015-02-17 19:36 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys

2015-02-17 19:36 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys

2015-02-17 19:36 - 2012-06-02 15:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2015-02-17 19:29 - 2015-02-18 13:52 - 00000065 _____ () C:\Users\PePur\AppData\Roaming\WB.CFG

2015-02-17 18:26 - 2015-02-17 18:26 - 00000000 ____D () C:\ProgramData\{B4E05C23-E462-8DA5-55E4-FD2785662EA9}

2015-02-17 17:58 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll

2015-02-17 17:58 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll

2015-02-17 17:58 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe

2015-02-17 17:57 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll

2015-02-17 17:56 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll

2015-02-17 17:56 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll

2015-02-17 17:56 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll

2015-02-17 17:56 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll

2015-02-17 17:56 - 2012-07-06 20:23 - 00393728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys

2015-02-17 17:55 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL

2015-02-17 17:55 - 2014-07-08 23:30 - 00419992 _____ () C:\windows\system32\locale.nls

2015-02-17 17:55 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll

2015-02-17 17:55 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll

2015-02-17 17:55 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll

2015-02-17 17:55 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys

2015-02-17 17:54 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll

2015-02-17 17:54 - 2014-02-04 03:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys

2015-02-17 17:54 - 2014-02-04 03:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys

2015-02-17 17:54 - 2014-02-04 03:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys

2015-02-17 17:54 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll

2015-02-17 17:54 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys

2015-02-17 17:53 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2015-02-17 17:53 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2015-02-17 17:53 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2015-02-17 17:52 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll

2015-02-17 17:52 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2015-02-17 17:52 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2015-02-17 17:51 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2015-02-17 17:51 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2015-02-17 17:51 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2015-02-17 17:51 - 2014-01-24 03:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

2015-02-17 17:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll

2015-02-17 17:51 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys

2015-02-17 17:51 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys

2015-02-17 17:38 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe

2015-02-17 17:38 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\windows\system32\esent.dll

2015-02-17 17:37 - 2011-03-11 06:39 - 00143744 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys

2015-02-17 17:37 - 2011-03-11 06:39 - 00117120 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00332160 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00080256 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00022400 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys

2015-02-17 17:37 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\fsutil.exe

2015-02-17 17:37 - 2011-03-11 05:01 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS

2015-02-17 17:32 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2015-02-17 17:29 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll

2015-02-17 17:29 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll

2015-02-17 17:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2015-02-17 17:27 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2015-02-17 17:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll

2015-02-17 16:38 - 2015-02-21 18:18 - 00000000 ____D () C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC

2015-02-17 16:15 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-02-17 16:15 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2015-02-17 16:15 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2015-02-17 16:15 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2015-02-17 16:15 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-02-17 16:15 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe

2015-02-17 16:15 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2015-02-17 16:15 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2015-02-17 16:15 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-02-17 16:15 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll

2015-02-17 16:15 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-02-17 16:15 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2015-02-17 16:14 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe

2015-02-17 16:14 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-02-17 16:09 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-02-17 16:07 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-02-17 16:07 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-02-17 16:07 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-02-17 16:07 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-02-17 16:07 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-02-17 16:07 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-02-17 16:07 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-02-17 16:07 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-02-17 16:07 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-02-17 16:07 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-02-17 16:07 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-02-17 16:07 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-02-17 16:07 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-02-17 16:07 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-02-17 16:07 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-02-17 16:07 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-02-17 16:07 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-02-17 16:07 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-02-17 16:07 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-02-17 16:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-02-17 16:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-02-17 16:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-02-17 16:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-02-17 16:06 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-02-17 16:06 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-02-17 16:06 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-02-17 16:06 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-02-17 16:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-02-17 15:51 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2015-02-17 15:51 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll

2015-02-17 15:31 - 2015-02-17 15:31 - 00000000 ____D () C:\Program Files\RelayEdit
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-21 19:27 - 2014-09-18 15:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-02-21 18:44 - 2014-06-15 14:44 - 00000917 _____ () C:\windows\Tasks\EPSON XP-215 217 Series Update {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job

2015-02-21 18:44 - 2014-06-15 14:44 - 00000731 _____ () C:\windows\Tasks\EPSON XP-215 217 Series Invitation {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job

2015-02-21 18:44 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\system32\FxsTmp

2015-02-21 17:05 - 2009-12-08 07:51 - 01774385 _____ () C:\windows\WindowsUpdate.log

2015-02-21 16:58 - 2014-09-07 11:21 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-21 16:55 - 2014-09-07 11:49 - 00000000 ____D () C:\ProgramData\Garmin

2015-02-21 16:54 - 2014-09-07 11:48 - 00000000 ____D () C:\Program Files\Garmin

2015-02-21 16:25 - 2009-11-02 09:59 - 01618320 _____ () C:\windows\system32\PerfStringBackup.INI

2015-02-21 16:25 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-21 16:25 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-21 16:22 - 2014-04-21 13:57 - 00000000 ____D () C:\Users\PePur\AppData\Roaming\Skype

2015-02-21 16:15 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-02-21 16:15 - 2009-07-14 05:39 - 00102236 _____ () C:\windows\setupact.log

2015-02-20 14:04 - 2014-04-23 05:15 - 00001148 _____ () C:\Users\PePur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-02-20 13:45 - 2009-11-02 10:18 - 01028940 _____ () C:\windows\PFRO.log

2015-02-20 13:45 - 2009-07-29 11:36 - 00000000 ____D () C:\windows\ConfigSetRoot

2015-02-20 11:21 - 2009-07-14 05:33 - 00340968 _____ () C:\windows\system32\FNTCACHE.DAT

2015-02-18 22:19 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE

2015-02-18 21:51 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET

2015-02-18 21:28 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini

2015-02-18 21:00 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default

2015-02-18 21:00 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public

2015-02-18 15:34 - 2014-04-21 12:23 - 00000000 ____D () C:\Users\PePur

2015-02-18 14:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\SchCache

2015-02-17 21:46 - 2014-04-21 13:11 - 00000000 ____D () C:\Users\PePur\AppData\Local\Adobe

2015-02-17 21:26 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-17 21:17 - 2009-11-02 17:34 - 00000000 ____D () C:\windows\system32\Drivers\de-DE

2015-02-17 21:17 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing

2015-02-17 20:56 - 2014-04-23 02:02 - 00000000 ____D () C:\windows\system32\MRT

2015-02-17 20:33 - 2014-04-23 02:02 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2015-02-17 19:55 - 2009-12-08 08:20 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-17 19:21 - 2014-04-21 13:19 - 00002155 _____ () C:\windows\epplauncher.mif

2015-02-17 19:20 - 2014-04-21 13:17 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-02-17 19:19 - 2014-04-21 13:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-02-17 16:33 - 2014-12-30 14:41 - 00000045 _____ () C:\user.js

2015-02-17 15:36 - 2014-04-21 12:55 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

2015-02-17 15:36 - 2014-04-21 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
 

==================== Files in the root of some directories =======
 

2015-02-17 19:29 - 2015-02-18 13:52 - 0000065 _____ () C:\Users\PePur\AppData\Roaming\WB.CFG
 

Some content of TEMP:

====================

C:\Users\PePur\AppData\Local\temp\Quarantine.exe

C:\Users\PePur\AppData\Local\temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\windows\explorer.exe => File is digitally signed

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-07 13:53
 

==================== End Of Log ============================

--- --- ---

Danke!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

S2 38a94c45; c:\Program Files\RelayEdit\RelayEdit.dll [1648640 2015-02-17] () [File not signed]

S2 bb1a24ab; "C:\windows\system32\rundll32.exe" "c:\Program Files\RelayStasis\RelayStasis.dll",serv

c:\Program Files\RelayStasis

C:\Program Files\RelayEdit

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

und weiter geht's:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-02-2015

Ran by PePur at 2015-02-22 10:04:07 Run:1

Running from C:\Users\PePur\Desktop

Loaded Profiles: PePur (Available profiles: PePur)

Boot Mode: Normal
 

==============================================
 

Content of fixlist:

*****************

S2 38a94c45; c:\Program Files\RelayEdit\RelayEdit.dll [1648640 2015-02-17] () [File not signed]

S2 bb1a24ab; "C:\windows\system32\rundll32.exe" "c:\Program Files\RelayStasis\RelayStasis.dll",serv

c:\Program Files\RelayStasis

C:\Program Files\RelayEdit

Emptytemp:

*****************
 

38a94c45 => Service deleted successfully.

bb1a24ab => Service deleted successfully.

"c:\Program Files\RelayStasis" => File/Directory not found.

C:\Program Files\RelayEdit => Moved successfully.

EmptyTemp: => Removed 935.2 MB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog 10:05:05 ====

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-02-2015

Ran by PePur (administrator) on NETBOOK on 22-02-2015 14:55:27

Running from C:\Users\PePur\Desktop

Loaded Profiles: PePur (Available profiles: PePur)

Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

() C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsq6B99.tmp

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

() C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe

(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILGE.EXE

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-21] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1529128 2009-05-29] (Synaptics Incorporated)

HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)

HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)

HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATILGE.EXE [260160 2013-01-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2014-04-23] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Users\PePur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-4185872467-282433234-656447781-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-4185872467-282433234-656447781-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKU\S-1-5-21-4185872467-282433234-656447781-1000\...\Firefox\Extensions: [{E778513A-4128-E4CB-BEF2-7F4E0841656E}] - C:\Program Files\ver9TheBestDeals\189.xpi
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [582944 2009-08-11] (Broadcom Corporation.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 EpsonScanSvc; C:\windows\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)

R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)

R2 nisyseri; C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsq6B99.tmp [141312 2015-02-21] () [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

R2 WMCoreService; C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [430080 2009-09-24] () [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)

R3 e36gbus; C:\windows\System32\DRIVERS\e36gbus.sys [285056 2009-06-30] (MCCI Corporation)

R3 e36gmdfl; C:\windows\System32\DRIVERS\e36gmdfl.sys [14848 2009-06-30] (MCCI Corporation)

R3 e36gmdm; C:\windows\System32\DRIVERS\e36gmdm.sys [374272 2009-06-30] (MCCI Corporation)

R3 e36gmgmt; C:\windows\System32\DRIVERS\e36gmgmt.sys [357376 2009-06-30] (MCCI Corporation)

R3 e36wgps; C:\windows\System32\DRIVERS\e36wgps.sys [82984 2009-07-10] (Ericsson AB)

R3 ecnssndis; C:\windows\System32\Drivers\wwanuss.sys [10240 2009-09-22] (Ericsson AB)

R3 ecnssndisfltr; C:\windows\System32\Drivers\wwanussf.sys [14848 2009-09-22] (Ericsson AB)

R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)

S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

R3 WwanUsbServ; C:\windows\System32\DRIVERS\WwanUsbMp.sys [216616 2009-09-22] (Ericsson AB)

U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\PePur\AppData\Local\Temp\catchme.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-22 14:55 - 2015-02-22 14:56 - 00010992 _____ () C:\Users\PePur\Desktop\FRST.txt

2015-02-22 10:03 - 2015-02-21 19:30 - 01126400 _____ (Farbar) C:\Users\PePur\Desktop\FRST.exe

2015-02-21 19:27 - 2015-02-21 19:27 - 00000830 _____ () C:\Users\PePur\Desktop\checkup.txt

2015-02-21 19:17 - 2015-02-21 19:17 - 00852594 _____ () C:\Users\PePur\Desktop\SecurityCheck.exe

2015-02-21 16:56 - 2015-02-21 16:56 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2015-02-21 16:56 - 2015-02-21 16:56 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2015-02-21 16:54 - 2015-02-21 16:54 - 00001858 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2015-02-21 16:54 - 2015-02-21 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2015-02-21 16:37 - 2015-02-21 16:37 - 00000000 ____D () C:\Program Files\ESET

2015-02-21 16:33 - 2015-02-21 16:33 - 02347384 _____ (ESET) C:\Users\PePur\Desktop\esetsmartinstaller_deu.exe

2015-02-20 14:09 - 2015-02-20 14:09 - 00000620 _____ () C:\Users\PePur\Desktop\JRT.txt

2015-02-20 14:06 - 2015-02-20 11:17 - 01388274 _____ (Thisisu) C:\Users\PePur\Desktop\JRT.exe

2015-02-20 13:55 - 2015-02-20 14:04 - 00000000 ____D () C:\AdwCleaner

2015-02-20 13:55 - 2015-02-20 11:17 - 02126848 _____ () C:\Users\PePur\Desktop\AdwCleaner_4.111.exe

2015-02-20 13:54 - 2015-02-20 13:54 - 00003401 _____ () C:\Users\PePur\Desktop\mbam.txt

2015-02-20 11:50 - 2015-02-20 11:50 - 00151544 _____ () C:\windows\Minidump\022015-21044-01.dmp

2015-02-18 22:09 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2015-02-18 22:09 - 2012-02-11 06:37 - 00317440 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe

2015-02-18 22:08 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2015-02-18 22:07 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\windows\explorer.exe

2015-02-18 21:32 - 2015-02-18 21:32 - 00022361 _____ () C:\ComboFix.txt

2015-02-18 20:26 - 2015-02-18 20:26 - 00151592 _____ () C:\windows\Minidump\021815-19484-01.dmp

2015-02-18 19:55 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2015-02-18 19:53 - 2014-08-29 02:44 - 02744320 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2015-02-18 19:45 - 2015-02-18 19:45 - 00151592 _____ () C:\windows\Minidump\021815-27175-01.dmp

2015-02-18 18:53 - 2015-02-20 13:44 - 00000000 ____D () C:\Program Files\Paste Lorem ipsum

2015-02-18 18:30 - 2015-02-18 18:30 - 00151592 _____ () C:\windows\Minidump\021815-25069-01.dmp

2015-02-18 18:18 - 2015-02-20 11:50 - 00000000 ____D () C:\windows\Minidump

2015-02-18 18:18 - 2015-02-18 18:18 - 00151592 _____ () C:\windows\Minidump\021815-79794-01.dmp

2015-02-18 18:17 - 2015-02-20 11:50 - 215872922 _____ () C:\windows\MEMORY.DMP

2015-02-18 18:11 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe

2015-02-18 18:11 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe

2015-02-18 18:11 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe

2015-02-18 18:11 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe

2015-02-18 18:10 - 2015-02-18 21:33 - 00000000 ____D () C:\Qoobox

2015-02-18 18:10 - 2015-02-18 20:57 - 00000000 ____D () C:\windows\erdnt

2015-02-18 18:08 - 2015-02-18 17:17 - 05611903 ____R (Swearware) C:\Users\PePur\Desktop\ComboFix.exe

2015-02-18 17:38 - 2015-02-18 17:38 - 00001056 _____ () C:\Users\PePur\Desktop\Revo Uninstaller.lnk

2015-02-18 15:40 - 2015-02-22 14:55 - 00000000 ____D () C:\FRST

2015-02-18 15:34 - 2015-02-18 15:34 - 00000000 _____ () C:\Users\PePur\defogger_reenable

2015-02-18 15:04 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll

2015-02-18 15:04 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-02-18 15:04 - 2014-05-08 10:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll

2015-02-18 14:55 - 2015-02-18 14:56 - 00000000 ____D () C:\Program Files\Custom RSS News

2015-02-18 14:54 - 2015-02-18 14:56 - 00000000 ____D () C:\Program Files\laowrratte

2015-02-18 14:50 - 2015-02-18 14:55 - 00000000 ____D () C:\Program Files\buyandbirowsoe

2015-02-18 14:48 - 2015-02-18 14:53 - 00000000 ____D () C:\Program Files\ccheaPP4aalLL

2015-02-17 21:51 - 2015-02-20 13:51 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-17 21:49 - 2015-02-17 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-17 21:48 - 2015-02-17 21:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-02-17 21:48 - 2015-02-17 21:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-17 21:48 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2015-02-17 21:48 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2015-02-17 21:48 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2015-02-17 20:29 - 2012-08-23 15:48 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll

2015-02-17 20:29 - 2012-08-23 15:44 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys

2015-02-17 20:29 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll

2015-02-17 20:12 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll

2015-02-17 20:03 - 2013-10-02 01:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2015-02-17 20:03 - 2013-10-02 01:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-02-17 20:03 - 2013-10-02 01:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-02-17 20:03 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2015-02-17 20:03 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2015-02-17 20:03 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2015-02-17 20:03 - 2013-10-02 00:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2015-02-17 20:03 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2015-02-17 20:03 - 2013-10-01 23:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2015-02-17 20:03 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2015-02-17 19:48 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll

2015-02-17 19:36 - 2012-07-26 04:21 - 00196608 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe

2015-02-17 19:36 - 2012-07-26 04:20 - 00613888 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll

2015-02-17 19:36 - 2012-07-26 04:20 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll

2015-02-17 19:36 - 2012-07-26 03:33 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys

2015-02-17 19:36 - 2012-07-26 03:32 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys

2015-02-17 19:36 - 2012-06-02 15:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2015-02-17 19:29 - 2015-02-18 13:52 - 00000065 _____ () C:\Users\PePur\AppData\Roaming\WB.CFG

2015-02-17 18:26 - 2015-02-17 18:26 - 00000000 ____D () C:\ProgramData\{B4E05C23-E462-8DA5-55E4-FD2785662EA9}

2015-02-17 17:58 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll

2015-02-17 17:58 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll

2015-02-17 17:58 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll

2015-02-17 17:58 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe

2015-02-17 17:58 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe

2015-02-17 17:57 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll

2015-02-17 17:56 - 2014-01-28 03:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll

2015-02-17 17:56 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll

2015-02-17 17:56 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll

2015-02-17 17:56 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll

2015-02-17 17:56 - 2012-07-06 20:23 - 00393728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys

2015-02-17 17:55 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL

2015-02-17 17:55 - 2014-07-09 02:29 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL

2015-02-17 17:55 - 2014-07-08 23:30 - 00419992 _____ () C:\windows\system32\locale.nls

2015-02-17 17:55 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll

2015-02-17 17:55 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll

2015-02-17 17:55 - 2012-10-03 17:40 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll

2015-02-17 17:55 - 2012-10-03 16:21 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys

2015-02-17 17:54 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll

2015-02-17 17:54 - 2014-02-04 03:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys

2015-02-17 17:54 - 2014-02-04 03:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys

2015-02-17 17:54 - 2014-02-04 03:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys

2015-02-17 17:54 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll

2015-02-17 17:54 - 2013-08-05 02:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys

2015-02-17 17:53 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll

2015-02-17 17:53 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2015-02-17 17:53 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll

2015-02-17 17:52 - 2013-08-28 01:57 - 00434688 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll

2015-02-17 17:52 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll

2015-02-17 17:52 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll

2015-02-17 17:51 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe

2015-02-17 17:51 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2015-02-17 17:51 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2015-02-17 17:51 - 2014-01-24 03:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys

2015-02-17 17:51 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll

2015-02-17 17:51 - 2012-08-22 18:16 - 00712048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys

2015-02-17 17:51 - 2012-07-04 20:45 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys

2015-02-17 17:38 - 2012-08-21 21:12 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe

2015-02-17 17:38 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\windows\system32\esent.dll

2015-02-17 17:37 - 2011-03-11 06:39 - 00143744 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys

2015-02-17 17:37 - 2011-03-11 06:39 - 00117120 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00332160 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00080256 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys

2015-02-17 17:37 - 2011-03-11 06:38 - 00022400 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys

2015-02-17 17:37 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\fsutil.exe

2015-02-17 17:37 - 2011-03-11 05:01 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS

2015-02-17 17:32 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys

2015-02-17 17:29 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll

2015-02-17 17:29 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll

2015-02-17 17:27 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll

2015-02-17 17:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll

2015-02-17 17:27 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll

2015-02-17 17:27 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe

2015-02-17 17:27 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll

2015-02-17 16:38 - 2015-02-21 18:18 - 00000000 ____D () C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC

2015-02-17 16:15 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-02-17 16:15 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2015-02-17 16:15 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2015-02-17 16:15 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2015-02-17 16:15 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-02-17 16:15 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe

2015-02-17 16:15 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2015-02-17 16:15 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2015-02-17 16:15 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-02-17 16:15 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll

2015-02-17 16:15 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-02-17 16:15 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

2015-02-17 16:14 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe

2015-02-17 16:14 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-02-17 16:09 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-02-17 16:09 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-02-17 16:07 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-02-17 16:07 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-02-17 16:07 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll

2015-02-17 16:07 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-02-17 16:07 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll

2015-02-17 16:07 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-02-17 16:07 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-02-17 16:07 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe

2015-02-17 16:07 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe

2015-02-17 16:07 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe

2015-02-17 16:07 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-02-17 16:07 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll

2015-02-17 16:07 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-02-17 16:07 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-02-17 16:07 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-02-17 16:07 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-02-17 16:07 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-02-17 16:07 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-02-17 16:07 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

2015-02-17 16:06 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-02-17 16:06 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-02-17 16:06 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll

2015-02-17 16:06 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-02-17 16:06 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-02-17 16:06 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-02-17 16:06 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-02-17 16:06 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll

2015-02-17 16:06 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-02-17 15:51 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll

2015-02-17 15:51 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-02-22 14:53 - 2014-04-21 13:57 - 00000000 ____D () C:\Users\PePur\AppData\Roaming\Skype

2015-02-22 14:44 - 2014-06-15 14:44 - 00000917 _____ () C:\windows\Tasks\EPSON XP-215 217 Series Update {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job

2015-02-22 14:44 - 2014-06-15 14:44 - 00000731 _____ () C:\windows\Tasks\EPSON XP-215 217 Series Invitation {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job

2015-02-22 14:44 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\system32\FxsTmp

2015-02-22 14:27 - 2014-09-18 15:16 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-02-22 12:57 - 2009-12-08 07:51 - 01824691 _____ () C:\windows\WindowsUpdate.log

2015-02-22 10:14 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-22 10:14 - 2009-07-14 05:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-22 10:12 - 2009-11-02 09:59 - 01618320 _____ () C:\windows\system32\PerfStringBackup.INI

2015-02-22 10:07 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-02-22 10:07 - 2009-07-14 05:39 - 00102292 _____ () C:\windows\setupact.log

2015-02-22 10:06 - 2009-11-02 10:18 - 01030650 _____ () C:\windows\PFRO.log

2015-02-21 20:15 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\rescache

2015-02-21 16:58 - 2014-09-07 11:21 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-21 16:55 - 2014-09-07 11:49 - 00000000 ____D () C:\ProgramData\Garmin

2015-02-21 16:54 - 2014-09-07 11:48 - 00000000 ____D () C:\Program Files\Garmin

2015-02-20 14:04 - 2014-04-23 05:15 - 00001148 _____ () C:\Users\PePur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-02-20 13:45 - 2009-07-29 11:36 - 00000000 ____D () C:\windows\ConfigSetRoot

2015-02-20 11:21 - 2009-07-14 05:33 - 00340968 _____ () C:\windows\system32\FNTCACHE.DAT

2015-02-18 22:19 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\de-DE

2015-02-18 21:51 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\Microsoft.NET

2015-02-18 21:28 - 2009-07-14 03:04 - 00000215 _____ () C:\windows\system.ini

2015-02-18 21:00 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default

2015-02-18 21:00 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public

2015-02-18 15:34 - 2014-04-21 12:23 - 00000000 ____D () C:\Users\PePur

2015-02-18 14:06 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\SchCache

2015-02-17 21:46 - 2014-04-21 13:11 - 00000000 ____D () C:\Users\PePur\AppData\Local\Adobe

2015-02-17 21:26 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-17 21:17 - 2009-11-02 17:34 - 00000000 ____D () C:\windows\system32\Drivers\de-DE

2015-02-17 21:17 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\tracing

2015-02-17 20:56 - 2014-04-23 02:02 - 00000000 ____D () C:\windows\system32\MRT

2015-02-17 20:33 - 2014-04-23 02:02 - 113756392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2015-02-17 19:55 - 2009-12-08 08:20 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-17 19:21 - 2014-04-21 13:19 - 00002155 _____ () C:\windows\epplauncher.mif

2015-02-17 19:20 - 2014-04-21 13:17 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2015-02-17 19:19 - 2014-04-21 13:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-02-17 16:33 - 2014-12-30 14:41 - 00000045 _____ () C:\user.js

2015-02-17 15:36 - 2014-04-21 12:55 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

2015-02-17 15:36 - 2014-04-21 12:55 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
 

==================== Files in the root of some directories =======
 

2015-02-17 19:29 - 2015-02-18 13:52 - 0000065 _____ () C:\Users\PePur\AppData\Roaming\WB.CFG
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\windows\explorer.exe => File is digitally signed

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-02-21 20:07
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-02-2015

Ran by PePur at 2015-02-22 14:58:00

Running from C:\Users\PePur\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)

Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 5.30.18.0 - )

Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden

Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo)

Epson Event Manager (HKLM\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )

Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)

Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)

Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)

Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mobile Broadband drivers (HKLM\...\{AF1260EC-04B7-4679-9394-0C28223C152B}) (Version: 6.1.9.5 - Ericsson AB)

Mobile Broadband Manager (HKLM\...\{67673F8F-3896-4A3E-BC17-ED0CD3F83730}) (Version: 6.1.6.2 - Ericsson AB)

Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5942 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Software Updater (HKLM\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.1.2.0 - Synaptics Incorporated)

TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)

Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.68 - Crystal Office Systems)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-4185872467-282433234-656447781-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> "C:\Users\PePur\AppData\Local\Taplika\Application\31.0.1650.23\delegate_execute.exe" No File
 

==================== Restore Points  =========================
 

18-02-2015 20:19:13 ComboFix created restore point

18-02-2015 22:09:36 Windows Update

21-02-2015 16:45:24 Garmin Express

21-02-2015 16:57:25 Garmin Express

22-02-2015 02:08:04 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:04 - 2015-02-18 20:55 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {01F64A32-9CDA-4E67-B960-FD977E8C75C0} - System32\Tasks\RunTool => C:\Users\PePur\AppData\Local\b69ba874-d850-4c43-a0aa-753d45c167b4\sysad.exe [2015-02-17] ()

Task: {75D189F5-6977-4740-A3F2-003E016D24DF} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat

Task: {9BE5CC6B-F002-466A-90FE-727C4C72020A} - System32\Tasks\EPSON XP-215 217 Series Invitation {4BB6AA71-CA22-45E3-B1C7-06D450552EB8} => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {A538195E-946D-4EEB-AB83-D62C8C328059} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {A7ABEFB2-450D-4581-85F2-254028467306} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()

Task: {B53849E5-7A61-4367-9A39-86E9820AAD0F} - System32\Tasks\EPSON XP-215 217 Series Update {4BB6AA71-CA22-45E3-B1C7-06D450552EB8} => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {E802EDF6-AEC3-4B07-B291-4C70EED7E5ED} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-17] (Adobe Systems Incorporated)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\EPSON XP-215 217 Series Invitation {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE>/EXE:{4BB6AA71-CA22-45E3-B1C7-06D450552EB8} /F:InvitationSYSTEM©Searches for new information from EPSON, and notifies you when they are available. This task is uninstalled automatically when you uninstall the related printer driver.{0Þ,¥<

Task: C:\windows\Tasks\EPSON XP-215 217 Series Update {4BB6AA71-CA22-45E3-B1C7-06D450552EB8}.job => C:\windows\system32\spool\DRIVERS\W32X86\3\E_FTSLGE.EXE:/EXE:{4BB6AA71-CA22-45E3-B1C7-06D450552EB8} /F:UpdateSYSTEM

Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.This task is uninstalled automatically when you uninstall the related printer driver.{0Þ,¥<
 

==================== Loaded Modules (whitelisted) ==============
 

2009-08-11 17:10 - 2009-08-11 17:10 - 00132384 _____ () C:\Program Files\Lenovo\Bluetooth Software\btkeyind.dll

2015-02-21 18:18 - 2015-02-21 18:18 - 00141312 _____ () C:\Users\PePur\AppData\Roaming\CDE6A2FD-1424191138-DE11-9904-002622DE56CC\nsq6B99.tmp

2009-09-24 11:54 - 2009-09-24 11:54 - 00430080 ____R () C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe

2009-03-25 22:08 - 2009-03-25 22:08 - 00058880 ____R () C:\Program Files\Mobile Broadband Drivers\WMCore\MBMDebug.dll

2009-12-08 08:15 - 2008-12-20 04:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll

2009-12-08 08:15 - 2008-12-20 04:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-4185872467-282433234-656447781-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg

DNS Servers: 192.168.178.1
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: Garmin Core Update Service => 2
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-4185872467-282433234-656447781-500 - Administrator - Disabled)

Gast (S-1-5-21-4185872467-282433234-656447781-501 - Limited - Disabled)

PePur (S-1-5-21-4185872467-282433234-656447781-1000 - Administrator - Enabled) => C:\Users\PePur
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (02/21/2015 08:08:13 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.

Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
 
 

System errors:

=============

Error: (02/22/2015 10:08:53 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (02/21/2015 04:33:10 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (02/21/2015 04:26:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (02/21/2015 04:25:48 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (02/21/2015 04:16:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (02/21/2015 04:16:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
 

Error: (02/21/2015 04:16:37 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)

Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
 

Error: (02/21/2015 04:16:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RelayStasis erreicht.
 

Error: (02/20/2015 02:20:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 

Error: (02/20/2015 02:15:57 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
 

        Neue Signaturversion: 
 

        Vorherige Signaturversion: 1.193.191.0
 

        Aktualisierungsquelle: %NT-AUTORITÄT59
 

        Aktualisierungsphase: 4.7.0205.00
 

        Quellpfad: 4.7.0205.01
 

        Signaturtyp: %NT-AUTORITÄT602
 

        Aktualisierungstyp: %NT-AUTORITÄT604
 

        Benutzer: NT-AUTORITÄT\SYSTEM
 

        Aktuelle Modulversion: %NT-AUTORITÄT605
 

        Vorherige Modulversion: %NT-AUTORITÄT606
 

        Fehlercode: %NT-AUTORITÄT607
 

        Fehlerbeschreibung: %NT-AUTORITÄT608
 
 

Microsoft Office Sessions:

=========================

Error: (12/30/2014 10:37:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2063 seconds with 240 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz

Percentage of memory in use: 54%

Total physical RAM: 1013.95 MB

Available physical RAM: 457.76 MB

Total Pagefile: 2037.95 MB

Available Pagefile: 1015.15 MB

Total Virtual: 2047.88 MB

Available Virtual: 1925.35 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:103.85 GB) (Free:69.68 GB) NTFS

Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:30.12 GB) NTFS

Drive e: (1GB) (Removable) (Total:0.97 GB) (Free:0.38 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 6F90267D)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=103.9 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)

Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 996 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=995 MB) - (Type=06)
 

==================== End Of Log ============================

Gruß
Rik

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.