Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Firefox und Explorer öffnen ständig neue Tabs

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.06.2015, 21:57   #1
TintenfischM
 
Firefox und Explorer öffnen ständig neue Tabs - Standard

Firefox und Explorer öffnen ständig neue Tabs



Hallo,

Firefox und Explorer öffnen seit heute abend ständig neue Tabs und kleine Fenster, so dass das Arbeiten an dem Rechner kaum möglich ist.

Beiliegend die Logfiles mit Funden; Gmer konnte leider nicht gestartet werden.

Bitte um Eure Hilfe!

MM

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:16 on 20/06/2015 (mmarinova)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         


Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by mmarinova (administrator) on I000-HIFULAP on 20-06-2015 22:18:59
Running from C:\Users\mmarinova.I000-HIFULAP\Desktop
Loaded Profiles: mmarinova (Available Profiles: admin & raduser & mmarinova)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DTools LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Hewlett-Packard\HP Theft Recovery\CtService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Matrix42 AG) C:\Windows\System32\Empirum\ERIS.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Matrix42 AG) C:\Windows\System32\Empirum\ERIS_UI.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
() C:\Program Files\Search Extensions\Client.exe
(MEDOS AG) C:\Windows\System32\UMSClient\UMSTray.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\SUService.exe
(IBM) C:\Program Files\IBM\Lotus\Notes\nsd.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(MEDOS AG) C:\Windows\System32\UMSClient\UMSClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\avp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\NetworkAgent\vapm.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\nlnotes.exe
(IBM) C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe
(IBM Corp) C:\Program Files\IBM\Lotus\Notes\ntaskldr.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\mmarinova.I000-HIFULAP\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM\...\Run: [HPConnectionManager] => c:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-09-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QLBController] => C:\Program Files\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-08-01] (Hewlett-Packard Company)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-05-17] (Intel Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe [159536 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [72992 2013-07-25] (Hewlett-Packard Company)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [CLMLServer_For_P2G8] => c:\Program Files\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM\...\Run: [CLVirtualDrive] => c:\Program Files\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM\...\Run: [HP File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-08-07] (Hewlett-Packard)
HKLM\...\Run: [erisui] => "C:\Windows\system32\Empirum\eris_ui" /hide
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
HKLM\...\Run: [MEDOSUMSTray] => C:\Windows\System32\UMSClient\UMSTray.exe [266240 2008-02-12] (MEDOS AG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2453232 2014-12-28] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [1704028 2014-12-28] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2225548520-667933942-413828090-1005\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2014-11-07]
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2225548520-667933942-413828090-1005] => Internet Explorer proxy is enabled
ProxyServer: [S-1-5-21-2225548520-667933942-413828090-1005] => http=127.0.0.1:49217;https=127.0.0.1:49217
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1434823623&z=e5846483434bfbb0712e914g6zac9zdb1odcbq5ocz&from=tti&uid=TOSHIBAXMQ01ACF050_94H9C1X6TXX94H9C1X6T&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1434823623&z=e5846483434bfbb0712e914g6zac9zdb1odcbq5ocz&from=tti&uid=TOSHIBAXMQ01ACF050_94H9C1X6TXX94H9C1X6T&q={searchTerms}
HKU\S-1-5-21-2225548520-667933942-413828090-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-08-07] (Hewlett-Packard)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.omniboxes.com/?type=sc&ts=1434823623&z=e5846483434bfbb0712e914g6zac9zdb1odcbq5ocz&from=tti&uid=TOSHIBAXMQ01ACF050_94H9C1X6TXX94H9C1X6T

FireFox:
========
FF ProfilePath: C:\Users\mmarinova.I000-HIFULAP\AppData\Roaming\Mozilla\Firefox\Profiles\68mtvqy2.default
FF DefaultSearchEngine: omniboxes
FF Homepage: https://translate.google.de/|https://support.mozilla.org/de/kb/Wie-beeinflussen-Inhalte-die-nicht-sicher-sind-meine-Sicherheit?as=u&utm_source=inproduct
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll [2014-10-30] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-12-28] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-12-28] (Intel Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin: digitalpersona.com/ChromeDPAgent -> c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-09-14] (DigitalPersona, Inc.)
FF SearchPlugin: C:\Users\mmarinova.I000-HIFULAP\AppData\Roaming\Mozilla\Firefox\Profiles\68mtvqy2.default\searchplugins\omniboxes.xml [2015-06-20]
FF HKLM\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: DPChrome - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-10-03]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-09-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\avp.exe [741360 2013-11-27] (Kaspersky Lab ZAO)
R2 Bluetooth Device Monitor; C:\Program Files\Intel\Bluetooth\devmonsrv.exe [1120192 2012-11-06] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Intel\Bluetooth\mediasrv.exe [1361856 2012-11-06] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Intel\Bluetooth\obexsrv.exe [1140672 2012-11-06] (Motorola Solutions, Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279144 2015-05-24] (Intel Corporation)
R2 CtAgentService; C:\Program Files\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2014-03-31] () [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-18] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [376144 2013-09-14] (DigitalPersona, Inc.)
R2 ERIS; C:\Windows\system32\Empirum\Eris.exe [89432 2013-05-17] (Matrix42 AG)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [567608 2013-09-06] (Hewlett-Packard Company)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-11-04] (Macrovision Europe Ltd.) [File not signed]
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [1758424 2013-08-07] (Hewlett-Packard)
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-08-01] (Hewlett-Packard Company)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [291432 2015-05-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-12-28] (Intel Corporation)
S3 iumsvc; C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-12-28] (Intel Corporation)
R2 klnagent; C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe [132600 2013-11-19] (Kaspersky Lab ZAO)
R2 LNSUSvc; C:\Program Files\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Program Files\IBM\Lotus\Notes\nsd.exe [4453768 2011-09-16] (IBM)
R2 MEDOSUMSClientService; C:\Windows\System32\UMSClient\UMSclient.exe [274432 2008-02-12] (MEDOS AG) [File not signed]
R2 Multi-user Cleanup Service; C:\Program Files\IBM\Lotus\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [242928 2013-06-13] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-04-28] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-04-28] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [319570 2014-12-28] (IDT, Inc.) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [563112 2014-08-15] (Cisco Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-12-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [695976 2015-06-20] (DTools LIMITED) <==== ATTENTION
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2524912 2013-06-13] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-08-15] (Cisco Systems, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [108416 2012-10-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1067392 2012-11-06] (Motorola Solutions, Inc.)
S3 btmlehid; C:\Windows\system32\drivers\btmlehid.sys [61824 2012-11-13] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [73712 2011-12-27] (CyberLink)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [51512 2013-06-13] (Hewlett-Packard Company)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d6232.sys [316176 2014-09-29] (Intel Corporation)
R0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [505192 2013-08-08] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [25448 2013-08-08] (Intel Corporation)
R3 ibtfltcoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [55336 2012-08-06] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [30136 2013-07-26] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [19216 2015-05-17] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [388368 2015-05-17] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [808720 2015-05-17] (Intel Corporation)
R3 iwdbus; C:\Windows\system32\drivers\iwdbus.sys [22456 2013-07-26] (Intel Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-09-05] (Kaspersky Lab ZAO)
R1 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [25696 2013-07-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624736 2014-10-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-07-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [43864 2012-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144224 2013-07-01] (Kaspersky Lab ZAO)
R3 MEI; C:\Windows\System32\DRIVERS\TeeDriver.sys [86488 2014-12-28] (Intel Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10375680 2013-05-29] (Intel Corporation)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [44608 2014-12-05] (WinMagic Inc.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [334552 2013-08-21] (Realsil Semiconductor Corporation)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [474816 2014-12-05] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [138688 2014-12-05] (WinMagic Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [25328 2013-09-04] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27888 2014-12-28] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [184216 2013-06-21] (Windows (R) Win 7 DDK provider)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-08-15] (Cisco Systems, Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [80480 2014-10-30] (Kaspersky Lab ZAO)
S1 wsfd_1_10_0_17; system32\drivers\wsfd_1_10_0_17.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 22:18 - 2015-06-20 22:19 - 00023978 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\FRST.txt
2015-06-20 22:18 - 2015-06-20 22:19 - 00000000 ____D C:\FRST
2015-06-20 22:18 - 2015-06-20 22:18 - 01148416 _____ (Farbar) C:\Users\mmarinova.I000-HIFULAP\Desktop\FRST.exe
2015-06-20 22:16 - 2015-06-20 22:16 - 00000480 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\defogger_disable.log
2015-06-20 22:16 - 2015-06-20 22:16 - 00000000 _____ C:\Users\mmarinova.I000-HIFULAP\defogger_reenable
2015-06-20 22:15 - 2015-06-20 22:15 - 00050477 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\Defogger.exe
2015-06-20 21:34 - 2015-06-20 21:34 - 00000000 ____D C:\Users\mmarinova.I000-HIFULAP\AppData\Roaming\smkits
2015-06-20 21:12 - 2015-06-20 21:12 - 00218343 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\bookmarks.html
2015-06-20 20:26 - 2015-06-20 20:26 - 00000000 ____D C:\ProgramData\2374aa6900002b7f
2015-06-20 20:15 - 2015-06-20 20:15 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2015-06-20 20:12 - 2015-06-20 21:00 - 00000348 _____ C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job
2015-06-20 20:12 - 2015-06-20 20:12 - 00000000 ____D C:\ProgramData\{8d82a37b-9143-ba90-8d82-2a37b9148dee}
2015-06-20 20:07 - 2015-06-20 20:09 - 00000000 ____D C:\Program Files\Search Extensions
2015-06-20 20:07 - 2015-06-20 20:07 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-06-20 20:07 - 2015-06-20 20:07 - 00000000 _____ C:\Windows\prleth.sys
2015-06-20 20:07 - 2015-06-20 20:07 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-20 10:55 - 2015-06-20 12:48 - 00389120 _____ C:\Users\mmarinova.I000-HIFULAP\Documents\Database1.accdb
2015-06-15 22:13 - 2015-06-15 22:43 - 00224072 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\HIFU_Pankreas MÜCKE 150615.xlsx
2015-06-15 21:57 - 2015-06-15 22:41 - 00026830 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\HIFU_Pankreas_st 150615 GL.xlsx
2015-06-10 10:38 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 10:38 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 10:38 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 10:38 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 10:38 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 10:38 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 10:38 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 10:38 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 10:38 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 10:38 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 10:38 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 10:38 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 10:38 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 10:38 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 10:38 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 10:38 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 10:38 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 10:38 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 10:38 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 10:38 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 10:38 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 10:38 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 10:38 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 10:38 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 10:38 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 10:38 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 10:38 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 10:38 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 10:38 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 10:38 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 10:38 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 10:38 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 10:38 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 10:38 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 10:37 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 10:37 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 10:37 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 10:37 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 10:37 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 10:37 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 10:37 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 10:37 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 10:37 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 10:37 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 10:37 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 10:37 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 10:37 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 10:37 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 10:37 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 10:37 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 10:37 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 10:37 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 10:37 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 10:37 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 10:37 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 10:37 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 10:37 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 10:37 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 10:37 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:37 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:37 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 10:37 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 10:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 10:37 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 10:37 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 10:36 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-08 11:55 - 2015-06-15 22:43 - 00102291 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\HIFU_Pankreas 150608.xlsx
2015-06-05 13:44 - 2015-06-05 13:44 - 00001277 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\HIFU RöFo.lnk
2015-06-05 10:23 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-05 10:23 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-05 10:23 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-05 10:23 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-05 10:23 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-05 10:23 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-05 10:23 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-05 10:23 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-02 21:07 - 2015-06-05 10:10 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-01 09:08 - 2015-06-01 10:02 - 00223565 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\HIFU_Pankreas MÜCKE 150601.xlsx
2015-06-01 09:07 - 2015-06-08 13:19 - 00286042 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\HIFU_Pankreas EORTC 140601.xlsx
2015-05-31 14:03 - 2015-05-31 14:03 - 00001268 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\HIFU IJC.lnk
2015-05-28 12:45 - 2015-05-28 12:45 - 00000000 ____D C:\Program Files\Common Files\ResearchSoft
2015-05-24 15:21 - 2015-05-24 15:20 - 01399240 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00623616 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00412264 _____ C:\Windows\system32\igfxTray.exe
2015-05-24 15:21 - 2015-05-24 15:20 - 00403671 _____ C:\Windows\system32\ImageStabilization.wmv
2015-05-24 15:21 - 2015-05-24 15:20 - 00330240 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00304128 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL32.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00279144 _____ (Intel Corporation) C:\Windows\system32\IntelCpHeciSvc.exe
2015-05-24 15:21 - 2015-05-24 15:20 - 00190464 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00184352 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00181352 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-05-24 15:21 - 2015-05-24 15:20 - 00154112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4139.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00086528 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD32.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00082972 _____ C:\Windows\system32\iglhxs32.vp
2015-05-24 15:21 - 2015-05-24 15:20 - 00080384 _____ C:\Windows\system32\igfxCUIServicePS.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00059904 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00038640 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00010752 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-05-24 15:21 - 2015-05-24 15:20 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 17301432 _____ C:\Windows\system32\igd11dxva32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 10853888 _____ (Intel Corporation) C:\Windows\system32\igdfcl32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 08570112 _____ (Intel Corporation) C:\Windows\system32\igd10iumd32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 07457280 _____ (Intel Corporation) C:\Windows\system32\ig75icd32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 05976569 _____ C:\Windows\system32\igdclbif.bin
2015-05-24 15:20 - 2015-05-24 15:20 - 04072888 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
2015-05-24 15:20 - 2015-05-24 15:20 - 03313152 _____ (Intel Corporation) C:\Windows\system32\igdrcl32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 01131520 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 01063936 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 01028712 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-05-24 15:20 - 2015-05-24 15:20 - 01025128 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-05-24 15:20 - 2015-05-24 15:20 - 00641530 _____ C:\Windows\system32\FilmModeDetection.wmv
2015-05-24 15:20 - 2015-05-24 15:20 - 00515488 _____ (Intel Corporation) C:\Windows\system32\igdmd32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 00403048 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-05-24 15:20 - 2015-05-24 15:20 - 00375173 _____ C:\Windows\system32\ColorImageEnhancement.wmv
2015-05-24 15:20 - 2015-05-24 15:20 - 00369936 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2015-05-24 15:20 - 2015-05-24 15:20 - 00350208 _____ (Intel Corporation) C:\Windows\system32\igdbcl32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 00339048 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-05-24 15:20 - 2015-05-24 15:20 - 00338536 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-05-24 15:20 - 2015-05-24 15:20 - 00263120 _____ (Intel Corporation) C:\Windows\system32\igd10idpp32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 00232960 _____ C:\Windows\system32\igfxCPL.cpl
2015-05-24 15:20 - 2015-05-24 15:20 - 00187392 _____ C:\Windows\system32\igdde32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 00178672 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 00178176 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 00152064 _____ (Intel Corporation) C:\Windows\system32\igdail32.dll
2015-05-24 15:20 - 2015-05-24 15:20 - 00000935 _____ C:\Windows\system32\Gfxv4_0.exe.config
2015-05-24 15:20 - 2015-05-24 15:20 - 00000935 _____ C:\Windows\system32\DPTopologyApp.exe.config

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 22:16 - 2014-11-19 12:36 - 00000000 ____D C:\Users\mmarinova.I000-HIFULAP
2015-06-20 21:48 - 2013-12-27 07:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-20 21:10 - 2009-07-14 06:34 - 00037184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-20 21:10 - 2009-07-14 06:34 - 00037184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-20 21:07 - 2015-01-08 23:19 - 00000000 ___RD C:\milka
2015-06-20 21:06 - 2014-10-30 10:29 - 02027405 _____ C:\Windows\WindowsUpdate.log
2015-06-20 21:05 - 2010-11-20 23:01 - 01622494 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-20 21:01 - 2014-10-30 14:31 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-20 21:01 - 2013-12-27 07:48 - 00000000 ____D C:\ProgramData\PDFC
2015-06-20 21:00 - 2015-01-03 21:42 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleFormmarinova.job
2015-06-20 21:00 - 2014-10-30 16:23 - 00100086 _____ C:\SUService.log
2015-06-20 21:00 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-20 21:00 - 2009-07-14 06:39 - 00098967 _____ C:\Windows\setupact.log
2015-06-20 20:59 - 2010-11-20 23:48 - 00085102 _____ C:\Windows\PFRO.log
2015-06-20 20:42 - 2014-11-22 22:20 - 00000000 __SHD C:\Users\mmarinova.I000-HIFULAP\AppData\Local\EmieUserList
2015-06-20 20:42 - 2014-11-22 22:20 - 00000000 __SHD C:\Users\mmarinova.I000-HIFULAP\AppData\Local\EmieSiteList
2015-06-20 20:42 - 2014-11-22 22:20 - 00000000 __SHD C:\Users\mmarinova.I000-HIFULAP\AppData\Local\EmieBrowserModeList
2015-06-20 20:27 - 2014-12-28 11:52 - 00000052 _____ C:\Windows\system32\DOErrors.log
2015-06-20 20:25 - 2014-12-12 09:18 - 00001398 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\Internet Explorer.lnk
2015-06-20 20:25 - 2014-11-19 12:36 - 00001428 _____ C:\Users\mmarinova.I000-HIFULAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-20 20:25 - 2014-10-30 16:06 - 00001124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-20 20:25 - 2014-10-30 16:06 - 00001112 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-20 20:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Resources
2015-06-14 22:17 - 2014-10-30 12:46 - 00000000 ____D C:\Windows\system32\MRT
2015-06-14 22:13 - 2014-10-30 12:46 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-14 19:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-14 19:06 - 2009-07-14 06:33 - 01678848 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-14 19:03 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-14 10:35 - 2014-10-30 14:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 10:48 - 2013-12-27 07:48 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 10:48 - 2013-12-27 07:48 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-06-09 13:16 - 2014-10-30 10:35 - 00001168 _____ C:\Windows\system32\config\netlogon.ftl
2015-06-05 13:16 - 2014-12-14 17:35 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-05 13:16 - 2014-10-30 13:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-05 10:10 - 2014-10-30 16:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-30 16:43 - 2015-05-09 07:17 - 00025724 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\HIFU_Pankreas_st 150509 GL.xlsx
2015-05-30 11:32 - 2015-02-02 16:35 - 00197968 ____N C:\Windows\Minidump\053015-14024-01.dmp
2015-05-30 11:32 - 2015-02-02 16:35 - 00000000 ____D C:\Windows\Minidump
2015-05-28 12:45 - 2014-10-31 15:00 - 00000000 ____D C:\Users\Public\Documents\EndNote
2015-05-28 12:45 - 2014-10-31 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
2015-05-28 12:45 - 2014-10-31 14:59 - 00000000 ____D C:\Program Files\EndNote X7
2015-05-28 12:45 - 2014-10-31 14:58 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2015-05-26 23:05 - 2014-11-30 16:54 - 00673922 _____ C:\Users\mmarinova.I000-HIFULAP\Desktop\EndNote_HIFU.enl
2015-05-24 15:53 - 2015-01-26 21:34 - 00015450 _____ C:\Windows\system32\results.xml
2015-05-24 15:52 - 2015-03-29 10:53 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-05-24 15:52 - 2014-10-03 17:57 - 00000000 ____D C:\Intel
2015-05-24 15:20 - 2015-03-28 21:56 - 01986048 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2015-05-24 15:20 - 2015-03-28 21:56 - 00621056 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2015-05-24 15:20 - 2015-03-28 21:56 - 00291432 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2015-05-24 15:20 - 2015-03-28 21:56 - 00260200 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2015-05-24 15:20 - 2015-03-28 21:56 - 00247296 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2015-05-24 15:20 - 2015-03-28 21:56 - 00208488 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-05-24 15:20 - 2014-10-03 17:57 - 00086528 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2015-05-24 15:20 - 2013-09-18 12:04 - 24017544 _____ (Intel Corporation) C:\Windows\system32\igdumdim32.dll
2015-05-24 15:20 - 2013-09-18 11:50 - 04775592 _____ (Intel Corporation) C:\Windows\system32\igdusc32.dll
2015-05-22 16:17 - 2015-04-04 23:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-22 09:34 - 2014-10-30 09:33 - 00006478 __RSH C:\ProgramData\ntuser.pol

==================== Files in the root of some directories =======

2014-11-20 21:10 - 2015-02-21 22:02 - 0041472 _____ () C:\Users\mmarinova.I000-HIFULAP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\instrad\AppData\Local\Temp\0aef5c8d-d99f-463a-8cff-2ef84a423d27.exe
C:\Users\instrad\AppData\Local\Temp\a4516f35-47df-448b-9ccb-a2c13799e522.exe
C:\Users\instrad\AppData\Local\Temp\a625016e-eeea-44b4-8d9e-ed8e496d2069.exe
C:\Users\instrad\AppData\Local\Temp\DelayInst.exe
C:\Users\instrad\AppData\Local\Temp\e64f0fa3-cd7b-4661-9b81-adc4aa32cc9e.exe
C:\Users\instrad\AppData\Local\Temp\installservice.exe
C:\Users\instrad\AppData\Local\Temp\Risweb32.exe
C:\Users\instrad\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\Extract.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\jna1618548428545400380.dll
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\jna4966294746321301037.dll
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\paint.net.4.0.3.install.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\paint.net.4.0.5.install.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\sp64126.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP64169.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP65246.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP65596.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP65630.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP65953.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP66111.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP67047.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP68055.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP68420.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP69840.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP70002.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP70378.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP70556.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP71113.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP71152.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\SP71287.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\supoptsetup.exe
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\raduser.RADIOLOGIE\AppData\Local\Temp\Medos_In_Betrieb.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-14 12:04

==================== End of log ============================
         

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by mmarinova at 2015-06-20 22:19:58
Running from C:\Users\mmarinova.I000-HIFULAP\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-2225548520-667933942-413828090-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2225548520-667933942-413828090-500 - Administrator - Enabled)
Gast (S-1-5-21-2225548520-667933942-413828090-501 - Limited - Disabled)
mmarinova (S-1-5-21-2225548520-667933942-413828090-1005 - Administrator - Enabled) => C:\Users\mmarinova.I000-HIFULAP
raduser (S-1-5-21-2225548520-667933942-413828090-1004 - Limited - Enabled) => C:\Users\raduser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Endpoint Security 10 für Windows (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Endpoint Security 10 für Windows (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 für Windows (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 17.1.1 - Hewlett-Packard) Hidden
Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen (HKLM\...\Adobe_dfd2069092cb19bffcf6e736bd79ae1) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11)  MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Alcor Micro Smart Card Reader Driver (HKLM\...\SZCCID) (Version: 1.7.37.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (Version: 1.7.37.0 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05182 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.05182 - Cisco Systems, Inc.) Hidden
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
CyberLink Power2Go 8 (HKLM\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3318 - CyberLink Corp.)
Empirum Agent 15.1 (HKLM\...\Matrix42 Empirum Agent 15.1) (Version: 15.1 - Matrix42)
EndNote X7 (HKLM\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.3.1.8614 - Thomson Reuters)
Energy Star (HKLM\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.0.1696 - Hewlett-Packard Company)
HP Connection Manager (HKLM\...\{04C23662-CE15-48BE-AF77-7BD9028934E7}) (Version: 4.6.14.1 - Hewlett-Packard Company)
HP Device Access Manager (HKLM\...\{D7BC5D88-FC93-46D6-B7B0-145C2E168A95}) (Version: 8.2.1.0 - Hewlett-Packard Company)
HP Documentation (HKLM\...\{1F9551BA-A9D4-4F9D-8526-F8CEB8C10C3E}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.14.20 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.11.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP PageLift (HKLM\...\{708ABF62-5D7A-4550-823A-1F9EFA63645A}) (Version: 1.0.11.1 - Hewlett-Packard Company)
HP Setup (HKLM\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Software Setup (HKLM\...\{B1AFAD6F-9192-421F-9DFF-60A59571366B}) (Version: 8.7.3 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP System Default Settings (HKLM\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Theft Recovery (HKLM\...\InstallShield_{B1E569B6-A5EB-4C97-9F93-9ED2AA99AF0E}) (Version: 8.3.0.7 - Hewlett-Packard Company)
IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.5 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4139 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1211-148929CC1385}) (Version: 2.6.1211.0294 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) Update Manager (HKLM\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.4.65 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{201B03D6-FDDA-4C70-8A15-887F5B3CE365}) (Version: 4.2.19.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM\...\{c7e31d24-c0d0-4e7d-905d-2d4f8ca67df2}) (Version: 16.1.0 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Kaspersky Endpoint Security 10 für Windows (HKLM\...\{9813DD3F-A28E-4B98-ACDE-12A3AB1C42E4}) (Version: 10.2.1.23 - Kaspersky Lab)
Kaspersky Security Center Administrationsagent (HKLM\...\InstallWIX_{2F383CB3-6D7C-449D-9874-164E49E1E0F5}) (Version: 10.1.249 - Kaspersky Lab ZAO)
Kaspersky Security Center Administrationsagent (Version: 10.1.249 - Kaspersky Lab ZAO) Hidden
Lotus Notes 8.5.3 de (HKLM\...\{122A716C-63AD-4F73-BDCD-309F0A799C91}) (Version: 8.53.11286 - IBM)
med RIS Ole Client (HKLM\...\{B38A03D4-2E28-4834-B646-BC742C51DA63}) (Version: 9.3.1607 - NEXUS AG)
MEDOS UMSClient (HKLM\...\MEDOS UMSClient) (Version:  - MEDOS AG)
medos.med UI Version 9.3.2294 (HKLM\...\{637A9810-305E-4148-90EA-8F6CCD0351A1}) (Version: 9.3.2294 - NEXUS AG)
MEDOSWEB Client (HKLM\...\{C395389D-8784-4305-954A-98BB74641307}) (Version: 9.2.1421 - NEXUS AG)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Interop Forms Redistributable Package 2.0a (HKLM\...\{76D1AA2B-A434-4D63-BE2C-80286F23C223}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Office (HKLM\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MySQL Connector/ODBC 5.3 (HKLM\...\{5CB5015E-B265-49C1-8E5D-CF00A276CB59}) (Version: 5.3.2 - Oracle Corporation)
ODBC Treiber für Cache 3.x und Cache 4.x (HKLM\...\ODBC Treiber für Cache 3.x und Cache 4.x) (Version:  - )
Office 2010 14.B (HKLM\...\Microsoft Office 2010 14.B) (Version: 14.B - Microsoft)
opensource (Version: 1.0.14960.3876 - Your Company Name) Hidden
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF4819}) (Version: 4.0.3 - dotPDN LLC)
PDF Complete Corporate Edition (HKLM\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.9.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
RocketTab (HKLM\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION!
Samsung Universal Print Driver 2 (HKLM\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Stata 13 (HKLM\...\{217BE429-022D-4094-960F-0376E1CBE13E}) (Version: 13.0 - StataCorp LP)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.23 - Synaptics Incorporated)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2225548520-667933942-413828090-1005_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

02-06-2015 21:52:22 Geplanter Prüfpunkt
03-06-2015 23:16:50 Windows Update
05-06-2015 11:06:27 Windows Update
08-06-2015 11:12:29 HPSF Applying updates
09-06-2015 08:56:40 Windows Update
14-06-2015 10:19:23 Windows Update
14-06-2015 22:13:05 Windows Update
19-06-2015 17:38:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02231156-9F02-4C4D-82DE-527E5415F0C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {04380F2A-72BB-40B4-B572-8486670B4891} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {0EC2DABD-DCD3-4E3A-9972-DBEEC06BDE83} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {199976ED-A60A-402A-BA2B-E4A1BC7994CB} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{8d82a37b-9143-ba90-8d82-2a37b9148dee}\hqghumeaylnlf.exe [2014-06-20] (Super PC Tools Ltd) <==== ATTENTION
Task: {1B2BD532-C824-48EF-9A65-AE2DB35CF833} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1E7DEFEF-90D2-4F38-8ADC-8926332859B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {1EE0975B-85BF-42D8-84B1-64CD3548298B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2A15D728-F701-483A-ACDE-D039393112E4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {33478FC4-C4E2-4816-875C-C1F343813BAB} - System32\Tasks\RocketTab Update Task => C:\Program Files\Search Extensions\uninstall.exe <==== ATTENTION
Task: {3691B2E4-F610-4BA7-853A-29443413E9D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3DDD5588-8777-45A9-B96C-E3077394BDE2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {42C72720-3A4F-4D86-9D3E-F00949A4CC86} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {493242FE-8B44-4B7D-88A3-D674941439AF} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {4B82BE02-C91A-4FC5-ADA3-8CAB0CCB9D29} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {6B01750F-FD05-4C85-BF08-7015E238D534} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {6FF8AEB4-C23E-4411-9948-7C31785C5A62} - System32\Tasks\HPCeeScheduleFormmarinova => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {794A4A40-FF6A-4137-883D-3703C5D5DEB7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9189F343-486A-4D81-B3AD-78D0A7DDA380} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {9508B657-24E7-4A83-A335-E8A311CC3E8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CDE4A5CD-8F0F-4988-B4AE-A74CB40C5331} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {EB130EF3-85B0-4BA3-9646-9A4CD30CF876} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F1D05CD4-623E-4066-B948-1A6A104E713B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{8d82a37b-9143-ba90-8d82-2a37b9148dee}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleFormmarinova.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2013-05-22 22:21 - 2013-05-22 22:21 - 00301880 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2014-08-15 20:25 - 2014-08-15 20:25 - 00063400 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-12-26 13:19 - 2014-04-16 10:22 - 00025600 _____ () C:\Windows\System32\usp01l.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-06 20:23 - 2013-09-06 20:23 - 00961336 _____ () C:\Windows\system32\flcdlmsg.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-31 14:28 - 2014-03-31 14:28 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Theft Recovery\CtService.exe
2010-09-27 13:03 - 2010-09-27 13:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2014-10-30 12:16 - 2013-05-17 00:15 - 00124712 _____ () C:\Windows\system32\Empirum\zlib1.dll
2014-10-03 18:13 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-06 00:48 - 2013-08-06 00:48 - 00016856 _____ () c:\Program Files\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-06-20 20:07 - 2015-06-20 20:07 - 00066048 _____ () C:\Program Files\Search Extensions\Client.exe
2015-05-24 15:21 - 2015-05-24 15:20 - 00412264 _____ () C:\Windows\system32\igfxTray.exe
2013-06-05 21:35 - 2013-06-05 21:35 - 00514570 _____ () c:\Program Files\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-12-28 12:26 - 2014-12-28 12:26 - 01242584 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2011-09-15 17:19 - 2011-09-15 17:19 - 00081920 _____ () C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll
2011-09-15 17:19 - 2011-09-15 17:19 - 00110592 _____ () C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll
2014-11-19 12:40 - 2014-11-19 12:40 - 00073728 _____ () C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Lotus\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\214\1\.cp\swtIbmWrapper.dll
2011-09-15 17:19 - 2011-09-15 17:19 - 00208896 _____ () C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.3.20110915-1350\os\win32\x86\os.dll
2015-06-20 22:15 - 2015-06-20 22:15 - 00050477 _____ () C:\Users\mmarinova.I000-HIFULAP\Desktop\Defogger.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2225548520-667933942-413828090-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\mmarinova.I000-HIFULAP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CFBF9A3B-4F7D-49B7-A834-0FA82A490098}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B5DB300C-462C-4DCE-9E6F-8547235F19A4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7EC5690A-22E3-466B-BE44-FCC4BDC1D848}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{29B96534-91F7-4AE0-8D89-00BEFD4AE003}] => (Allow) c:\Program Files\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{4D464B89-B3AA-4DD8-BC6E-61EEF56D9698}] => (Allow) c:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{C4CB3DBC-D551-4ABA-83FF-0252B2B18D23}] => (Allow) c:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{3C2ED42C-03E4-4065-8F55-8BA9AD607EFA}] => (Allow) c:\Program Files\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{126C7E41-0603-4A1B-B64F-64F45563D32F}] => (Allow) c:\Program Files\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F03A35F1-B785-4FB2-A3AA-ABB1380F045D}] => (Allow) c:\Program Files\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{86380783-7B08-4CDD-A1C1-FEF2D6C326D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CDFDAC17-11B2-4D2A-9D53-A6009F845504}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8DD79BE8-22B6-4002-ADEB-674F6C9844FC}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{C4991D03-383F-47AF-94BA-968548CFD745}] => (Allow) LPort=15000
FirewallRules: [{A4AEFA67-AE44-4FDB-B69A-D70A176632AE}] => (Allow) LPort=15000
FirewallRules: [{A9D7AFDC-7469-438D-8E6C-9A66C1101214}] => (Allow) LPort=15000
FirewallRules: [{7F3DD666-D085-403A-AC8D-1E15B27C8A33}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{BADFF2D0-CC68-40DB-A097-1FECB03A1643}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{60042E06-A30E-406D-938D-D33267DD919D}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exe
FirewallRules: [{B77C57E1-58CA-4583-B094-F8C6F8292A75}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exe
FirewallRules: [{3E7FA98D-EC8B-43E6-80F1-4F5765E9FBEF}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{D678E71A-642F-4BD7-9A28-9E57A36CB6D9}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.com
FirewallRules: [{11BC06CC-1ACE-48C6-AE6D-5CA2CE195536}] => (Allow) LPort=3703
FirewallRules: [{244DA6D4-BCB5-472A-A81D-40C2AA8BD064}] => (Allow) LPort=3704
FirewallRules: [{29936165-31BE-4FAD-941E-C76B51FB3523}] => (Allow) LPort=50900
FirewallRules: [{A22729D2-9014-4B7E-8A6E-31A9CCDAA3F4}] => (Allow) LPort=50901
FirewallRules: [{EB3F2B9F-ACDB-45CE-A03F-BFE8E5792DF3}] => (Allow) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{50D32AFC-F50C-41A3-BB7A-DDD38EE4CCF6}] => (Allow) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{CF134070-7F50-493D-856A-7D435D3C7369}] => (Allow) C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\Ins3CB2\Setup.exe
FirewallRules: [{A8D2D95A-95D5-43B3-9B41-547AE771EA46}] => (Allow) C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\Ins3CB2\Setup.exe
FirewallRules: [{352CEA03-773B-4D85-AEAF-75285FDDDE47}] => (Allow) C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\Ins3CB2\Setup.exe
FirewallRules: [{F084A71A-AB6B-4B73-968A-8C89BB792247}] => (Allow) C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\Ins3CB2\Setup.exe
FirewallRules: [{A797DDED-FDDB-454E-A55C-AC332A887136}] => (Allow) C:\Users\mmarinova.I000-HIFULAP\AppData\Local\Temp\Ins3CB2\Setup.exe
FirewallRules: [{7E646BC2-C23B-4F30-9D39-E576084354C2}] => (Allow) C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{198D38ED-AE69-4DBB-93BC-98D913AEDBF9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FD30A5FC-5533-445D-8E75-F7D38046FFA0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{4A3FF0DB-5297-4E9B-B001-210B5CC48D88}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B0C193B3-BFE6-4CAA-9BEF-CBE3B9C10EA7}] => (Allow) C:\Program Files\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{60C32E82-E2B1-47A0-9D64-2E89CA31B73D}] => (Allow) C:\Program Files\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{9A8D0EE4-7E84-483D-A89A-2C5A8D9DA841}] => (Allow) C:\Program Files\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{3DCE4367-B518-461E-8809-A1C9E398B5E2}] => (Allow) C:\Program Files\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{B4167643-0D2C-4A93-ACD8-A38264AFFA55}] => (Allow) C:\Program Files\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{C0970835-F873-4E38-BB0B-32EAF671A304}] => (Allow) C:\Program Files\Kaspersky Lab\NetworkAgent\klnagwds.exe

==================== Faulty Device Manager Devices =============

Name: wsfd_1_10_0_17
Description: wsfd_1_10_0_17
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: wsfd_1_10_0_17
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2015 08:25:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563c49a
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.5.5623, Zeitstempel: 0x5563b229
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1914
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/20/2015 08:07:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.5.5623, Zeitstempel: 0x5563c49a
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.5.5623, Zeitstempel: 0x5563b229
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1920
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (06/20/2015 07:42:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (06/20/2015 00:48:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DPAgent.exe, Version: 6.0.0.2920, Zeitstempel: 0x523336d3
Name des fehlerhaften Moduls: ptdmlitemanagerdp.dll, Version: 8.2.1.0, Zeitstempel: 0x5229a435
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00149a02
ID des fehlerhaften Prozesses: 0x1720
Startzeit der fehlerhaften Anwendung: 0xDPAgent.exe0
Pfad der fehlerhaften Anwendung: DPAgent.exe1
Pfad des fehlerhaften Moduls: DPAgent.exe2
Berichtskennung: DPAgent.exe3

Error: (06/18/2015 09:01:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm notes2.exe, Version 3.4.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d0c

Startzeit: 01d0a9f6b503a363

Endzeit: 31

Anwendungspfad: C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe

Berichts-ID:

Error: (06/16/2015 10:15:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070013, Das Medium ist schreibgeschützt.
.

Error: (06/16/2015 10:15:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80070013, Das Medium ist schreibgeschützt.
]

Error: (06/16/2015 10:15:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x800705aa, Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.
]

Error: (06/16/2015 08:52:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.1.0.0, Zeitstempel: 0x51ba37d6
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.1.0.0, Zeitstempel: 0x51ba36b7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000238f1
ID des fehlerhaften Prozesses: 0xe68
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3

Error: (06/16/2015 10:52:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 16.1.0.0, Zeitstempel: 0x51ba37d6
Name des fehlerhaften Moduls: MurocApi.dll, Version: 16.1.0.0, Zeitstempel: 0x51ba36b7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000238f1
ID des fehlerhaften Prozesses: 0xd48
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3


System errors:
=============
Error: (06/20/2015 09:01:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
wsfd_1_10_0_17

Error: (06/20/2015 09:00:27 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT-AUTORITÄT)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben: 
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller. 
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).

Error: (06/20/2015 09:00:25 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne RADIOLOGIE aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (06/20/2015 09:00:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎06.‎2015 um 20:59:14 unerwartet heruntergefahren.

Error: (06/20/2015 07:42:25 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT-AUTORITÄT)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben: 
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller. 
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).

Error: (06/20/2015 07:42:23 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne RADIOLOGIE aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (06/20/2015 03:32:51 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne RADIOLOGIE aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.

Error: (06/20/2015 00:09:38 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

Error: (06/20/2015 10:14:34 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT-AUTORITÄT)
Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben: 
a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller. 
b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).

Error: (06/20/2015 10:14:32 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne RADIOLOGIE aufgrund der folgenden
Ursache nicht einrichten: 
%%1311

Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.



ZUSÄTZLICHE INFORMATIONEN

Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.


Microsoft Office:
=========================
Error: (06/20/2015 08:25:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1191401d0ab84b44560d3C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllc5fee115-1779-11e5-92fa-80000b1c2bf8

Error: (06/20/2015 08:07:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.5.56235563c49amozalloc.dll38.0.5.56235563b2298000000300001aa1192001d0ab835e911866C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll2850d995-1777-11e5-92fa-80000b1c2bf8

Error: (06/20/2015 07:42:47 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (06/20/2015 00:48:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DPAgent.exe6.0.0.2920523336d3ptdmlitemanagerdp.dll8.2.1.05229a435c000000500149a02172001d0ab315ca64572c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exec:\Program Files\Hewlett-Packard\HP Device Access Manager\ptdmlitemanagerdp.dllf137bcdd-1739-11e5-a43b-80000b1c2bf8

Error: (06/18/2015 09:01:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: notes2.exe3.4.0.0d0c01d0a9f6b503a36331C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe

Error: (06/16/2015 10:15:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070013, Das Medium ist schreibgeschützt.

Error: (06/16/2015 10:15:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80070013, Das Medium ist schreibgeschützt.

Error: (06/16/2015 10:15:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x800705aa, Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Error: (06/16/2015 08:52:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.051ba37d6MurocApi.dll16.1.0.051ba36b7c0000005000238f1e6801d0a86581f37256C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dlldde56475-1458-11e5-90fd-80000b1c2bf8

Error: (06/16/2015 10:52:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.051ba37d6MurocApi.dll16.1.0.051ba36b7c0000005000238f1d4801d0a811ae7fa9deC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll049e366f-1405-11e5-b28d-80000b1c2bf8


CodeIntegrity Errors:
===================================
  Date: 2015-03-08 15:24:17.629
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-08 15:24:17.629
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-08 15:24:17.629
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-08 15:24:17.613
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-08 15:24:17.613
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-08 15:24:17.613
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-07 14:08:44.370
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-07 14:08:44.369
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-07 14:08:44.368
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-03-07 14:08:44.361
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 für Windows\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4300M CPU @ 2.60GHz
Percentage of memory in use: 68%
Total physical RAM: 2987.11 MB
Available physical RAM: 933.28 MB
Total Pagefile: 5972.53 MB
Available Pagefile: 3208.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.77 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:452.23 GB) (Free:272.26 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7EF0ED31)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)

==================== End of log ============================
         

Alt 20.06.2015, 22:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox und Explorer öffnen ständig neue Tabs - Standard

Firefox und Explorer öffnen ständig neue Tabs



Ist das ein gewerblich genutztes System?
__________________

__________________

Alt 21.06.2015, 10:24   #3
TintenfischM
 
Firefox und Explorer öffnen ständig neue Tabs - Standard

Firefox und Explorer öffnen ständig neue Tabs



Nicht gewerblich genutzt; ich nutze den PC für wissenschaftliche Zwecke.
__________________

Alt 21.06.2015, 21:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox und Explorer öffnen ständig neue Tabs - Standard

Firefox und Explorer öffnen ständig neue Tabs



Das ist aber dein Privatrechner? Nur damit wir uns verstehen, wenn das nicht dein Rechner ist, hat deine EDV-Abteilung die Aufgabe sich um diesen Rechner zu kümmern...
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Firefox und Explorer öffnen ständig neue Tabs
adobe, adware, bonjour, browser, computer, cpu, defender, device driver, entfernen, firefox, flash player, homepage, installation, kaspersky, launch, mozilla, netzwerk, programm, registry, rundll, security, services.exe, software, super, svchost.exe, system, usb, windows



Ähnliche Themen: Firefox und Explorer öffnen ständig neue Tabs


  1. Firefox lädt ständig - ununterbrochen neu/Werbung/neue Tabs/neue Fenster
    Log-Analyse und Auswertung - 28.10.2015 (11)
  2. Internet Explorer und Firefox öffnen ständig neue Fenster und Tabs.
    Log-Analyse und Auswertung - 21.06.2015 (47)
  3. Chrome und Internet Explorer öffnen ständig neue Seiten
    Plagegeister aller Art und deren Bekämpfung - 17.01.2015 (5)
  4. Win7: Firefox öffnet ständig neue Tabs, Webseiten trotz AddBlock voll mit Werbeblöcken
    Plagegeister aller Art und deren Bekämpfung - 10.11.2014 (8)
  5. Firefox öffnet rasend schnell neue leere Tabs beim Öffnen von PDFs
    Plagegeister aller Art und deren Bekämpfung - 15.10.2014 (7)
  6. Windows7 Firefox öffnet ständig neue Tabs mit Werbung
    Log-Analyse und Auswertung - 20.08.2014 (11)
  7. Windows 8 internet explorer.ständig werbefenster, Tabs,downloads,browsergames die sich automatisch öffnen oder angezeigt werden
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (4)
  8. Windows 8 / Mozilla Firefox : Ständig öffnen sich neue Fenster und Tabs mit Werbung und Warnhinweisen
    Log-Analyse und Auswertung - 28.05.2014 (7)
  9. Dauernd öffnen sich neue Fenster und Tabs in Firefox
    Log-Analyse und Auswertung - 27.04.2014 (12)
  10. Unter Firefox öffnen sich ständig neue Fenster.
    Log-Analyse und Auswertung - 22.04.2014 (3)
  11. Es öffnen sich ständig neue Fenster und Tabs
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (4)
  12. Firefox und I-net Explorer öffnen ständig automatisch irgendwelche Tabs bzw Fenster!
    Plagegeister aller Art und deren Bekämpfung - 16.03.2014 (4)
  13. Firefox/Explorer öffnen selbstständig Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 10.02.2014 (13)
  14. Selbstständiges Öffnen von Tabs in Mozilla Firefox und Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (21)
  15. Firefox öffnet ständig neue Fenster mit mehreren Tabs
    Log-Analyse und Auswertung - 03.01.2010 (16)
  16. Firefox und Internetexplorer öffnen von sich aus neue Fenster und Tabs
    Log-Analyse und Auswertung - 04.12.2009 (2)
  17. Es öffnen sich ständig neue Seiten - Firefox
    Log-Analyse und Auswertung - 26.12.2008 (0)

Zum Thema Firefox und Explorer öffnen ständig neue Tabs - Hallo, Firefox und Explorer öffnen seit heute abend ständig neue Tabs und kleine Fenster, so dass das Arbeiten an dem Rechner kaum möglich ist. Beiliegend die Logfiles mit Funden; Gmer - Firefox und Explorer öffnen ständig neue Tabs...
Archiv
Du betrachtest: Firefox und Explorer öffnen ständig neue Tabs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.