| |
| |||||||
Log-Analyse und Auswertung: Windows7: Ads by clickupWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.11.2014, 16:25
| #1 |
| |  Windows7: Ads by clickup Hei hallo! myriambb hier. mein rechner ist für mein Gewerbe tätig, das ich noch "umsatzneutral" aufbaue (arbeite gerade an meiner Verlulst-Steuererklärung 2013). OK dass ich hier frage?  Gestern habe ich beim Downloaden vom Flash Player die Ads ba Clickup gefangen  . Ratzfatz 7 verschiedene Programme auf meinem Rechner. Habe alle wieder per Systemsteuerung deinstalliert. Übrig geblieben ist Bobrowser, das lässt sich nicht deinstallieren.  Ständig poppen in Mozilla Websites auf, die ich nicht abgefragt habe, extrem stressig, das Problem ist wahrscheinlich bekannt.Der Rechner hat Microsoft Security Essential zum Schutz, scant jeden Morgen kurz und einmal die Woche vollständig. Hier keine Ergebnisse gestern und heute. ich bin den Schritten auf Eurer Seite gefolgt, hier die Ergebnisse:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Myriam at 2014-11-24 15:37:34
Running from C:\Users\Myriam\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
BoBrowser (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\BoBrowser) (Version: 36.0.1985.131 - BoBrowser) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
clicup (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\clicup) (Version: 1.0 - Ad Businness Crown Solutions)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EasyCash&Tax 2.15 (HKLM-x32\...\EasyCash&Tax_is1) (Version: - tm)
EasyRide&Tax 2.2 (HKLM-x32\...\EasyRide&Tax_is1) (Version: - tm)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.806.806.022114 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0237 - )
RocketTab (HKLM-x32\...\RocketTab) (Version: - RocketTab) <==== ATTENTION
SaleItCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - SaleItCoupon) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmootherWeb (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 Version: 1.0 - SmootherWeb LLC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-11-2014 19:54:17 Windows Update
13-11-2014 11:38:36 Removed DriverUpdate
13-11-2014 11:59:44 Removed SlimCleaner Plus
13-11-2014 12:00:02 Removed DriverUpdate
14-11-2014 18:00:03 Windows-Sicherung
17-11-2014 07:26:16 Windows Update
19-11-2014 21:28:36 Windows Update
21-11-2014 18:00:06 Windows-Sicherung
21-11-2014 19:27:12 Windows Update
23-11-2014 11:06:29 Removed Microsoft Silverlight
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {212D6219-4550-4D60-9AB7-BD4DB801AF4E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {36A7554D-40F5-4CB5-BABB-A2E448252085} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3DF8667D-2A89-4F3A-B1A9-9F4AB11351BE} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {60C1F26F-1E5F-4360-8546-6B96E644373C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {93CE497B-B917-44BA-BD64-DE85F685579F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEB89269-D705-40B9-9C47-A6B8BBAF24CF} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-23] () <==== ATTENTION
Task: {C170EF29-2782-4E21-B0DA-6061E9D6F6E3} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {DF19386C-AB80-4284-84EA-B3B8B5B67A56} - System32\Tasks\Digital Sites => C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2014-11-08] () <==== ATTENTION
Task: {E221BF50-FDC2-4FA2-8DFE-25F0760D9844} - System32\Tasks\Run_Bobby_Browser => C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [2014-10-22] (The BoBrowser Authors)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Myriam\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2014-10-18 12:39 - 2014-01-06 17:47 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-11-23 09:46 - 2014-11-23 09:46 - 05812224 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-10-18 12:41 - 2014-01-22 13:04 - 00084992 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-11-23 10:01 - 2014-11-02 10:35 - 00268600 _____ () C:\Windows\SysWOW64\lsdprn.exe
2014-10-18 12:34 - 2013-10-01 16:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-11-23 09:46 - 2014-10-22 10:35 - 00873472 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\libglesv2.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 00128512 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\libegl.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 00387072 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\ppGoogleNaClPluginChrome.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 02012160 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\ffmpegsumo.dll
2014-10-18 12:35 - 2013-09-04 06:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-11 07:00 - 2014-11-11 07:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-20 07:32 - 2014-10-20 07:32 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Myriam\Downloads\X17-75062.exe:AFP_AfpInfo
AlternateDataStreams: C:\Users\Myriam\Downloads\X17-75062.exe:Mac_Metadata
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1313315996-2717873473-2842918071-500 - Administrator - Disabled)
Gast (S-1-5-21-1313315996-2717873473-2842918071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1313315996-2717873473-2842918071-1002 - Limited - Enabled)
Myriam (S-1-5-21-1313315996-2717873473-2842918071-1000 - Administrator - Enabled) => C:\Users\Myriam
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/23/2014 00:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/23/2014 11:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/23/2014 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xaf8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/23/2014 09:47:48 AM) (Source: MsiInstaller) (EventID: 11309) (User: Myriam-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (11/23/2014 09:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1188
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/23/2014 09:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x15e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/22/2014 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 06:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 10:23:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 10:14:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/23/2014 00:16:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/23/2014 00:14:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.
Error: (11/23/2014 00:10:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/23/2014 11:58:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/23/2014 11:56:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.
Error: (11/23/2014 11:56:00 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (11/23/2014 09:46:38 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ClaraUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/22/2014 00:09:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{905AFA44-4336-45E6-A9B1-D6C7A57ECB5E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/21/2014 06:10:24 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{905AFA44-4336-45E6-A9B1-D6C7A57ECB5E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/20/2014 11:22:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (11/23/2014 00:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/23/2014 11:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/23/2014 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425af801d006fbe309974bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll58ce4ca8-72ef-11e4-ac05-9cad97aa1f76
Error: (11/23/2014 09:47:48 AM) (Source: MsiInstaller) (EventID: 11309) (User: Myriam-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/23/2014 09:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425118801d006f95de3d8b8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3643d75b-72ed-11e4-ac05-9cad97aa1f76
Error: (11/23/2014 09:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee800000030000142515e801d006f47871de29C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla364e7eb-72eb-11e4-ac05-9cad97aa1f76
Error: (11/22/2014 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 06:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 10:23:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 10:14:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 54%
Total physical RAM: 4003.95 MB
Available physical RAM: 1839.23 MB
Total Pagefile: 8006.07 MB
Available Pagefile: 5497.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.54 GB) (Free:409.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D9FA2484)
Partition: GPT Partition Type.
==================== End Of Log ============================
defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:27 on 24/11/2014 (Myriam) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Myriam (administrator) on MYRIAM-PC on 24-11-2014 15:37:09
Running from C:\Users\Myriam\Downloads
Loaded Profile: Myriam (Available profiles: Myriam)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(clicup) C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\lsdprn.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [53248 2014-01-06] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [mbot_de_300] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [smoother] => C:\Users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [clicup-Agent] => C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe [509424 2014-11-06] (clicup)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [BoBrowser] => C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [7348224 2014-10-22] (The BoBrowser Authors)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\MountPoints2: {995bf4fa-56b4-11e4-82bf-c58847a17502} - E:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1313315996-2717873473-2842918071-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE160AC8BCAEACF01
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CyCyD0FyDtD0AtGzztCyD0EtGyEtAtAtAtG0Ezz0BzztGtBtD0F0DyD0CtBzz0EtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=960638948&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CyCyD0FyDtD0AtGzztCyD0EtGyEtAtAtAtG0Ezz0BzztGtBtD0F0DyD0CtBzz0EtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=960638948&ir=
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\user.js
FF SearchPlugin: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\searchplugins\ixquick-https.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TinyWallet) - C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc [2014-11-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [325744 2014-11-23] (ClaraLabs)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-11-13] (Cherished Technololgy LIMITED)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 lsdprn; C:\Windows\SysWOW64\lsdprn.exe [268600 2014-11-02] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-13] (Fuyu LIMITED)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-02-18] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-02-20] (Realtek Semiconductor Corporation )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-13] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 15:34 - 2014-11-24 15:36 - 00022422 _____ () C:\Users\Myriam\Downloads\Addition.txt
2014-11-24 15:33 - 2014-11-24 15:37 - 00017547 _____ () C:\Users\Myriam\Downloads\FRST.txt
2014-11-24 15:33 - 2014-11-24 15:37 - 00000000 ____D () C:\FRST
2014-11-24 15:30 - 2014-11-24 15:30 - 02118144 _____ (Farbar) C:\Users\Myriam\Downloads\FRST64.exe
2014-11-24 15:29 - 2014-11-24 15:29 - 00000000 ____D () C:\Users\Myriam\Downloads\Empf von TrojanerBoard
2014-11-24 15:26 - 2014-11-24 15:26 - 00000000 _____ () C:\Users\Myriam\defogger_reenable
2014-11-23 11:49 - 2014-11-23 11:49 - 00004018 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-23 11:47 - 2014-11-23 11:47 - 00000000 ____D () C:\ProgramData\600440862
2014-11-23 10:06 - 2014-11-23 10:06 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\QuickScan
2014-11-23 10:05 - 2014-11-23 12:13 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-11-23 10:04 - 2014-11-23 10:04 - 00000000 ____D () C:\Program Files (x86)\predm
2014-11-23 10:03 - 2014-11-23 12:14 - 00000442 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 10:03 - 2014-11-23 12:14 - 00000000 ____D () C:\ProgramData\TinyWallet
2014-11-23 10:03 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\TinyWallet
2014-11-23 10:03 - 2014-11-23 10:26 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator
2014-11-23 10:01 - 2014-11-23 12:09 - 00000000 ____D () C:\Program Files\shopperz
2014-11-23 10:01 - 2014-11-02 10:35 - 00268600 _____ () C:\Windows\SysWOW64\lsdprn.exe
2014-11-23 09:48 - 2014-11-23 09:48 - 00003150 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2014-11-23 09:47 - 2014-11-24 09:52 - 00000958 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-11-23 09:47 - 2014-11-24 09:52 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-11-23 09:47 - 2014-11-23 09:47 - 00003956 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-11-23 09:47 - 2014-11-23 09:47 - 00003702 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-11-23 09:47 - 2014-11-23 09:47 - 00000000 ____D () C:\Users\Myriam\AppData\Local\globalUpdate
2014-11-23 09:46 - 2014-11-23 09:48 - 00000000 ____D () C:\Users\Myriam\AppData\Local\BoBrowser
2014-11-23 09:46 - 2014-11-23 09:46 - 00004328 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-11-23 09:46 - 2014-11-23 09:46 - 00003542 _____ () C:\Windows\System32\Tasks\RocketTab
2014-11-23 09:46 - 2014-11-23 09:46 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-11-23 09:44 - 2014-11-23 11:56 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-11-23 09:35 - 2014-11-23 12:14 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\SmootherWeb
2014-11-23 09:35 - 2014-11-23 09:35 - 00001831 _____ () C:\Windows\patsearch.bin
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\Users\Myriam\AppData\Local\clicup
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\SmootherWeb
2014-11-23 09:32 - 2014-11-23 09:32 - 00593992 _____ (didico conscientia argumentum meretrix) C:\Users\Myriam\Downloads\Adobe%20Flash%20Player%20IE.exe
2014-11-22 14:53 - 2014-11-22 14:53 - 09665384 _____ () C:\Users\Myriam\Documents\Regale voller GoldBarren Focus online.odt
2014-11-22 07:34 - 2014-11-22 07:34 - 00123537 _____ () C:\Users\Myriam\Documents\Kühe.odt
2014-11-22 07:30 - 2014-11-22 07:36 - 01046283 _____ () C:\Users\Myriam\Documents\Schweine.odt
2014-11-21 14:01 - 2014-11-21 14:18 - 120739128 _____ (Landesfinanzdirektion Thüringen) C:\Users\Myriam\Downloads\ElsterFormular-15.3.20141106u.exe
2014-11-19 14:28 - 2014-11-19 14:28 - 00952124 _____ () C:\Users\Myriam\Desktop\Audi Schätzung Nov'14.odt
2014-11-19 13:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:22 - 2014-11-18 11:22 - 00494259 _____ () C:\Users\Myriam\Desktop\NADH.odt
2014-11-18 11:10 - 2014-11-18 11:16 - 00017058 _____ () C:\Users\Myriam\Desktop\Serotonin.odt
2014-11-15 21:45 - 2014-11-15 21:45 - 00004700 _____ () C:\Users\Myriam\Downloads\Lass deine Augen das Beste sehen.odt
2014-11-13 19:46 - 2014-11-13 19:46 - 00006569 _____ () C:\Users\Myriam\Documents\Impressum.odt
2014-11-13 12:55 - 2014-11-13 12:55 - 00000000 ____D () C:\Users\Myriam\Documents\Fax
2014-11-13 12:53 - 2014-11-13 12:53 - 00792796 _____ () C:\Users\Myriam\Documents\141114 veraltete Treiber.odt
2014-11-13 12:52 - 2014-11-13 12:52 - 00223511 _____ () C:\Users\Myriam\Documents\141114 Erstattung Trixie Maulschlaufe.odt
2014-11-13 12:24 - 2014-11-13 12:24 - 00003152 _____ () C:\Windows\System32\Tasks\{D4059A91-59EB-4BD4-8D46-E7191558AA7A}
2014-11-13 12:22 - 2014-11-13 12:54 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Vosteran
2014-11-13 12:16 - 2014-11-13 12:16 - 00000000 ____D () C:\Users\Myriam\Documents\PC Speed Maximizer
2014-11-13 12:13 - 2014-11-13 12:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-11-13 12:12 - 2014-11-13 12:12 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-11-13 12:10 - 2014-11-13 12:10 - 05798968 _____ (Innovative Solutions ) C:\Users\Myriam\Downloads\hp-treiber.exe
2014-11-13 12:10 - 2014-11-13 12:10 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 12:08 - 2014-11-13 12:08 - 00825248 _____ ( ) C:\Users\Myriam\Downloads\hp-treiber_setup.exe
2014-11-13 11:52 - 2014-11-13 12:12 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\DriverTurbo
2014-11-13 11:51 - 2014-11-13 11:52 - 00231952 _____ () C:\Users\Myriam\Downloads\DriverTurboSetup.exe
2014-11-12 06:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 06:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 22:54 - 2014-11-11 22:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-11 22:52 - 2014-11-11 22:54 - 13829880 _____ (Adobe Systems Inc.) C:\Users\Myriam\Downloads\Shockwave_Installer_Full.exe
2014-11-11 07:00 - 2014-11-11 07:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 11:57 - 2014-11-10 21:10 - 00005558 _____ () C:\Users\Myriam\Documents\Hundespiel.odt
2014-11-10 06:58 - 2014-11-10 06:58 - 00004809 _____ () C:\Users\Myriam\Documents\Kfz in der BF 6 Absatz 1 Nr.odt
2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\Users\Myriam\AppData\Local\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-11-09 10:10 - 2014-11-09 19:25 - 00005619 _____ () C:\Users\Myriam\Desktop\Liebe Devani.odt
2014-11-08 17:18 - 2014-11-08 17:18 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep
2014-11-08 12:45 - 2014-11-24 09:35 - 00000094 _____ () C:\Users\Myriam\AppData\Roaming\WB.CFG
2014-11-08 12:14 - 2014-11-23 11:47 - 00000000 ____D () C:\ProgramData\374311380
2014-11-08 12:12 - 2014-11-13 12:54 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-08 12:09 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\2fa710b654abf508
2014-11-08 12:09 - 2014-11-12 06:26 - 00000000 ____D () C:\ProgramData\downloaditkeep
2014-11-08 12:09 - 2014-11-08 12:09 - 00000000 ____D () C:\ProgramData\SaleItCoupon
2014-11-08 11:49 - 2014-11-08 12:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 11:45 - 2014-11-24 14:45 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-08 11:45 - 2014-11-08 11:45 - 00003240 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-11-08 11:45 - 2014-11-08 11:45 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\DigitalSites
2014-11-08 11:39 - 2014-11-13 12:15 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 11:39 - 2014-11-08 11:39 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-11-08 11:36 - 2014-11-13 13:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-11-08 11:36 - 2014-11-13 12:12 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 11:34 - 2014-11-08 11:34 - 00000000 ____D () C:\Users\Myriam\Documents\Optimizer Pro
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieUserList
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieSiteList
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files\PDFCreator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll
2014-11-08 11:25 - 2014-11-08 11:25 - 00812160 _____ ( ) C:\Users\Myriam\Downloads\PdfCreatorSetup.exe
2014-11-02 19:20 - 2014-11-02 19:22 - 00011776 ___SH () C:\Users\Myriam\Documents\Thumbs.db
2014-11-02 18:24 - 2014-11-02 19:18 - 58885280 _____ () C:\Users\Myriam\Documents\Gute Energie 141102 NutzenFußnote.pptx
2014-10-31 11:23 - 2014-10-31 11:24 - 05033168 _____ (Lenovo Group Limited ) C:\Users\Myriam\Downloads\a3ub03w7.exe
2014-10-31 07:12 - 2014-10-31 07:12 - 00000000 ____D () C:\ProgramData\EasyCash&Tax
2014-10-31 06:14 - 2014-11-20 21:32 - 00000000 ____D () C:\Users\Myriam\Documents\EC&T KontenDateien Einst
2014-10-30 22:33 - 2014-10-30 22:33 - 00003036 _____ () C:\Windows\System32\Tasks\{F21E1B53-A4BF-42A2-965F-D8F872357334}
2014-10-30 07:45 - 2014-10-30 08:19 - 00000000 ____D () C:\Users\Myriam\Programme
2014-10-29 21:58 - 2014-10-29 22:03 - 307709680 _____ () C:\Users\Myriam\Downloads\OJJ4500_Full_13.exe
2014-10-29 18:10 - 2014-10-29 18:10 - 00000000 ____D () C:\Users\Myriam\Documents\OneNote-Notizbücher
2014-10-29 12:17 - 2014-10-29 12:17 - 01825672 _____ () C:\Users\Myriam\Documents\141029 Erklärung Datenschutz.odt
2014-10-29 10:09 - 2014-10-29 10:09 - 00000000 ____D () C:\Users\Myriam\Downloads\Neuer Ordner
2014-10-29 09:37 - 2014-10-29 12:11 - 00043265 _____ () C:\Users\Myriam\Documents\Bild Löwe Regulus von Devani.odt
2014-10-28 11:32 - 2014-10-28 11:32 - 01189723 _____ () C:\Users\Myriam\Desktop\141028 Dame...Herr.odt
2014-10-27 09:28 - 2014-11-12 20:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-27 09:27 - 2014-11-12 20:55 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 15:26 - 2014-10-17 20:16 - 00000000 ____D () C:\Users\Myriam
2014-11-24 15:22 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Myriam\Documents\Outlook-Dateien
2014-11-24 14:35 - 2014-10-18 02:10 - 01751308 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 18:32 - 2009-07-14 05:51 - 00033196 _____ () C:\Windows\setupact.log
2014-11-23 12:21 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:21 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:19 - 2011-04-12 08:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-11-23 12:19 - 2011-04-12 08:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-11-23 12:19 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 12:14 - 2014-10-18 12:46 - 00222619 _____ () C:\Users\Myriam\AppData\Local\BTServer.log
2014-11-23 12:14 - 2010-11-21 04:47 - 00044576 _____ () C:\Windows\PFRO.log
2014-11-23 12:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 11:52 - 2014-04-26 08:21 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Betrieb
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-23 09:39 - 2014-10-18 13:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Adobe
2014-11-22 22:01 - 2014-10-20 13:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01AB2F2F-7029-49A9-8627-BE87BF065232}
2014-11-22 07:50 - 2014-10-21 12:59 - 00000000 ____D () C:\Users\Myriam\Documents\DVDVideoSoft
2014-11-20 19:41 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Microsoft Help
2014-11-19 14:21 - 2014-10-19 15:04 - 00000416 _____ () C:\Windows\BRWMARK.INI
2014-11-19 14:21 - 2014-10-19 15:04 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-11-14 16:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\EasyCash&Tax
2014-11-13 13:23 - 2014-10-20 15:21 - 00002480 _____ () C:\ProgramData\hpzinstall.log
2014-11-13 08:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 07:06 - 2014-10-18 13:04 - 00086552 _____ () C:\Users\Myriam\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 07:05 - 2009-07-14 05:45 - 00342576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 07:03 - 2014-10-20 08:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:02 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 06:26 - 2014-10-18 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 14:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 14:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
Some content of TEMP:
====================
C:\Users\Myriam\AppData\Local\Temp\18be6784_.exe
C:\Users\Myriam\AppData\Local\Temp\294823_.exe
C:\Users\Myriam\AppData\Local\Temp\6BDF3DD2-CCEB-FD7D-9453-9BAE6B457C58.dll
C:\Users\Myriam\AppData\Local\Temp\6BDF3DD2-CCEB-FD7D-9453-9BAE6B457C58.exe
C:\Users\Myriam\AppData\Local\Temp\8DC39D87-7260-3704-13E1-E3ED4E9AD4B9.exe
C:\Users\Myriam\AppData\Local\Temp\CloudBackup4115.exe
C:\Users\Myriam\AppData\Local\Temp\DllMonoCtrl.dll
C:\Users\Myriam\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Users\Myriam\AppData\Local\Temp\optprosetup.exe
C:\Users\Myriam\AppData\Local\Temp\scpCEE0.tmp.exe
C:\Users\Myriam\AppData\Local\Temp\scpDA0F.tmp.exe
C:\Users\Myriam\AppData\Local\Temp\sprz.exe
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite50142.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite57062.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite68303.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite75878.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite90450.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite98387.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 00:17
==================== End Of Log ============================
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-24 15:52:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM000-SSHD-8GB rev.LVD3 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Myriam\AppData\Local\Temp\ugdiypod.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Processes - GMER 2.1 ----
Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{969E367D-5C3C-4C43-9DE0-E39E52FBB8F2}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [940] (FILE NOT FOUND) 000007fefb930000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3060] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3132] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3232] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3312] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3348] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
---- EOF - GMER 2.1 ----
Ich hoffe das ist so komplett und OK gemacht.  Hoffnungsvoll, Grüße aus Freude myriambb |
|
24.11.2014, 17:02
| #2 |
| /// the machine /// TB-Ausbilder    |  Windows7: Ads by clickup hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte alle Logs nochmal in Codetags. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
24.11.2014, 18:11
| #3 |
| | Windows7: Ads by clickup Hei. Danke für den schnellen EInstieg!
__________________hatte alles aus den Dateien kopiert und hier eingesetzt. Falsch? ich verstehe nicht: "Bitte alle Logs nochmal in Codetags", verstehe die Anleitung dazu nicht. Wenn ich den Editor aufmache sehe ich keine Raute, der Rest kommt dann auch nicht Was soll ich tun? // TDSS Killer mach ich jetzt LG myriambb Hei SChrauber die TDSSKILLER DAtei habe ich, aber keine Idee wie ich sie jetzt richtig hier einkopiere. Sorry, ich steh auf dem Schlauch mit dem Editor. Code:
ATTFilter 17:26:42.0392 0x1678 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
17:26:42.0393 0x1678 UEFI system
17:26:53.0173 0x1678 ============================================================
17:26:53.0174 0x1678 Current date / time: 2014/11/24 17:26:53.0173
17:26:53.0174 0x1678 SystemInfo:
17:26:53.0174 0x1678
17:26:53.0174 0x1678 OS Version: 6.1.7601 ServicePack: 1.0
17:26:53.0174 0x1678 Product type: Workstation
17:26:53.0174 0x1678 ComputerName: MYRIAM-PC
17:26:53.0175 0x1678 UserName: Myriam
17:26:53.0175 0x1678 Windows directory: C:\Windows
17:26:53.0175 0x1678 System windows directory: C:\Windows
17:26:53.0175 0x1678 Running under WOW64
17:26:53.0175 0x1678 Processor architecture: Intel x64
17:26:53.0175 0x1678 Number of processors: 4
17:26:53.0175 0x1678 Page size: 0x1000
17:26:53.0175 0x1678 Boot type: Normal boot
17:26:53.0175 0x1678 ============================================================
17:26:53.0595 0x1678 KLMD registered as C:\Windows\system32\drivers\14114013.sys
17:26:53.0938 0x1678 System UUID: {F28DFE37-9756-B15D-0711-0AE2BFC5D619}
17:26:54.0559 0x1678 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:26:54.0575 0x1678 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:26:54.0576 0x1678 ============================================================
17:26:54.0576 0x1678 \Device\Harddisk0\DR0:
17:26:54.0576 0x1678 GPT partitions:
17:26:54.0577 0x1678 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {A598549B-4129-4FB0-BC4F-B5EA5302009C}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
17:26:54.0577 0x1678 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {9A5EBC7C-C05A-46A6-B140-84B05AB05A26}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
17:26:54.0577 0x1678 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E0306310-EA14-4CFA-989C-13AE582A71A1}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x3A313800
17:26:54.0577 0x1678 MBR partitions:
17:26:54.0577 0x1678 \Device\Harddisk1\DR1:
17:26:54.0578 0x1678 MBR partitions:
17:26:54.0578 0x1678 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3A384C02
17:26:54.0578 0x1678 ============================================================
17:26:54.0579 0x1678 C: <-> \Device\Harddisk0\DR0\Partition3
17:26:54.0579 0x1678 F: <-> \Device\Harddisk1\DR1\Partition1
17:26:54.0580 0x1678 ============================================================
17:26:54.0580 0x1678 Initialize success
17:26:54.0580 0x1678 ============================================================
17:26:59.0681 0x1be4 ============================================================
17:26:59.0681 0x1be4 Scan started
17:26:59.0681 0x1be4 Mode: Manual;
17:26:59.0681 0x1be4 ============================================================
17:26:59.0681 0x1be4 KSN ping started
17:27:13.0395 0x1be4 KSN ping finished: true
17:27:13.0839 0x1be4 ================ Scan system memory ========================
17:27:13.0839 0x1be4 System memory - ok
17:27:13.0840 0x1be4 ================ Scan services =============================
17:27:13.0972 0x1be4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:27:13.0981 0x1be4 1394ohci - ok
17:27:14.0005 0x1be4 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] 51cdb72 C:\Windows\system32\rundll32.exe
17:27:14.0008 0x1be4 51cdb72 - ok
17:27:14.0022 0x1be4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:27:14.0030 0x1be4 ACPI - ok
17:27:14.0036 0x1be4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:27:14.0037 0x1be4 AcpiPmi - ok
17:27:14.0083 0x1be4 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:27:14.0085 0x1be4 AdobeARMservice - ok
17:27:14.0116 0x1be4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:27:14.0128 0x1be4 adp94xx - ok
17:27:14.0143 0x1be4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:27:14.0151 0x1be4 adpahci - ok
17:27:14.0161 0x1be4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:27:14.0166 0x1be4 adpu320 - ok
17:27:14.0181 0x1be4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:27:14.0184 0x1be4 AeLookupSvc - ok
17:27:14.0205 0x1be4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
17:27:14.0217 0x1be4 AFD - ok
17:27:14.0224 0x1be4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
17:27:14.0226 0x1be4 agp440 - ok
17:27:14.0232 0x1be4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
17:27:14.0235 0x1be4 ALG - ok
17:27:14.0241 0x1be4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
17:27:14.0242 0x1be4 aliide - ok
17:27:14.0260 0x1be4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
17:27:14.0261 0x1be4 amdide - ok
17:27:14.0266 0x1be4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:27:14.0269 0x1be4 AmdK8 - ok
17:27:14.0274 0x1be4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:27:14.0276 0x1be4 AmdPPM - ok
17:27:14.0283 0x1be4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:27:14.0286 0x1be4 amdsata - ok
17:27:14.0296 0x1be4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:27:14.0301 0x1be4 amdsbs - ok
17:27:14.0322 0x1be4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:27:14.0323 0x1be4 amdxata - ok
17:27:14.0329 0x1be4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
17:27:14.0330 0x1be4 AppID - ok
17:27:14.0337 0x1be4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:27:14.0338 0x1be4 AppIDSvc - ok
17:27:14.0358 0x1be4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
17:27:14.0360 0x1be4 Appinfo - ok
17:27:14.0379 0x1be4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
17:27:14.0384 0x1be4 AppMgmt - ok
17:27:14.0391 0x1be4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
17:27:14.0393 0x1be4 arc - ok
17:27:14.0401 0x1be4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:27:14.0404 0x1be4 arcsas - ok
17:27:14.0438 0x1be4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:27:14.0439 0x1be4 aspnet_state - ok
17:27:14.0452 0x1be4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:27:14.0453 0x1be4 AsyncMac - ok
17:27:14.0459 0x1be4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
17:27:14.0459 0x1be4 atapi - ok
17:27:14.0491 0x1be4 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:27:14.0507 0x1be4 AudioEndpointBuilder - ok
17:27:14.0529 0x1be4 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:27:14.0545 0x1be4 AudioSrv - ok
17:27:14.0586 0x1be4 [ F9E224D23B9E0527916DD92FDDDCD524, F4DBDA41DFADBD80F05DA5938B4E6C85F7C952DA1B0044957A9D43B9EE138C52 ] AvrcpService C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
17:27:14.0589 0x1be4 AvrcpService - ok
17:27:14.0602 0x1be4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:27:14.0608 0x1be4 AxInstSV - ok
17:27:14.0630 0x1be4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:27:14.0642 0x1be4 b06bdrv - ok
17:27:14.0667 0x1be4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:27:14.0673 0x1be4 b57nd60a - ok
17:27:14.0682 0x1be4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
17:27:14.0686 0x1be4 BDESVC - ok
17:27:14.0690 0x1be4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
17:27:14.0691 0x1be4 Beep - ok
17:27:14.0762 0x1be4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
17:27:14.0778 0x1be4 BFE - ok
17:27:14.0808 0x1be4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
17:27:14.0829 0x1be4 BITS - ok
17:27:14.0836 0x1be4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:27:14.0837 0x1be4 blbdrive - ok
17:27:14.0843 0x1be4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:27:14.0846 0x1be4 bowser - ok
17:27:14.0852 0x1be4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:27:14.0853 0x1be4 BrFiltLo - ok
17:27:14.0858 0x1be4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:27:14.0858 0x1be4 BrFiltUp - ok
17:27:14.0891 0x1be4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
17:27:14.0895 0x1be4 Browser - ok
17:27:14.0916 0x1be4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:27:14.0923 0x1be4 Brserid - ok
17:27:14.0928 0x1be4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:27:14.0930 0x1be4 BrSerWdm - ok
17:27:14.0936 0x1be4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:27:14.0937 0x1be4 BrUsbMdm - ok
17:27:14.0942 0x1be4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:27:14.0942 0x1be4 BrUsbSer - ok
17:27:14.0948 0x1be4 [ 2A3FE426DBC136A22D69CD69A8C57896, 931EC1CD229A75E525D720BD3BABDFE8F25EB8444C3512D8361B573ABDDC25BA ] BTDevManager C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
17:27:14.0951 0x1be4 BTDevManager - ok
17:27:14.0957 0x1be4 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:27:14.0958 0x1be4 BthEnum - ok
17:27:14.0965 0x1be4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:27:14.0968 0x1be4 BTHMODEM - ok
17:27:14.0975 0x1be4 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:27:14.0978 0x1be4 BthPan - ok
17:27:15.0015 0x1be4 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:27:15.0028 0x1be4 BTHPORT - ok
17:27:15.0040 0x1be4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
17:27:15.0042 0x1be4 bthserv - ok
17:27:15.0049 0x1be4 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:27:15.0052 0x1be4 BTHUSB - ok
17:27:15.0071 0x1be4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:27:15.0074 0x1be4 cdfs - ok
17:27:15.0081 0x1be4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:27:15.0085 0x1be4 cdrom - ok
17:27:15.0095 0x1be4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
17:27:15.0098 0x1be4 CertPropSvc - ok
17:27:15.0105 0x1be4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
17:27:15.0107 0x1be4 circlass - ok
17:27:15.0120 0x1be4 [ FA8B58F49F253F326A45395C7D877F97, 6DE43ED706679BDDDA9B8AD2C01A27CC03C2C684EF27FC01D68FC1622EDC85DA ] ClaraUpdater C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
17:27:15.0129 0x1be4 ClaraUpdater - ok
17:27:15.0156 0x1be4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
17:27:15.0165 0x1be4 CLFS - ok
17:27:15.0177 0x1be4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:15.0179 0x1be4 clr_optimization_v2.0.50727_32 - ok
17:27:15.0191 0x1be4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:27:15.0193 0x1be4 clr_optimization_v2.0.50727_64 - ok
17:27:15.0217 0x1be4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:15.0220 0x1be4 clr_optimization_v4.0.30319_32 - ok
17:27:15.0227 0x1be4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:27:15.0230 0x1be4 clr_optimization_v4.0.30319_64 - ok
17:27:15.0236 0x1be4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:27:15.0237 0x1be4 CmBatt - ok
17:27:15.0241 0x1be4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:27:15.0242 0x1be4 cmdide - ok
17:27:15.0261 0x1be4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
17:27:15.0271 0x1be4 CNG - ok
17:27:15.0276 0x1be4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:27:15.0277 0x1be4 Compbatt - ok
17:27:15.0281 0x1be4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:27:15.0283 0x1be4 CompositeBus - ok
17:27:15.0294 0x1be4 COMSysApp - ok
17:27:15.0362 0x1be4 [ 863A213EEE8E40C4EE112189636F1586, 60E9F9B8C7A19E06FA048CDABA92594F4504511A42B4B76EEDB4583C2154DB87 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:27:15.0376 0x1be4 cphs - ok
17:27:15.0384 0x1be4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:27:15.0386 0x1be4 crcdisk - ok
17:27:15.0409 0x1be4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:27:15.0414 0x1be4 CryptSvc - ok
17:27:15.0434 0x1be4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
17:27:15.0446 0x1be4 CSC - ok
17:27:15.0482 0x1be4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
17:27:15.0500 0x1be4 CscService - ok
17:27:15.0534 0x1be4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:27:15.0547 0x1be4 DcomLaunch - ok
17:27:15.0562 0x1be4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
17:27:15.0570 0x1be4 defragsvc - ok
17:27:15.0577 0x1be4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:27:15.0579 0x1be4 DfsC - ok
17:27:15.0607 0x1be4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:27:15.0615 0x1be4 Dhcp - ok
17:27:15.0621 0x1be4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
17:27:15.0622 0x1be4 discache - ok
17:27:15.0628 0x1be4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
17:27:15.0630 0x1be4 Disk - ok
17:27:15.0639 0x1be4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
17:27:15.0641 0x1be4 dmvsc - ok
17:27:15.0652 0x1be4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:27:15.0656 0x1be4 Dnscache - ok
17:27:15.0670 0x1be4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
17:27:15.0676 0x1be4 dot3svc - ok
17:27:15.0700 0x1be4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
17:27:15.0705 0x1be4 DPS - ok
17:27:15.0709 0x1be4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:27:15.0710 0x1be4 drmkaud - ok
17:27:15.0755 0x1be4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:27:15.0779 0x1be4 DXGKrnl - ok
17:27:15.0799 0x1be4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
17:27:15.0803 0x1be4 EapHost - ok
17:27:15.0939 0x1be4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:27:16.0024 0x1be4 ebdrv - ok
17:27:16.0036 0x1be4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
17:27:16.0037 0x1be4 EFS - ok
17:27:16.0141 0x1be4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:27:16.0158 0x1be4 ehRecvr - ok
17:27:16.0165 0x1be4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
17:27:16.0169 0x1be4 ehSched - ok
17:27:16.0201 0x1be4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:27:16.0215 0x1be4 elxstor - ok
17:27:16.0220 0x1be4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:27:16.0220 0x1be4 ErrDev - ok
17:27:16.0249 0x1be4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
17:27:16.0259 0x1be4 EventSystem - ok
17:27:16.0269 0x1be4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
17:27:16.0274 0x1be4 exfat - ok
17:27:16.0283 0x1be4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:27:16.0288 0x1be4 fastfat - ok
17:27:16.0313 0x1be4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
17:27:16.0330 0x1be4 Fax - ok
17:27:16.0336 0x1be4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
17:27:16.0337 0x1be4 fdc - ok
17:27:16.0344 0x1be4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
17:27:16.0346 0x1be4 fdPHost - ok
17:27:16.0352 0x1be4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
17:27:16.0354 0x1be4 FDResPub - ok
17:27:16.0359 0x1be4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:27:16.0361 0x1be4 FileInfo - ok
17:27:16.0368 0x1be4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:27:16.0369 0x1be4 Filetrace - ok
17:27:16.0373 0x1be4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:27:16.0374 0x1be4 flpydisk - ok
17:27:16.0386 0x1be4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:27:16.0392 0x1be4 FltMgr - ok
17:27:16.0475 0x1be4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
17:27:16.0503 0x1be4 FontCache - ok
17:27:16.0510 0x1be4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:27:16.0512 0x1be4 FontCache3.0.0.0 - ok
17:27:16.0517 0x1be4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:27:16.0519 0x1be4 FsDepends - ok
17:27:16.0523 0x1be4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:27:16.0524 0x1be4 Fs_Rec - ok
17:27:16.0536 0x1be4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:27:16.0541 0x1be4 fvevol - ok
17:27:16.0547 0x1be4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:27:16.0549 0x1be4 gagp30kx - ok
17:27:16.0567 0x1be4 globalUpdate - ok
17:27:16.0572 0x1be4 globalUpdatem - ok
17:27:16.0611 0x1be4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
17:27:16.0630 0x1be4 gpsvc - ok
17:27:16.0636 0x1be4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:27:16.0637 0x1be4 hcw85cir - ok
17:27:16.0651 0x1be4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:27:16.0659 0x1be4 HdAudAddService - ok
17:27:16.0668 0x1be4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:27:16.0671 0x1be4 HDAudBus - ok
17:27:16.0675 0x1be4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:27:16.0676 0x1be4 HidBatt - ok
17:27:16.0683 0x1be4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:27:16.0686 0x1be4 HidBth - ok
17:27:16.0692 0x1be4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
17:27:16.0693 0x1be4 HidIr - ok
17:27:16.0704 0x1be4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
17:27:16.0706 0x1be4 hidserv - ok
17:27:16.0718 0x1be4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:27:16.0719 0x1be4 HidUsb - ok
17:27:16.0725 0x1be4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:27:16.0729 0x1be4 hkmsvc - ok
17:27:16.0746 0x1be4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:27:16.0752 0x1be4 HomeGroupListener - ok
17:27:16.0771 0x1be4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:27:16.0777 0x1be4 HomeGroupProvider - ok
17:27:16.0784 0x1be4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:27:16.0786 0x1be4 HpSAMD - ok
17:27:16.0809 0x1be4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:27:16.0827 0x1be4 HTTP - ok
17:27:16.0832 0x1be4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:27:16.0833 0x1be4 hwpolicy - ok
17:27:16.0840 0x1be4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:27:16.0842 0x1be4 i8042prt - ok
17:27:16.0862 0x1be4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:27:16.0872 0x1be4 iaStorV - ok
17:27:16.0915 0x1be4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:27:16.0935 0x1be4 idsvc - ok
17:27:16.0940 0x1be4 IEEtwCollectorService - ok
17:27:16.0971 0x1be4 IePluginServices - ok
17:27:17.0141 0x1be4 [ 78C66B3AFEEE9DB358FC365105FAA69A, 8601D75B39FE417B2DB7C11875640F2BE8909381243EF4BBFD49B43B5891DC0E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:27:17.0240 0x1be4 igfx - ok
17:27:17.0257 0x1be4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:27:17.0258 0x1be4 iirsp - ok
17:27:17.0289 0x1be4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
17:27:17.0309 0x1be4 IKEEXT - ok
17:27:17.0513 0x1be4 [ 70DD225646BF84233E18890583E57EFB, 657CFBEBE5C131873BB0B28F6C719772E19D51B48A795E459C388C8EC5EE655B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:27:17.0606 0x1be4 IntcAzAudAddService - ok
17:27:17.0630 0x1be4 [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:27:17.0641 0x1be4 IntcDAud - ok
17:27:17.0678 0x1be4 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
17:27:17.0695 0x1be4 Intel(R) Capability Licensing Service Interface - ok
17:27:17.0725 0x1be4 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
17:27:17.0744 0x1be4 Intel(R) Capability Licensing Service TCP IP Interface - ok
17:27:17.0776 0x1be4 [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
17:27:17.0779 0x1be4 Intel(R) ME Service - ok
17:27:17.0785 0x1be4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
17:27:17.0786 0x1be4 intelide - ok
17:27:17.0791 0x1be4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:27:17.0793 0x1be4 intelppm - ok
17:27:17.0802 0x1be4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:27:17.0805 0x1be4 IPBusEnum - ok
17:27:17.0811 0x1be4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:27:17.0813 0x1be4 IpFilterDriver - ok
17:27:17.0840 0x1be4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:27:17.0854 0x1be4 iphlpsvc - ok
17:27:17.0861 0x1be4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:27:17.0863 0x1be4 IPMIDRV - ok
17:27:17.0870 0x1be4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:27:17.0873 0x1be4 IPNAT - ok
17:27:17.0878 0x1be4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:27:17.0878 0x1be4 IRENUM - ok
17:27:17.0894 0x1be4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:27:17.0894 0x1be4 isapnp - ok
17:27:17.0908 0x1be4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:27:17.0915 0x1be4 iScsiPrt - ok
17:27:17.0920 0x1be4 [ 3AD2F2F5D891FD49F9305D394BCF7A54, 7567F0DF0E527BAC1651A4A39B5252AF2B1F186B5FD4F0122B3B30207972F0E4 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:27:17.0921 0x1be4 iusb3hcs - ok
17:27:17.0937 0x1be4 [ F7248248D3F126E07E22193F3E5DDF77, A11FD50CFE329B4AE07387A31581BC01A972917F451C4257CDB45F818074EE9B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
17:27:17.0946 0x1be4 iusb3hub - ok
17:27:17.0975 0x1be4 [ AF7F994D4E9C37D54E9CDB6880D83205, A74F99786BC302101B4BEDEF543DBE85D75A2B1FEC6B4513626E6B941EF8D6A9 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:27:17.0994 0x1be4 iusb3xhc - ok
17:27:18.0005 0x1be4 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:27:18.0009 0x1be4 jhi_service - ok
17:27:18.0015 0x1be4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:27:18.0017 0x1be4 kbdclass - ok
17:27:18.0034 0x1be4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:27:18.0035 0x1be4 kbdhid - ok
17:27:18.0040 0x1be4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
17:27:18.0041 0x1be4 KeyIso - ok
17:27:18.0048 0x1be4 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:27:18.0051 0x1be4 KSecDD - ok
17:27:18.0059 0x1be4 [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:27:18.0063 0x1be4 KSecPkg - ok
17:27:18.0069 0x1be4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:27:18.0070 0x1be4 ksthunk - ok
17:27:18.0084 0x1be4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
17:27:18.0094 0x1be4 KtmRm - ok
17:27:18.0117 0x1be4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:27:18.0124 0x1be4 LanmanServer - ok
17:27:18.0140 0x1be4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:27:18.0144 0x1be4 LanmanWorkstation - ok
17:27:18.0154 0x1be4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:27:18.0155 0x1be4 lltdio - ok
17:27:18.0168 0x1be4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:27:18.0176 0x1be4 lltdsvc - ok
17:27:18.0183 0x1be4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:27:18.0185 0x1be4 lmhosts - ok
17:27:18.0212 0x1be4 [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:27:18.0221 0x1be4 LMS - ok
17:27:18.0252 0x1be4 [ 99468F9F7323DFC85DDFDD37ED4CBF50, 8A10C04EE3E50CAF81C9AC3600B21AAA8F265AE9FB7020AC44AC4C755DFCF572 ] lsdprn C:\Windows\SysWOW64\lsdprn.exe
17:27:18.0259 0x1be4 lsdprn - ok
17:27:18.0266 0x1be4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:27:18.0269 0x1be4 LSI_FC - ok
17:27:18.0276 0x1be4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:27:18.0279 0x1be4 LSI_SAS - ok
17:27:18.0297 0x1be4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:27:18.0300 0x1be4 LSI_SAS2 - ok
17:27:18.0308 0x1be4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:27:18.0311 0x1be4 LSI_SCSI - ok
17:27:18.0319 0x1be4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
17:27:18.0322 0x1be4 luafv - ok
17:27:18.0329 0x1be4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:27:18.0332 0x1be4 Mcx2Svc - ok
17:27:18.0349 0x1be4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
17:27:18.0351 0x1be4 megasas - ok
17:27:18.0363 0x1be4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:27:18.0370 0x1be4 MegaSR - ok
17:27:18.0383 0x1be4 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
17:27:18.0385 0x1be4 MEIx64 - ok
17:27:18.0397 0x1be4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
17:27:18.0400 0x1be4 MMCSS - ok
17:27:18.0405 0x1be4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
17:27:18.0406 0x1be4 Modem - ok
17:27:18.0411 0x1be4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:27:18.0412 0x1be4 monitor - ok
17:27:18.0425 0x1be4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:27:18.0426 0x1be4 mouclass - ok
17:27:18.0432 0x1be4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:27:18.0433 0x1be4 mouhid - ok
17:27:18.0439 0x1be4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:27:18.0442 0x1be4 mountmgr - ok
17:27:18.0450 0x1be4 [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:27:18.0453 0x1be4 MozillaMaintenance - ok
17:27:18.0467 0x1be4 [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
17:27:18.0473 0x1be4 MpFilter - ok
17:27:18.0493 0x1be4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
17:27:18.0497 0x1be4 mpio - ok
17:27:18.0503 0x1be4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:27:18.0505 0x1be4 mpsdrv - ok
17:27:18.0535 0x1be4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:27:18.0555 0x1be4 MpsSvc - ok
17:27:18.0564 0x1be4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:27:18.0568 0x1be4 MRxDAV - ok
17:27:18.0576 0x1be4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:27:18.0581 0x1be4 mrxsmb - ok
17:27:18.0595 0x1be4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:27:18.0602 0x1be4 mrxsmb10 - ok
17:27:18.0609 0x1be4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:27:18.0613 0x1be4 mrxsmb20 - ok
17:27:18.0619 0x1be4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
17:27:18.0620 0x1be4 msahci - ok
17:27:18.0638 0x1be4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:27:18.0641 0x1be4 msdsm - ok
17:27:18.0657 0x1be4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
17:27:18.0661 0x1be4 MSDTC - ok
17:27:18.0670 0x1be4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:27:18.0671 0x1be4 Msfs - ok
17:27:18.0675 0x1be4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:27:18.0675 0x1be4 mshidkmdf - ok
17:27:18.0681 0x1be4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:27:18.0682 0x1be4 msisadrv - ok
17:27:18.0690 0x1be4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:27:18.0695 0x1be4 MSiSCSI - ok
17:27:18.0700 0x1be4 msiserver - ok
17:27:18.0705 0x1be4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:27:18.0706 0x1be4 MSKSSRV - ok
17:27:18.0719 0x1be4 [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:27:18.0719 0x1be4 MsMpSvc - ok
17:27:18.0723 0x1be4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:27:18.0724 0x1be4 MSPCLOCK - ok
17:27:18.0729 0x1be4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:27:18.0730 0x1be4 MSPQM - ok
17:27:18.0747 0x1be4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:27:18.0757 0x1be4 MsRPC - ok
17:27:18.0764 0x1be4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:27:18.0766 0x1be4 mssmbios - ok
17:27:18.0770 0x1be4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:27:18.0770 0x1be4 MSTEE - ok
17:27:18.0775 0x1be4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:27:18.0776 0x1be4 MTConfig - ok
17:27:18.0782 0x1be4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
17:27:18.0784 0x1be4 Mup - ok
17:27:18.0802 0x1be4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
17:27:18.0815 0x1be4 napagent - ok
17:27:18.0846 0x1be4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:27:18.0854 0x1be4 NativeWifiP - ok
17:27:18.0908 0x1be4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
17:27:18.0930 0x1be4 NDIS - ok
17:27:18.0936 0x1be4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:27:18.0937 0x1be4 NdisCap - ok
17:27:18.0943 0x1be4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:27:18.0944 0x1be4 NdisTapi - ok
17:27:18.0951 0x1be4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:27:18.0952 0x1be4 Ndisuio - ok
17:27:18.0960 0x1be4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:27:18.0965 0x1be4 NdisWan - ok
17:27:18.0970 0x1be4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:27:18.0972 0x1be4 NDProxy - ok
17:27:18.0977 0x1be4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:27:18.0978 0x1be4 NetBIOS - ok
17:27:18.0993 0x1be4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:27:18.0999 0x1be4 NetBT - ok
17:27:19.0004 0x1be4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
17:27:19.0005 0x1be4 Netlogon - ok
17:27:19.0027 0x1be4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
17:27:19.0037 0x1be4 Netman - ok
17:27:19.0056 0x1be4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:19.0059 0x1be4 NetMsmqActivator - ok
17:27:19.0068 0x1be4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:19.0071 0x1be4 NetPipeActivator - ok
17:27:19.0088 0x1be4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
17:27:19.0100 0x1be4 netprofm - ok
17:27:19.0107 0x1be4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:19.0111 0x1be4 NetTcpActivator - ok
17:27:19.0118 0x1be4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:19.0122 0x1be4 NetTcpPortSharing - ok
17:27:19.0127 0x1be4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:27:19.0129 0x1be4 nfrd960 - ok
17:27:19.0137 0x1be4 [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:27:19.0141 0x1be4 NisDrv - ok
17:27:19.0169 0x1be4 [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:27:19.0178 0x1be4 NisSrv - ok
17:27:19.0190 0x1be4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:27:19.0198 0x1be4 NlaSvc - ok
17:27:19.0204 0x1be4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:27:19.0205 0x1be4 Npfs - ok
17:27:19.0216 0x1be4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
17:27:19.0218 0x1be4 nsi - ok
17:27:19.0222 0x1be4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:27:19.0223 0x1be4 nsiproxy - ok
17:27:19.0296 0x1be4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:27:19.0335 0x1be4 Ntfs - ok
17:27:19.0342 0x1be4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
17:27:19.0343 0x1be4 Null - ok
17:27:19.0352 0x1be4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:27:19.0356 0x1be4 nvraid - ok
17:27:19.0378 0x1be4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:27:19.0383 0x1be4 nvstor - ok
17:27:19.0391 0x1be4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:27:19.0394 0x1be4 nv_agp - ok
17:27:19.0401 0x1be4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:27:19.0403 0x1be4 ohci1394 - ok
17:27:19.0432 0x1be4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:19.0436 0x1be4 ose - ok
17:27:19.0651 0x1be4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:27:19.0765 0x1be4 osppsvc - ok
17:27:19.0787 0x1be4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:27:19.0796 0x1be4 p2pimsvc - ok
17:27:19.0824 0x1be4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
17:27:19.0835 0x1be4 p2psvc - ok
17:27:19.0842 0x1be4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
17:27:19.0845 0x1be4 Parport - ok
17:27:19.0852 0x1be4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:27:19.0854 0x1be4 partmgr - ok
17:27:19.0865 0x1be4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
17:27:19.0870 0x1be4 PcaSvc - ok
17:27:19.0879 0x1be4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
17:27:19.0884 0x1be4 pci - ok
17:27:19.0889 0x1be4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
17:27:19.0889 0x1be4 pciide - ok
17:27:19.0900 0x1be4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:27:19.0905 0x1be4 pcmcia - ok
17:27:19.0917 0x1be4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
17:27:19.0919 0x1be4 pcw - ok
17:27:19.0941 0x1be4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:27:19.0957 0x1be4 PEAUTH - ok
17:27:20.0002 0x1be4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:27:20.0035 0x1be4 PeerDistSvc - ok
17:27:20.0044 0x1be4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:27:20.0045 0x1be4 PerfHost - ok
17:27:20.0142 0x1be4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
17:27:20.0175 0x1be4 pla - ok
17:27:20.0199 0x1be4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:27:20.0210 0x1be4 PlugPlay - ok
17:27:20.0216 0x1be4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:27:20.0218 0x1be4 PNRPAutoReg - ok
17:27:20.0230 0x1be4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:27:20.0239 0x1be4 PNRPsvc - ok
17:27:20.0258 0x1be4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:27:20.0271 0x1be4 PolicyAgent - ok
17:27:20.0295 0x1be4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
17:27:20.0301 0x1be4 Power - ok
17:27:20.0308 0x1be4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:27:20.0311 0x1be4 PptpMiniport - ok
17:27:20.0317 0x1be4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
17:27:20.0319 0x1be4 Processor - ok
17:27:20.0332 0x1be4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
17:27:20.0339 0x1be4 ProfSvc - ok
17:27:20.0343 0x1be4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:27:20.0345 0x1be4 ProtectedStorage - ok
17:27:20.0354 0x1be4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:27:20.0357 0x1be4 Psched - ok
17:27:20.0415 0x1be4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:27:20.0450 0x1be4 ql2300 - ok
17:27:20.0460 0x1be4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:27:20.0463 0x1be4 ql40xx - ok
17:27:20.0474 0x1be4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
17:27:20.0481 0x1be4 QWAVE - ok
17:27:20.0486 0x1be4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:27:20.0488 0x1be4 QWAVEdrv - ok
17:27:20.0493 0x1be4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:27:20.0493 0x1be4 RasAcd - ok
17:27:20.0500 0x1be4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:27:20.0502 0x1be4 RasAgileVpn - ok
17:27:20.0509 0x1be4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
17:27:20.0512 0x1be4 RasAuto - ok
17:27:20.0520 0x1be4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:27:20.0524 0x1be4 Rasl2tp - ok
17:27:20.0552 0x1be4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
17:27:20.0562 0x1be4 RasMan - ok
17:27:20.0569 0x1be4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:27:20.0572 0x1be4 RasPppoe - ok
17:27:20.0578 0x1be4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:27:20.0580 0x1be4 RasSstp - ok
17:27:20.0594 0x1be4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:27:20.0602 0x1be4 rdbss - ok
17:27:20.0607 0x1be4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:27:20.0608 0x1be4 rdpbus - ok
17:27:20.0612 0x1be4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:27:20.0612 0x1be4 RDPCDD - ok
17:27:20.0624 0x1be4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:27:20.0628 0x1be4 RDPDR - ok
17:27:20.0634 0x1be4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:27:20.0634 0x1be4 RDPENCDD - ok
17:27:20.0640 0x1be4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:27:20.0641 0x1be4 RDPREFMP - ok
17:27:20.0652 0x1be4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:27:20.0657 0x1be4 RDPWD - ok
17:27:20.0673 0x1be4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:27:20.0680 0x1be4 rdyboost - ok
17:27:20.0687 0x1be4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:27:20.0690 0x1be4 RemoteAccess - ok
17:27:20.0699 0x1be4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:27:20.0704 0x1be4 RemoteRegistry - ok
17:27:20.0725 0x1be4 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:27:20.0729 0x1be4 RFCOMM - ok
17:27:20.0740 0x1be4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:27:20.0744 0x1be4 RpcEptMapper - ok
17:27:20.0749 0x1be4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
17:27:20.0750 0x1be4 RpcLocator - ok
17:27:20.0781 0x1be4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
17:27:20.0795 0x1be4 RpcSs - ok
17:27:20.0801 0x1be4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:27:20.0804 0x1be4 rspndr - ok
17:27:20.0855 0x1be4 [ 543AFFECD35CFABD4490661F83685A0D, 819C022284E54C950D1144B9260C944D493CB4646713B30790818EFC99B82CCB ] RtkBleServ C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe
17:27:20.0856 0x1be4 RtkBleServ - ok
17:27:20.0888 0x1be4 [ E60B9B95D4E5A712CC2937BEC76A4204, C55B8757096FAD6F8B52DE062F96737A17E0DB2358F133602CDAB142E3F5EF32 ] RtkBtFilter C:\Windows\system32\DRIVERS\RtkBtfilter.sys
17:27:20.0903 0x1be4 RtkBtFilter - ok
17:27:20.0943 0x1be4 [ 46596144363B912105F70016F0E2F908, 199FF8BFA60D8E9662F3C785146FAED3231B514D260F795B2B9857DC1EEB2E4B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:27:20.0964 0x1be4 RTL8167 - ok
17:27:21.0116 0x1be4 [ A4EAF68208D8D5A5A218425EFAE70D93, 53FD84714BC42C51BD81ABC1BD1382420B0E4AF502105EBC2CBB93885B97B320 ] RTWlanE C:\Windows\system32\DRIVERS\rtwlane.sys
17:27:21.0192 0x1be4 RTWlanE - ok
17:27:21.0201 0x1be4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:27:21.0202 0x1be4 s3cap - ok
17:27:21.0207 0x1be4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
17:27:21.0208 0x1be4 SamSs - ok
17:27:21.0223 0x1be4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:27:21.0227 0x1be4 sbp2port - ok
17:27:21.0238 0x1be4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:27:21.0244 0x1be4 SCardSvr - ok
17:27:21.0250 0x1be4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:27:21.0251 0x1be4 scfilter - ok
17:27:21.0301 0x1be4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
17:27:21.0328 0x1be4 Schedule - ok
17:27:21.0344 0x1be4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:27:21.0347 0x1be4 SCPolicySvc - ok
17:27:21.0356 0x1be4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:27:21.0361 0x1be4 SDRSVC - ok
17:27:21.0367 0x1be4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:27:21.0368 0x1be4 secdrv - ok
17:27:21.0373 0x1be4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
17:27:21.0375 0x1be4 seclogon - ok
17:27:21.0391 0x1be4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
17:27:21.0394 0x1be4 SENS - ok
17:27:21.0401 0x1be4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:27:21.0403 0x1be4 SensrSvc - ok
17:27:21.0408 0x1be4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:27:21.0409 0x1be4 Serenum - ok
17:27:21.0415 0x1be4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
17:27:21.0417 0x1be4 Serial - ok
17:27:21.0422 0x1be4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:27:21.0423 0x1be4 sermouse - ok
17:27:21.0437 0x1be4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
17:27:21.0442 0x1be4 SessionEnv - ok
17:27:21.0446 0x1be4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:27:21.0448 0x1be4 sffdisk - ok
17:27:21.0452 0x1be4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:27:21.0453 0x1be4 sffp_mmc - ok
17:27:21.0457 0x1be4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:27:21.0458 0x1be4 sffp_sd - ok
17:27:21.0463 0x1be4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:27:21.0465 0x1be4 sfloppy - ok
17:27:21.0479 0x1be4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:27:21.0489 0x1be4 SharedAccess - ok
17:27:21.0517 0x1be4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:27:21.0527 0x1be4 ShellHWDetection - ok
17:27:21.0532 0x1be4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:27:21.0533 0x1be4 SiSRaid2 - ok
17:27:21.0539 0x1be4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:27:21.0542 0x1be4 SiSRaid4 - ok
17:27:21.0548 0x1be4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:27:21.0551 0x1be4 Smb - ok
17:27:21.0559 0x1be4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:27:21.0561 0x1be4 SNMPTRAP - ok
17:27:21.0567 0x1be4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
17:27:21.0568 0x1be4 spldr - ok
17:27:21.0597 0x1be4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
17:27:21.0612 0x1be4 Spooler - ok
17:27:21.0754 0x1be4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
17:27:21.0836 0x1be4 sppsvc - ok
17:27:21.0848 0x1be4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:27:21.0851 0x1be4 sppuinotify - ok
17:27:21.0874 0x1be4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:27:21.0885 0x1be4 srv - ok
17:27:21.0902 0x1be4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:27:21.0912 0x1be4 srv2 - ok
17:27:21.0922 0x1be4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:27:21.0926 0x1be4 srvnet - ok
17:27:21.0946 0x1be4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:27:21.0952 0x1be4 SSDPSRV - ok
17:27:21.0958 0x1be4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:27:21.0962 0x1be4 SstpSvc - ok
17:27:21.0967 0x1be4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:27:21.0968 0x1be4 stexstor - ok
17:27:22.0001 0x1be4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
17:27:22.0016 0x1be4 stisvc - ok
17:27:22.0022 0x1be4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:27:22.0023 0x1be4 storflt - ok
17:27:22.0028 0x1be4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
17:27:22.0030 0x1be4 StorSvc - ok
17:27:22.0035 0x1be4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:27:22.0037 0x1be4 storvsc - ok
17:27:22.0041 0x1be4 [ 414E6C0BC887308C8DAE1264E077176B, 4A99B70CE33A01195F62CC1FAF2CBE95BE18C94BA0F2F31F8769CD45C546C7F8 ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
17:27:22.0042 0x1be4 SWDUMon - ok
17:27:22.0050 0x1be4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:27:22.0051 0x1be4 swenum - ok
17:27:22.0069 0x1be4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
17:27:22.0083 0x1be4 swprv - ok
17:27:22.0153 0x1be4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
17:27:22.0195 0x1be4 SysMain - ok
17:27:22.0204 0x1be4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:27:22.0207 0x1be4 TabletInputService - ok
17:27:22.0224 0x1be4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
17:27:22.0233 0x1be4 TapiSrv - ok
17:27:22.0239 0x1be4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
17:27:22.0243 0x1be4 TBS - ok
17:27:22.0367 0x1be4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:27:22.0411 0x1be4 Tcpip - ok
17:27:22.0503 0x1be4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:27:22.0547 0x1be4 TCPIP6 - ok
17:27:22.0557 0x1be4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:27:22.0558 0x1be4 tcpipreg - ok
17:27:22.0565 0x1be4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:27:22.0566 0x1be4 TDPIPE - ok
17:27:22.0571 0x1be4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:27:22.0572 0x1be4 TDTCP - ok
17:27:22.0579 0x1be4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:27:22.0583 0x1be4 tdx - ok
17:27:22.0697 0x1be4 [ 5E53CF8AD0FD33B35000C113656AB37B, D274DABC4DB03AC5B915F5111FF1218F4F2F9EC93B4A64E426BB7AD27A16C7A1 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
17:27:22.0761 0x1be4 TeamViewer7 - ok
17:27:22.0771 0x1be4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:27:22.0772 0x1be4 TermDD - ok
17:27:22.0798 0x1be4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
17:27:22.0815 0x1be4 TermService - ok
17:27:22.0833 0x1be4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
17:27:22.0835 0x1be4 Themes - ok
17:27:22.0841 0x1be4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
17:27:22.0844 0x1be4 THREADORDER - ok
17:27:22.0853 0x1be4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
17:27:22.0858 0x1be4 TrkWks - ok
17:27:22.0880 0x1be4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:27:22.0885 0x1be4 TrustedInstaller - ok
17:27:22.0892 0x1be4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:27:22.0894 0x1be4 tssecsrv - ok
17:27:22.0900 0x1be4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:27:22.0902 0x1be4 TsUsbFlt - ok
17:27:22.0907 0x1be4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:27:22.0908 0x1be4 TsUsbGD - ok
17:27:22.0932 0x1be4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:27:22.0935 0x1be4 tunnel - ok
17:27:22.0941 0x1be4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:27:22.0943 0x1be4 uagp35 - ok
17:27:22.0958 0x1be4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:27:22.0966 0x1be4 udfs - ok
17:27:22.0975 0x1be4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:27:22.0978 0x1be4 UI0Detect - ok
17:27:22.0985 0x1be4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:27:22.0987 0x1be4 uliagpkx - ok
17:27:22.0992 0x1be4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:27:22.0993 0x1be4 umbus - ok
17:27:22.0999 0x1be4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
17:27:22.0999 0x1be4 UmPass - ok
17:27:23.0010 0x1be4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:27:23.0016 0x1be4 UmRdpService - ok
17:27:23.0040 0x1be4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
17:27:23.0050 0x1be4 upnphost - ok
17:27:23.0057 0x1be4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:27:23.0060 0x1be4 usbccgp - ok
17:27:23.0067 0x1be4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:27:23.0070 0x1be4 usbcir - ok
17:27:23.0075 0x1be4 [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:27:23.0076 0x1be4 usbehci - ok
17:27:23.0092 0x1be4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\drivers\usbhub.sys
17:27:23.0103 0x1be4 usbhub - ok
17:27:23.0112 0x1be4 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:27:23.0114 0x1be4 usbohci - ok
17:27:23.0125 0x1be4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:27:23.0127 0x1be4 usbprint - ok
17:27:23.0140 0x1be4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\drivers\usbscan.sys
17:27:23.0142 0x1be4 usbscan - ok
17:27:23.0149 0x1be4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:27:23.0151 0x1be4 USBSTOR - ok
17:27:23.0156 0x1be4 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:27:23.0157 0x1be4 usbuhci - ok
17:27:23.0168 0x1be4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:27:23.0173 0x1be4 usbvideo - ok
17:27:23.0188 0x1be4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
17:27:23.0191 0x1be4 UxSms - ok
17:27:23.0195 0x1be4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
17:27:23.0197 0x1be4 VaultSvc - ok
17:27:23.0205 0x1be4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:27:23.0208 0x1be4 vdrvroot - ok
17:27:23.0228 0x1be4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
17:27:23.0243 0x1be4 vds - ok
17:27:23.0250 0x1be4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:27:23.0251 0x1be4 vga - ok
17:27:23.0256 0x1be4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:27:23.0257 0x1be4 VgaSave - ok
17:27:23.0268 0x1be4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:27:23.0273 0x1be4 vhdmp - ok
17:27:23.0278 0x1be4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
17:27:23.0279 0x1be4 viaide - ok
17:27:23.0293 0x1be4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:27:23.0299 0x1be4 vmbus - ok
17:27:23.0305 0x1be4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:27:23.0306 0x1be4 VMBusHID - ok
17:27:23.0313 0x1be4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:27:23.0315 0x1be4 volmgr - ok
17:27:23.0331 0x1be4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:27:23.0340 0x1be4 volmgrx - ok
17:27:23.0354 0x1be4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:27:23.0361 0x1be4 volsnap - ok
17:27:23.0372 0x1be4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:27:23.0377 0x1be4 vsmraid - ok
17:27:23.0444 0x1be4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
17:27:23.0483 0x1be4 VSS - ok
17:27:23.0489 0x1be4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:27:23.0490 0x1be4 vwifibus - ok
17:27:23.0495 0x1be4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:27:23.0497 0x1be4 vwififlt - ok
17:27:23.0514 0x1be4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
17:27:23.0525 0x1be4 W32Time - ok
17:27:23.0534 0x1be4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:27:23.0535 0x1be4 WacomPen - ok
17:27:23.0542 0x1be4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:27:23.0544 0x1be4 WANARP - ok
17:27:23.0551 0x1be4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:27:23.0553 0x1be4 Wanarpv6 - ok
17:27:23.0616 0x1be4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:27:23.0645 0x1be4 WatAdminSvc - ok
17:27:23.0691 0x1be4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
17:27:23.0727 0x1be4 wbengine - ok
17:27:23.0761 0x1be4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:27:23.0769 0x1be4 WbioSrvc - ok
17:27:23.0785 0x1be4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:27:23.0795 0x1be4 wcncsvc - ok
17:27:23.0802 0x1be4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:27:23.0805 0x1be4 WcsPlugInService - ok
17:27:23.0814 0x1be4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
17:27:23.0815 0x1be4 Wd - ok
17:27:23.0843 0x1be4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:27:23.0862 0x1be4 Wdf01000 - ok
17:27:23.0880 0x1be4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:27:23.0884 0x1be4 WdiServiceHost - ok
17:27:23.0890 0x1be4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:27:23.0894 0x1be4 WdiSystemHost - ok
17:27:23.0907 0x1be4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
17:27:23.0915 0x1be4 WebClient - ok
17:27:23.0926 0x1be4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:27:23.0933 0x1be4 Wecsvc - ok
17:27:23.0942 0x1be4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:27:23.0946 0x1be4 wercplsupport - ok
17:27:23.0953 0x1be4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
17:27:23.0957 0x1be4 WerSvc - ok
17:27:23.0962 0x1be4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:27:23.0964 0x1be4 WfpLwf - ok
17:27:23.0969 0x1be4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:27:23.0970 0x1be4 WIMMount - ok
17:27:23.0974 0x1be4 WinDefend - ok
17:27:24.0002 0x1be4 WindowsMangerProtect - ok
17:27:24.0004 0x1be4 WinHttpAutoProxySvc - ok
17:27:24.0177 0x1be4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:27:24.0190 0x1be4 Winmgmt - ok
17:27:24.0282 0x1be4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
17:27:24.0331 0x1be4 WinRM - ok
17:27:24.0343 0x1be4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:27:24.0345 0x1be4 WinUsb - ok
17:27:24.0385 0x1be4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:27:24.0408 0x1be4 Wlansvc - ok
17:27:24.0414 0x1be4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:27:24.0415 0x1be4 WmiAcpi - ok
17:27:24.0427 0x1be4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:27:24.0432 0x1be4 wmiApSrv - ok
17:27:24.0442 0x1be4 WMPNetworkSvc - ok
17:27:24.0450 0x1be4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:27:24.0452 0x1be4 WPCSvc - ok
17:27:24.0459 0x1be4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:27:24.0464 0x1be4 WPDBusEnum - ok
17:27:24.0470 0x1be4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:27:24.0471 0x1be4 ws2ifsl - ok
17:27:24.0489 0x1be4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
17:27:24.0493 0x1be4 wscsvc - ok
17:27:24.0498 0x1be4 WSearch - ok
17:27:24.0612 0x1be4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
17:27:24.0671 0x1be4 wuauserv - ok
17:27:24.0682 0x1be4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:27:24.0684 0x1be4 WudfPf - ok
17:27:24.0694 0x1be4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:27:24.0699 0x1be4 WUDFRd - ok
17:27:24.0716 0x1be4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:27:24.0720 0x1be4 wudfsvc - ok
17:27:24.0730 0x1be4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
17:27:24.0738 0x1be4 WwanSvc - ok
17:27:24.0748 0x1be4 ================ Scan global ===============================
17:27:24.0765 0x1be4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:27:24.0802 0x1be4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:27:24.0821 0x1be4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:27:24.0838 0x1be4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:27:24.0864 0x1be4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:27:24.0873 0x1be4 [ Global ] - ok
17:27:24.0873 0x1be4 ================ Scan MBR ==================================
17:27:24.0890 0x1be4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:27:24.0895 0x1be4 \Device\Harddisk0\DR0 - ok
17:27:24.0919 0x1be4 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:27:31.0313 0x1be4 \Device\Harddisk1\DR1 - ok
17:27:31.0314 0x1be4 ================ Scan VBR ==================================
17:27:31.0320 0x1be4 [ B404DD659A8765A210A2AD0DF5EC8C16 ] \Device\Harddisk0\DR0\Partition1
17:27:31.0320 0x1be4 \Device\Harddisk0\DR0\Partition1 - ok
17:27:31.0323 0x1be4 [ D12E6CA927411140FEF4F42655969CE1 ] \Device\Harddisk0\DR0\Partition2
17:27:31.0323 0x1be4 \Device\Harddisk0\DR0\Partition2 - ok
17:27:31.0327 0x1be4 [ A2E074C7696BECC87DA32EBE7144FBBC ] \Device\Harddisk0\DR0\Partition3
17:27:31.0329 0x1be4 \Device\Harddisk0\DR0\Partition3 - ok
17:27:31.0332 0x1be4 [ EA0CA039C6CAA16FBF8F1E712678223B ] \Device\Harddisk1\DR1\Partition1
17:27:31.0348 0x1be4 \Device\Harddisk1\DR1\Partition1 - ok
17:27:31.0349 0x1be4 ================ Scan generic autorun ======================
17:27:31.0819 0x1be4 [ 37C6C318D6AFAFA2EBA99820EDF21DA6, 5693AA141B947761EE41FBDC6F16FDC5BBB5BA8EBE1DEC90AD6EF33BFAF885A5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:27:32.0261 0x1be4 RtHDVCpl - ok
17:27:32.0329 0x1be4 [ 2EFD6AD223D2650B9B822374EE311CCA, EE4A6DE21DFAB55E870BBE27E924344D7BF765E5F2A356FCC1AFFA6EA56D52C1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:27:32.0363 0x1be4 RtHDVBg_Dolby - ok
17:27:32.0404 0x1be4 [ 2EFD6AD223D2650B9B822374EE311CCA, EE4A6DE21DFAB55E870BBE27E924344D7BF765E5F2A356FCC1AFFA6EA56D52C1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:27:32.0434 0x1be4 RtHDVBg_LENOVO_DOLBYDRAGON - ok
17:27:32.0475 0x1be4 [ 2EFD6AD223D2650B9B822374EE311CCA, EE4A6DE21DFAB55E870BBE27E924344D7BF765E5F2A356FCC1AFFA6EA56D52C1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:27:32.0506 0x1be4 RtHDVBg_LENOVO_MICPKEY - ok
17:27:32.0535 0x1be4 [ E3C6E63A32CC12E510F31CEEA4999262, 2AC98C053C1DEBF12A0549728C7EBD1E7A3072CB9E57BE5C00C97ECC9FA4056F ] C:\Windows\system32\igfxtray.exe
17:27:32.0546 0x1be4 IgfxTray - ok
17:27:32.0582 0x1be4 [ BE38FADB7B361C828611B1A5EDC22186, 0AFBC5E31C90C2FF03474C303B11974A806ABD101D47A79AAA34647202D5F2B4 ] C:\Windows\system32\hkcmd.exe
17:27:32.0602 0x1be4 HotKeysCmds - ok
17:27:32.0625 0x1be4 [ 7583ABEC797AE19BD83FD23D22646C32, C52C52E80A108AC7ED6522E5773006CA5AB50761F1DD61F45D50F16550FA5BDE ] C:\Windows\system32\igfxpers.exe
17:27:32.0645 0x1be4 Persistence - ok
17:27:32.0664 0x1be4 [ 331467D59C364FC8A1C82FD92A5FA5B6, 6C44102DA3B4FE47C8438A54CF50B989527B82BC19288E9FE71906CC5024451B ] C:\Windows\SysWOW64\UMonit64.exe
17:27:32.0666 0x1be4 UMonit64 - ok
17:27:32.0689 0x1be4 [ DC57AC8A3FCFD13669D027EE56AEBCC0, FE0C3B91C69FBE36036C0D9B20A28BCD8D6B009C7297577724972BB89BFBAF44 ] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
17:27:32.0694 0x1be4 BtServer - ok
17:27:32.0745 0x1be4 [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
17:27:32.0778 0x1be4 MSC - ok
17:27:32.0846 0x1be4 [ 11AABAF24A985BF026C7B86F0F7C8CA7, 26C276894EE9FB30D33115D052ED0DC364A0A17625E059D925988A3822A8AAF8 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
17:27:32.0862 0x1be4 USB3MON - ok
17:27:32.0914 0x1be4 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:27:32.0937 0x1be4 Adobe ARM - ok
17:27:32.0977 0x1be4 [ DDEFF7E98629203E66BB4298FABC5983, 59CBE0A49AAA93898831B1D64FFB1D0809736CABB4D19843DB2E99C2650D1AD9 ] C:\Program Files (x86)\PDF24\pdf24.exe
17:27:32.0981 0x1be4 PDFPrint - ok
17:27:33.0033 0x1be4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:27:33.0072 0x1be4 Sidebar - ok
17:27:33.0079 0x1be4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:27:33.0083 0x1be4 mctadmin - ok
17:27:33.0133 0x1be4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:27:33.0160 0x1be4 Sidebar - ok
17:27:33.0166 0x1be4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:27:33.0169 0x1be4 mctadmin - ok
17:27:33.0248 0x1be4 [ 35F15E1008B605711829F02D6090A691, 87946612701E58D2C1634A738F43F59253CB591A5425355FF1CA5B7F417C182F ] C:\Users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe
17:27:33.0268 0x1be4 smoother - ok
17:27:33.0310 0x1be4 [ 9ED86BF07EB647A68A5AAEF65F0DF503, D836F3105A17141F2D416DBB98412C977F690BD5CA8F57EEF6AF88CF98F98935 ] C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe
17:27:33.0322 0x1be4 clicup-Agent - ok
17:27:33.0590 0x1be4 [ 05AD6DFEC9D08F7B95A2B35C47A02F5B, 7D17A260350C04654A3215DB2BB2CEA2A7350C8AE5441659EF37CEF7EC6B2CEA ] C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
17:27:33.0755 0x1be4 BoBrowser - ok
17:27:33.0789 0x1be4 [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\system32\StikyNot.exe
17:27:33.0801 0x1be4 RESTART_STICKY_NOTES - ok
17:27:33.0803 0x1be4 Waiting for KSN requests completion. In queue: 21
17:27:34.0828 0x1be4 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
17:27:34.0837 0x1be4 Win FW state via NFP2: enabled
17:27:37.0686 0x1be4 ============================================================
17:27:37.0686 0x1be4 Scan finished
17:27:37.0686 0x1be4 ============================================================
17:27:37.0710 0x1b74 Detected object count: 0
17:27:37.0710 0x1b74 Actual detected object count: 0
17:28:31.0601 0x0574 Deinitialize success
|
|
24.11.2014, 18:17
| #4 |
| | Windows7: Ads by clickupCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Myriam at 2014-11-24 15:37:34
Running from C:\Users\Myriam\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
BoBrowser (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\BoBrowser) (Version: 36.0.1985.131 - BoBrowser) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
clicup (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\clicup) (Version: 1.0 - Ad Businness Crown Solutions)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EasyCash&Tax 2.15 (HKLM-x32\...\EasyCash&Tax_is1) (Version: - tm)
EasyRide&Tax 2.2 (HKLM-x32\...\EasyRide&Tax_is1) (Version: - tm)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.806.806.022114 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0237 - )
RocketTab (HKLM-x32\...\RocketTab) (Version: - RocketTab) <==== ATTENTION
SaleItCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - SaleItCoupon) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmootherWeb (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 Version: 1.0 - SmootherWeb LLC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
12-11-2014 19:54:17 Windows Update
13-11-2014 11:38:36 Removed DriverUpdate
13-11-2014 11:59:44 Removed SlimCleaner Plus
13-11-2014 12:00:02 Removed DriverUpdate
14-11-2014 18:00:03 Windows-Sicherung
17-11-2014 07:26:16 Windows Update
19-11-2014 21:28:36 Windows Update
21-11-2014 18:00:06 Windows-Sicherung
21-11-2014 19:27:12 Windows Update
23-11-2014 11:06:29 Removed Microsoft Silverlight
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {212D6219-4550-4D60-9AB7-BD4DB801AF4E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {36A7554D-40F5-4CB5-BABB-A2E448252085} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3DF8667D-2A89-4F3A-B1A9-9F4AB11351BE} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {60C1F26F-1E5F-4360-8546-6B96E644373C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {93CE497B-B917-44BA-BD64-DE85F685579F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEB89269-D705-40B9-9C47-A6B8BBAF24CF} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-23] () <==== ATTENTION
Task: {C170EF29-2782-4E21-B0DA-6061E9D6F6E3} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {DF19386C-AB80-4284-84EA-B3B8B5B67A56} - System32\Tasks\Digital Sites => C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2014-11-08] () <==== ATTENTION
Task: {E221BF50-FDC2-4FA2-8DFE-25F0760D9844} - System32\Tasks\Run_Bobby_Browser => C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [2014-10-22] (The BoBrowser Authors)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Myriam\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2014-10-18 12:39 - 2014-01-06 17:47 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-11-23 09:46 - 2014-11-23 09:46 - 05812224 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-10-18 12:41 - 2014-01-22 13:04 - 00084992 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-11-23 10:01 - 2014-11-02 10:35 - 00268600 _____ () C:\Windows\SysWOW64\lsdprn.exe
2014-10-18 12:34 - 2013-10-01 16:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-11-23 09:46 - 2014-10-22 10:35 - 00873472 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\libglesv2.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 00128512 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\libegl.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 00387072 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\ppGoogleNaClPluginChrome.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 02012160 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\ffmpegsumo.dll
2014-10-18 12:35 - 2013-09-04 06:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-11 07:00 - 2014-11-11 07:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-20 07:32 - 2014-10-20 07:32 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Myriam\Downloads\X17-75062.exe:AFP_AfpInfo
AlternateDataStreams: C:\Users\Myriam\Downloads\X17-75062.exe:Mac_Metadata
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1313315996-2717873473-2842918071-500 - Administrator - Disabled)
Gast (S-1-5-21-1313315996-2717873473-2842918071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1313315996-2717873473-2842918071-1002 - Limited - Enabled)
Myriam (S-1-5-21-1313315996-2717873473-2842918071-1000 - Administrator - Enabled) => C:\Users\Myriam
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/23/2014 00:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/23/2014 11:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/23/2014 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xaf8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/23/2014 09:47:48 AM) (Source: MsiInstaller) (EventID: 11309) (User: Myriam-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (11/23/2014 09:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1188
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/23/2014 09:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x15e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/22/2014 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 06:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 10:23:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 10:14:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/23/2014 00:16:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/23/2014 00:14:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.
Error: (11/23/2014 00:10:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/23/2014 11:58:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (11/23/2014 11:56:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.
Error: (11/23/2014 11:56:00 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (11/23/2014 09:46:38 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ClaraUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/22/2014 00:09:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{905AFA44-4336-45E6-A9B1-D6C7A57ECB5E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/21/2014 06:10:24 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{905AFA44-4336-45E6-A9B1-D6C7A57ECB5E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/20/2014 11:22:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (11/23/2014 00:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/23/2014 11:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/23/2014 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425af801d006fbe309974bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll58ce4ca8-72ef-11e4-ac05-9cad97aa1f76
Error: (11/23/2014 09:47:48 AM) (Source: MsiInstaller) (EventID: 11309) (User: Myriam-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (11/23/2014 09:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425118801d006f95de3d8b8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3643d75b-72ed-11e4-ac05-9cad97aa1f76
Error: (11/23/2014 09:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee800000030000142515e801d006f47871de29C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla364e7eb-72eb-11e4-ac05-9cad97aa1f76
Error: (11/22/2014 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2014 06:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 10:23:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2014 10:14:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 54%
Total physical RAM: 4003.95 MB
Available physical RAM: 1839.23 MB
Total Pagefile: 8006.07 MB
Available Pagefile: 5497.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.54 GB) (Free:409.45 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D9FA2484)
Partition: GPT Partition Type.
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Myriam (administrator) on MYRIAM-PC on 24-11-2014 15:37:09
Running from C:\Users\Myriam\Downloads
Loaded Profile: Myriam (Available profiles: Myriam)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(clicup) C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\lsdprn.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [53248 2014-01-06] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [mbot_de_300] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [smoother] => C:\Users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [clicup-Agent] => C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe [509424 2014-11-06] (clicup)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [BoBrowser] => C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [7348224 2014-10-22] (The BoBrowser Authors)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\MountPoints2: {995bf4fa-56b4-11e4-82bf-c58847a17502} - E:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1313315996-2717873473-2842918071-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE160AC8BCAEACF01
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CyCyD0FyDtD0AtGzztCyD0EtGyEtAtAtAtG0Ezz0BzztGtBtD0F0DyD0CtBzz0EtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=960638948&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CyCyD0FyDtD0AtGzztCyD0EtGyEtAtAtAtG0Ezz0BzztGtBtD0F0DyD0CtBzz0EtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=960638948&ir=
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\user.js
FF SearchPlugin: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\searchplugins\ixquick-https.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TinyWallet) - C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc [2014-11-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [325744 2014-11-23] (ClaraLabs)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-11-13] (Cherished Technololgy LIMITED)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 lsdprn; C:\Windows\SysWOW64\lsdprn.exe [268600 2014-11-02] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-13] (Fuyu LIMITED)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-02-18] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-02-20] (Realtek Semiconductor Corporation )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-13] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 15:34 - 2014-11-24 15:36 - 00022422 _____ () C:\Users\Myriam\Downloads\Addition.txt
2014-11-24 15:33 - 2014-11-24 15:37 - 00017547 _____ () C:\Users\Myriam\Downloads\FRST.txt
2014-11-24 15:33 - 2014-11-24 15:37 - 00000000 ____D () C:\FRST
2014-11-24 15:30 - 2014-11-24 15:30 - 02118144 _____ (Farbar) C:\Users\Myriam\Downloads\FRST64.exe
2014-11-24 15:29 - 2014-11-24 15:29 - 00000000 ____D () C:\Users\Myriam\Downloads\Empf von TrojanerBoard
2014-11-24 15:26 - 2014-11-24 15:26 - 00000000 _____ () C:\Users\Myriam\defogger_reenable
2014-11-23 11:49 - 2014-11-23 11:49 - 00004018 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-23 11:47 - 2014-11-23 11:47 - 00000000 ____D () C:\ProgramData\600440862
2014-11-23 10:06 - 2014-11-23 10:06 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\QuickScan
2014-11-23 10:05 - 2014-11-23 12:13 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-11-23 10:04 - 2014-11-23 10:04 - 00000000 ____D () C:\Program Files (x86)\predm
2014-11-23 10:03 - 2014-11-23 12:14 - 00000442 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 10:03 - 2014-11-23 12:14 - 00000000 ____D () C:\ProgramData\TinyWallet
2014-11-23 10:03 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\TinyWallet
2014-11-23 10:03 - 2014-11-23 10:26 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator
2014-11-23 10:01 - 2014-11-23 12:09 - 00000000 ____D () C:\Program Files\shopperz
2014-11-23 10:01 - 2014-11-02 10:35 - 00268600 _____ () C:\Windows\SysWOW64\lsdprn.exe
2014-11-23 09:48 - 2014-11-23 09:48 - 00003150 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2014-11-23 09:47 - 2014-11-24 09:52 - 00000958 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-11-23 09:47 - 2014-11-24 09:52 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-11-23 09:47 - 2014-11-23 09:47 - 00003956 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-11-23 09:47 - 2014-11-23 09:47 - 00003702 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-11-23 09:47 - 2014-11-23 09:47 - 00000000 ____D () C:\Users\Myriam\AppData\Local\globalUpdate
2014-11-23 09:46 - 2014-11-23 09:48 - 00000000 ____D () C:\Users\Myriam\AppData\Local\BoBrowser
2014-11-23 09:46 - 2014-11-23 09:46 - 00004328 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-11-23 09:46 - 2014-11-23 09:46 - 00003542 _____ () C:\Windows\System32\Tasks\RocketTab
2014-11-23 09:46 - 2014-11-23 09:46 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-11-23 09:44 - 2014-11-23 11:56 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-11-23 09:35 - 2014-11-23 12:14 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\SmootherWeb
2014-11-23 09:35 - 2014-11-23 09:35 - 00001831 _____ () C:\Windows\patsearch.bin
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\Users\Myriam\AppData\Local\clicup
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\SmootherWeb
2014-11-23 09:32 - 2014-11-23 09:32 - 00593992 _____ (didico conscientia argumentum meretrix) C:\Users\Myriam\Downloads\Adobe%20Flash%20Player%20IE.exe
2014-11-22 14:53 - 2014-11-22 14:53 - 09665384 _____ () C:\Users\Myriam\Documents\Regale voller GoldBarren Focus online.odt
2014-11-22 07:34 - 2014-11-22 07:34 - 00123537 _____ () C:\Users\Myriam\Documents\Kühe.odt
2014-11-22 07:30 - 2014-11-22 07:36 - 01046283 _____ () C:\Users\Myriam\Documents\Schweine.odt
2014-11-21 14:01 - 2014-11-21 14:18 - 120739128 _____ (Landesfinanzdirektion Thüringen) C:\Users\Myriam\Downloads\ElsterFormular-15.3.20141106u.exe
2014-11-19 14:28 - 2014-11-19 14:28 - 00952124 _____ () C:\Users\Myriam\Desktop\Audi Schätzung Nov'14.odt
2014-11-19 13:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:22 - 2014-11-18 11:22 - 00494259 _____ () C:\Users\Myriam\Desktop\NADH.odt
2014-11-18 11:10 - 2014-11-18 11:16 - 00017058 _____ () C:\Users\Myriam\Desktop\Serotonin.odt
2014-11-15 21:45 - 2014-11-15 21:45 - 00004700 _____ () C:\Users\Myriam\Downloads\Lass deine Augen das Beste sehen.odt
2014-11-13 19:46 - 2014-11-13 19:46 - 00006569 _____ () C:\Users\Myriam\Documents\Impressum.odt
2014-11-13 12:55 - 2014-11-13 12:55 - 00000000 ____D () C:\Users\Myriam\Documents\Fax
2014-11-13 12:53 - 2014-11-13 12:53 - 00792796 _____ () C:\Users\Myriam\Documents\141114 veraltete Treiber.odt
2014-11-13 12:52 - 2014-11-13 12:52 - 00223511 _____ () C:\Users\Myriam\Documents\141114 Erstattung Trixie Maulschlaufe.odt
2014-11-13 12:24 - 2014-11-13 12:24 - 00003152 _____ () C:\Windows\System32\Tasks\{D4059A91-59EB-4BD4-8D46-E7191558AA7A}
2014-11-13 12:22 - 2014-11-13 12:54 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Vosteran
2014-11-13 12:16 - 2014-11-13 12:16 - 00000000 ____D () C:\Users\Myriam\Documents\PC Speed Maximizer
2014-11-13 12:13 - 2014-11-13 12:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-11-13 12:12 - 2014-11-13 12:12 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-11-13 12:10 - 2014-11-13 12:10 - 05798968 _____ (Innovative Solutions ) C:\Users\Myriam\Downloads\hp-treiber.exe
2014-11-13 12:10 - 2014-11-13 12:10 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 12:08 - 2014-11-13 12:08 - 00825248 _____ ( ) C:\Users\Myriam\Downloads\hp-treiber_setup.exe
2014-11-13 11:52 - 2014-11-13 12:12 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\DriverTurbo
2014-11-13 11:51 - 2014-11-13 11:52 - 00231952 _____ () C:\Users\Myriam\Downloads\DriverTurboSetup.exe
2014-11-12 06:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 06:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 22:54 - 2014-11-11 22:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-11 22:52 - 2014-11-11 22:54 - 13829880 _____ (Adobe Systems Inc.) C:\Users\Myriam\Downloads\Shockwave_Installer_Full.exe
2014-11-11 07:00 - 2014-11-11 07:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 11:57 - 2014-11-10 21:10 - 00005558 _____ () C:\Users\Myriam\Documents\Hundespiel.odt
2014-11-10 06:58 - 2014-11-10 06:58 - 00004809 _____ () C:\Users\Myriam\Documents\Kfz in der BF 6 Absatz 1 Nr.odt
2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\Users\Myriam\AppData\Local\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-11-09 10:10 - 2014-11-09 19:25 - 00005619 _____ () C:\Users\Myriam\Desktop\Liebe Devani.odt
2014-11-08 17:18 - 2014-11-08 17:18 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep
2014-11-08 12:45 - 2014-11-24 09:35 - 00000094 _____ () C:\Users\Myriam\AppData\Roaming\WB.CFG
2014-11-08 12:14 - 2014-11-23 11:47 - 00000000 ____D () C:\ProgramData\374311380
2014-11-08 12:12 - 2014-11-13 12:54 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-08 12:09 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\2fa710b654abf508
2014-11-08 12:09 - 2014-11-12 06:26 - 00000000 ____D () C:\ProgramData\downloaditkeep
2014-11-08 12:09 - 2014-11-08 12:09 - 00000000 ____D () C:\ProgramData\SaleItCoupon
2014-11-08 11:49 - 2014-11-08 12:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 11:45 - 2014-11-24 14:45 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-08 11:45 - 2014-11-08 11:45 - 00003240 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-11-08 11:45 - 2014-11-08 11:45 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\DigitalSites
2014-11-08 11:39 - 2014-11-13 12:15 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 11:39 - 2014-11-08 11:39 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-11-08 11:36 - 2014-11-13 13:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-11-08 11:36 - 2014-11-13 12:12 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 11:34 - 2014-11-08 11:34 - 00000000 ____D () C:\Users\Myriam\Documents\Optimizer Pro
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieUserList
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieSiteList
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files\PDFCreator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll
2014-11-08 11:25 - 2014-11-08 11:25 - 00812160 _____ ( ) C:\Users\Myriam\Downloads\PdfCreatorSetup.exe
2014-11-02 19:20 - 2014-11-02 19:22 - 00011776 ___SH () C:\Users\Myriam\Documents\Thumbs.db
2014-11-02 18:24 - 2014-11-02 19:18 - 58885280 _____ () C:\Users\Myriam\Documents\Gute Energie 141102 NutzenFußnote.pptx
2014-10-31 11:23 - 2014-10-31 11:24 - 05033168 _____ (Lenovo Group Limited ) C:\Users\Myriam\Downloads\a3ub03w7.exe
2014-10-31 07:12 - 2014-10-31 07:12 - 00000000 ____D () C:\ProgramData\EasyCash&Tax
2014-10-31 06:14 - 2014-11-20 21:32 - 00000000 ____D () C:\Users\Myriam\Documents\EC&T KontenDateien Einst
2014-10-30 22:33 - 2014-10-30 22:33 - 00003036 _____ () C:\Windows\System32\Tasks\{F21E1B53-A4BF-42A2-965F-D8F872357334}
2014-10-30 07:45 - 2014-10-30 08:19 - 00000000 ____D () C:\Users\Myriam\Programme
2014-10-29 21:58 - 2014-10-29 22:03 - 307709680 _____ () C:\Users\Myriam\Downloads\OJJ4500_Full_13.exe
2014-10-29 18:10 - 2014-10-29 18:10 - 00000000 ____D () C:\Users\Myriam\Documents\OneNote-Notizbücher
2014-10-29 12:17 - 2014-10-29 12:17 - 01825672 _____ () C:\Users\Myriam\Documents\141029 Erklärung Datenschutz.odt
2014-10-29 10:09 - 2014-10-29 10:09 - 00000000 ____D () C:\Users\Myriam\Downloads\Neuer Ordner
2014-10-29 09:37 - 2014-10-29 12:11 - 00043265 _____ () C:\Users\Myriam\Documents\Bild Löwe Regulus von Devani.odt
2014-10-28 11:32 - 2014-10-28 11:32 - 01189723 _____ () C:\Users\Myriam\Desktop\141028 Dame...Herr.odt
2014-10-27 09:28 - 2014-11-12 20:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-27 09:27 - 2014-11-12 20:55 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 15:26 - 2014-10-17 20:16 - 00000000 ____D () C:\Users\Myriam
2014-11-24 15:22 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Myriam\Documents\Outlook-Dateien
2014-11-24 14:35 - 2014-10-18 02:10 - 01751308 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 18:32 - 2009-07-14 05:51 - 00033196 _____ () C:\Windows\setupact.log
2014-11-23 12:21 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:21 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:19 - 2011-04-12 08:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-11-23 12:19 - 2011-04-12 08:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-11-23 12:19 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 12:14 - 2014-10-18 12:46 - 00222619 _____ () C:\Users\Myriam\AppData\Local\BTServer.log
2014-11-23 12:14 - 2010-11-21 04:47 - 00044576 _____ () C:\Windows\PFRO.log
2014-11-23 12:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 11:52 - 2014-04-26 08:21 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Betrieb
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-23 09:39 - 2014-10-18 13:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Adobe
2014-11-22 22:01 - 2014-10-20 13:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01AB2F2F-7029-49A9-8627-BE87BF065232}
2014-11-22 07:50 - 2014-10-21 12:59 - 00000000 ____D () C:\Users\Myriam\Documents\DVDVideoSoft
2014-11-20 19:41 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Microsoft Help
2014-11-19 14:21 - 2014-10-19 15:04 - 00000416 _____ () C:\Windows\BRWMARK.INI
2014-11-19 14:21 - 2014-10-19 15:04 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-11-14 16:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\EasyCash&Tax
2014-11-13 13:23 - 2014-10-20 15:21 - 00002480 _____ () C:\ProgramData\hpzinstall.log
2014-11-13 08:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 07:06 - 2014-10-18 13:04 - 00086552 _____ () C:\Users\Myriam\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 07:05 - 2009-07-14 05:45 - 00342576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 07:03 - 2014-10-20 08:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:02 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 06:26 - 2014-10-18 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 14:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 14:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
Some content of TEMP:
====================
C:\Users\Myriam\AppData\Local\Temp\18be6784_.exe
C:\Users\Myriam\AppData\Local\Temp\294823_.exe
C:\Users\Myriam\AppData\Local\Temp\6BDF3DD2-CCEB-FD7D-9453-9BAE6B457C58.dll
C:\Users\Myriam\AppData\Local\Temp\6BDF3DD2-CCEB-FD7D-9453-9BAE6B457C58.exe
C:\Users\Myriam\AppData\Local\Temp\8DC39D87-7260-3704-13E1-E3ED4E9AD4B9.exe
C:\Users\Myriam\AppData\Local\Temp\CloudBackup4115.exe
C:\Users\Myriam\AppData\Local\Temp\DllMonoCtrl.dll
C:\Users\Myriam\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Users\Myriam\AppData\Local\Temp\optprosetup.exe
C:\Users\Myriam\AppData\Local\Temp\scpCEE0.tmp.exe
C:\Users\Myriam\AppData\Local\Temp\scpDA0F.tmp.exe
C:\Users\Myriam\AppData\Local\Temp\sprz.exe
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite50142.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite57062.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite68303.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite75878.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite90450.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite98387.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-15 00:17
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-24 15:52:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM000-SSHD-8GB rev.LVD3 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Myriam\AppData\Local\Temp\ugdiypod.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Processes - GMER 2.1 ----
Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{969E367D-5C3C-4C43-9DE0-E39E52FBB8F2}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [940] (FILE NOT FOUND) 000007fefb930000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3060] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3132] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3232] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3312] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3348] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
---- EOF - GMER 2.1 ----
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:27 on 24/11/2014 (Myriam)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
25.11.2014, 15:58
| #5 |
| /// the machine /// TB-Ausbilder | Windows7: Ads by clickup Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.11.2014, 08:38
| #6 |
| | Windows7: Ads by clickup Hei.  und hier das nächste FileCombofix Logfile: Code:
ATTFilter ComboFix 14-11-25.01 - Myriam 25.11.2014 20:09:38.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4004.1993 [GMT 1:00]
ausgeführt von:: c:\users\Myriam\Desktop\TrojanerBoard\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\600440862
c:\programdata\600440862\BITD83E.tmp
c:\programdata\IePluginServices
c:\programdata\IePluginServices\PluginService.exe
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\{083ED59A-14A3-4949-93B0-3D6888673049}.xps
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F137B42A-F920-4F70-9AC9-AB3BBE3AE1D0}.xps
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrowseStudio_iels
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\EnterDigital_iels
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
-------\Service_IePluginServices
-------\Service_IePluginServices
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-25 bis 2014-11-25 ))))))))))))))))))))))))))))))
.
.
2014-11-25 19:14 . 2014-11-25 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-25 18:42 . 2014-11-25 18:42 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-11-25 07:26 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B44CAE7C-519C-46AD-A6E5-A08565E227E6}\mpengine.dll
2014-11-24 14:33 . 2014-11-24 14:49 -------- d-----w- C:\FRST
2014-11-24 07:17 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-23 09:06 . 2014-11-23 09:06 -------- d-----w- c:\users\Myriam\AppData\Roaming\QuickScan
2014-11-23 09:05 . 2014-11-23 11:13 -------- d-----w- c:\program files (x86)\PC Speed Up
2014-11-23 09:04 . 2014-11-23 09:04 -------- d-----w- c:\program files (x86)\predm
2014-11-23 09:03 . 2014-11-23 11:14 -------- d-----w- c:\programdata\TinyWallet
2014-11-23 09:03 . 2014-11-23 11:08 -------- d-----w- c:\program files (x86)\TinyWallet
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Myriam\AppData\Local\Chromatic Browser
2014-11-23 09:03 . 2014-11-23 09:26 -------- d-----w- c:\users\Myriam\AppData\Local\Google
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Myriam\AppData\Local\Torch
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Myriam\AppData\Local\Comodo
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\HomeGroupUser$
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Gast
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Administrator
2014-11-23 09:01 . 2014-11-02 09:35 268600 ----a-w- c:\windows\SysWow64\lsdprn.exe
2014-11-23 09:01 . 2014-11-23 11:09 -------- d-----w- c:\program files\shopperz
2014-11-23 08:47 . 2014-11-23 08:47 -------- d-----w- c:\users\Myriam\AppData\Local\globalUpdate
2014-11-23 08:46 . 2014-11-25 18:45 -------- d-----w- c:\users\Myriam\AppData\Local\BoBrowser
2014-11-23 08:44 . 2014-11-23 10:56 -------- d-----w- c:\program files (x86)\FLVM Player
2014-11-23 08:35 . 2014-11-23 08:35 -------- d-----w- C:\SmootherWeb
2014-11-23 08:35 . 2014-11-23 08:35 1831 ----a-w- c:\windows\patsearch.bin
2014-11-23 08:35 . 2014-11-23 11:14 -------- d-----w- c:\users\Myriam\AppData\Roaming\SmootherWeb
2014-11-21 19:27 . 2014-11-21 19:27 -------- d-----w- c:\windows\SysWow64\Wat
2014-11-21 19:27 . 2014-11-21 19:27 -------- d-----w- c:\windows\system32\Wat
2014-11-21 12:08 . 2014-09-10 14:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32681454-5B44-4861-9D3D-A97E38BB6508}\gapaengine.dll
2014-11-19 12:34 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 12:34 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 12:34 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 12:34 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-19 09:20 . 2014-11-19 09:20 -------- d-----w- c:\users\Myriam\AppData\Local\ElevatedDiagnostics
2014-11-13 11:22 . 2014-11-13 11:54 -------- d-----w- c:\users\Myriam\AppData\Local\Vosteran
2014-11-13 11:10 . 2014-11-13 11:10 -------- d-sh--w- c:\users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 10:52 . 2014-11-13 11:12 -------- d-----w- c:\users\Myriam\AppData\Roaming\DriverTurbo
2014-11-12 05:53 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 05:53 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 05:53 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 05:53 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 05:53 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 05:53 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 05:53 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-12 05:53 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 05:53 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 05:53 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-12 05:53 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-12 05:53 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-11 21:54 . 2014-11-11 21:54 -------- d-----w- c:\windows\SysWow64\Adobe
2014-11-09 18:42 . 2014-11-09 18:42 -------- d-----w- c:\users\Myriam\AppData\Local\PDF24
2014-11-09 18:41 . 2014-11-09 18:41 -------- d-----w- c:\program files (x86)\PDF24
2014-11-08 16:18 . 2014-11-08 16:18 -------- d-----w- c:\program files (x86)\downloaditkeep
2014-11-08 11:12 . 2014-11-13 11:54 -------- d-----w- c:\windows\system32\appmgmt
2014-11-08 11:09 . 2014-11-12 05:26 -------- d-----w- c:\programdata\downloaditkeep
2014-11-08 11:09 . 2014-11-23 11:08 -------- d-----w- c:\programdata\2fa710b654abf508
2014-11-08 10:49 . 2014-11-08 11:03 -------- d-----w- c:\users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 10:45 . 2014-11-08 10:45 -------- d-----w- c:\users\Myriam\AppData\Roaming\DigitalSites
2014-11-08 10:39 . 2014-11-08 10:39 -------- d-----w- c:\programdata\SlimWare Utilities Inc
2014-11-08 10:39 . 2014-11-13 11:15 -------- d-----w- c:\users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 10:36 . 2014-11-13 11:12 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-11-08 10:36 . 2014-11-08 10:36 -------- d-----w- c:\users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 10:36 . 2014-11-13 12:01 -------- d-----w- c:\program files (x86)\DriverUpdate
2014-11-08 10:31 . 2014-11-08 10:31 -------- d-sh--w- c:\users\Myriam\AppData\Local\EmieUserList
2014-11-08 10:31 . 2014-11-08 10:31 -------- d-sh--w- c:\users\Myriam\AppData\Local\EmieSiteList
2014-11-08 10:29 . 2014-11-08 10:29 -------- d-----w- c:\program files (x86)\GPLGS
2014-11-08 10:29 . 2011-10-04 20:43 87552 ----a-w- c:\windows\system32\custmon64i.dll
2014-11-08 10:29 . 2014-11-08 10:29 -------- d-----w- c:\program files\PDFCreator
2014-11-08 10:29 . 2014-11-08 10:29 -------- d-----w- c:\program files (x86)\PDF Creator
2014-11-02 13:56 . 2014-09-10 14:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-10-31 06:12 . 2014-10-31 06:12 -------- d-----w- c:\programdata\EasyCash&Tax
2014-10-31 05:00 . 2014-10-31 05:00 -------- d-----w- c:\users\Myriam\AppData\Local\Diagnostics
2014-10-30 06:45 . 2014-10-30 07:19 -------- d-----w- c:\users\Myriam\Programme
2014-10-27 08:28 . 2014-11-12 19:57 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-20 06:32 . 2014-10-20 06:32 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-20 06:32 . 2014-10-20 06:32 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 06:29 . 2014-10-20 06:29 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-10-20 06:29 . 2014-10-20 06:29 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-10-20 06:29 . 2014-10-20 06:29 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-10-20 06:29 . 2014-10-20 06:29 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-10-20 06:29 . 2014-10-20 06:29 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-10-20 06:29 . 2014-10-20 06:29 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-10-20 06:29 . 2014-10-20 06:29 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-10-20 06:29 . 2014-10-20 06:29 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-10-20 06:29 . 2014-10-20 06:29 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-10-20 06:29 . 2014-10-20 06:29 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-10-20 06:29 . 2014-10-20 06:29 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-10-20 06:29 . 2014-10-20 06:29 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-10-20 06:29 . 2014-10-20 06:29 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-10-20 06:29 . 2014-10-20 06:29 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-10-20 06:29 . 2014-10-20 06:29 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-10-20 06:29 . 2014-10-20 06:29 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-10-20 06:29 . 2014-10-20 06:29 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-10-20 06:29 . 2014-10-20 06:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-10-20 06:29 . 2014-10-20 06:29 247808 ----a-w- c:\windows\system32\msls31.dll
2014-10-20 06:29 . 2014-10-20 06:29 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-10-20 06:29 . 2014-10-20 06:29 81408 ----a-w- c:\windows\system32\icardie.dll
2014-10-20 06:29 . 2014-10-20 06:29 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-10-20 06:29 . 2014-10-20 06:29 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-10-20 06:29 . 2014-10-20 06:29 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-10-20 06:29 . 2014-10-20 06:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-10-20 06:29 . 2014-10-20 06:29 413696 ----a-w- c:\windows\system32\html.iec
2014-10-20 06:29 . 2014-10-20 06:29 235520 ----a-w- c:\windows\system32\url.dll
2014-10-20 06:29 . 2014-10-20 06:29 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-10-20 06:29 . 2014-10-20 06:29 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-10-20 06:29 . 2014-10-20 06:29 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-10-20 06:29 . 2014-10-20 06:29 774144 ----a-w- c:\windows\system32\jscript.dll
2014-10-20 06:29 . 2014-10-20 06:29 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-10-20 06:29 . 2014-10-20 06:29 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-10-20 06:29 . 2014-10-20 06:29 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-10-20 06:29 . 2014-10-20 06:29 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-10-20 06:29 . 2014-10-20 06:29 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-10-20 06:29 . 2014-10-20 06:29 147968 ----a-w- c:\windows\system32\occache.dll
2014-10-20 06:29 . 2014-10-20 06:29 143872 ----a-w- c:\windows\system32\wextract.exe
2014-10-20 06:29 . 2014-10-20 06:29 13824 ----a-w- c:\windows\system32\mshta.exe
2014-10-20 06:29 . 2014-10-20 06:29 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-10-20 06:29 . 2014-10-20 06:29 101376 ----a-w- c:\windows\system32\inseng.dll
2014-10-20 06:17 . 2014-10-20 06:17 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-10-20 06:17 . 2014-10-20 06:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-10-20 06:17 . 2014-10-20 06:17 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-10-20 06:17 . 2014-10-20 06:17 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-10-20 06:17 . 2014-10-20 06:17 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-10-20 06:17 . 2014-10-20 06:17 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-10-20 06:17 . 2014-10-20 06:17 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-10-20 06:17 . 2014-10-20 06:17 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-10-20 06:17 . 2014-10-20 06:17 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-10-20 06:17 . 2014-10-20 06:17 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-10-20 06:17 . 2014-10-20 06:17 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-10-20 06:17 . 2014-10-20 06:17 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-10-20 06:17 . 2014-10-20 06:17 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-10-20 06:17 . 2014-10-20 06:17 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-10-20 06:17 . 2014-10-20 06:17 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-10-20 06:17 . 2014-10-20 06:17 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-10-20 06:17 . 2014-10-20 06:17 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-10-20 06:17 . 2014-10-20 06:17 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-10-20 06:17 . 2014-10-20 06:17 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-10-20 06:17 . 2014-10-20 06:17 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-10-20 06:17 . 2014-10-20 06:17 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-10-20 06:17 . 2014-10-20 06:17 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-10-20 06:17 . 2014-10-20 06:17 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-09-25 02:08 . 2014-10-19 18:49 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-19 18:49 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-10-19 14:17 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-10-19 14:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-18 12:21 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-18 12:21 372736 ----a-w- c:\windows\SysWow64\rastls.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smoother"="c:\users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe" [2014-08-27 489651]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-09 292848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 51cdb72;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 lsdprn;lsdprn;c:\windows\SysWOW64\lsdprn.exe;c:\windows\SysWOW64\lsdprn.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 RtkBleServ;RtkBleServ;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-02-24 13667032]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-08 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-08 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-08 770544]
"UMonit64"="c:\windows\SysWOW64\UMonit64.exe" [2014-01-06 53248]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2014-01-06 216064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49203;https=127.0.0.1:49203
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.autoDisableScopes - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-mbot_de_300 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-25 20:21:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-25 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 439.494.656.000 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 444.138.037.248 Bytes frei
.
- - End Of File - - F39FC958338F3EFA5A13B7CDE4AD7361
5FB38429D5D77768867C76DCBDB35194 [/CODE]  es gab Gemecker  wg Security Essentials 2 mal (screen shots gamacht) weitergeklickt lief.  akut Ruhe vor den Quälgeistern in Mozilla mit dem Revo Uninstaller habe ich auch das Clickup-Programm weggeputzt.Combofix Logfile: Code:
ATTFilter ComboFix 14-11-25.01 - Myriam 25.11.2014 20:09:38.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4004.1993 [GMT 1:00]
ausgeführt von:: c:\users\Myriam\Desktop\TrojanerBoard\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\600440862
c:\programdata\600440862\BITD83E.tmp
c:\programdata\IePluginServices
c:\programdata\IePluginServices\PluginService.exe
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\{083ED59A-14A3-4949-93B0-3D6888673049}.xps
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F137B42A-F920-4F70-9AC9-AB3BBE3AE1D0}.xps
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrowseStudio_iels
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\EnterDigital_iels
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
-------\Service_IePluginServices
-------\Service_IePluginServices
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-25 bis 2014-11-25 ))))))))))))))))))))))))))))))
.
.
2014-11-25 19:14 . 2014-11-25 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-25 18:42 . 2014-11-25 18:42 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-11-25 07:26 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B44CAE7C-519C-46AD-A6E5-A08565E227E6}\mpengine.dll
2014-11-24 14:33 . 2014-11-24 14:49 -------- d-----w- C:\FRST
2014-11-24 07:17 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-23 09:06 . 2014-11-23 09:06 -------- d-----w- c:\users\Myriam\AppData\Roaming\QuickScan
2014-11-23 09:05 . 2014-11-23 11:13 -------- d-----w- c:\program files (x86)\PC Speed Up
2014-11-23 09:04 . 2014-11-23 09:04 -------- d-----w- c:\program files (x86)\predm
2014-11-23 09:03 . 2014-11-23 11:14 -------- d-----w- c:\programdata\TinyWallet
2014-11-23 09:03 . 2014-11-23 11:08 -------- d-----w- c:\program files (x86)\TinyWallet
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Myriam\AppData\Local\Chromatic Browser
2014-11-23 09:03 . 2014-11-23 09:26 -------- d-----w- c:\users\Myriam\AppData\Local\Google
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Myriam\AppData\Local\Torch
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Myriam\AppData\Local\Comodo
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\HomeGroupUser$
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Gast
2014-11-23 09:03 . 2014-11-23 09:03 -------- d-----w- c:\users\Administrator
2014-11-23 09:01 . 2014-11-02 09:35 268600 ----a-w- c:\windows\SysWow64\lsdprn.exe
2014-11-23 09:01 . 2014-11-23 11:09 -------- d-----w- c:\program files\shopperz
2014-11-23 08:47 . 2014-11-23 08:47 -------- d-----w- c:\users\Myriam\AppData\Local\globalUpdate
2014-11-23 08:46 . 2014-11-25 18:45 -------- d-----w- c:\users\Myriam\AppData\Local\BoBrowser
2014-11-23 08:44 . 2014-11-23 10:56 -------- d-----w- c:\program files (x86)\FLVM Player
2014-11-23 08:35 . 2014-11-23 08:35 -------- d-----w- C:\SmootherWeb
2014-11-23 08:35 . 2014-11-23 08:35 1831 ----a-w- c:\windows\patsearch.bin
2014-11-23 08:35 . 2014-11-23 11:14 -------- d-----w- c:\users\Myriam\AppData\Roaming\SmootherWeb
2014-11-21 19:27 . 2014-11-21 19:27 -------- d-----w- c:\windows\SysWow64\Wat
2014-11-21 19:27 . 2014-11-21 19:27 -------- d-----w- c:\windows\system32\Wat
2014-11-21 12:08 . 2014-09-10 14:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32681454-5B44-4861-9D3D-A97E38BB6508}\gapaengine.dll
2014-11-19 12:34 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 12:34 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 12:34 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 12:34 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-19 09:20 . 2014-11-19 09:20 -------- d-----w- c:\users\Myriam\AppData\Local\ElevatedDiagnostics
2014-11-13 11:22 . 2014-11-13 11:54 -------- d-----w- c:\users\Myriam\AppData\Local\Vosteran
2014-11-13 11:10 . 2014-11-13 11:10 -------- d-sh--w- c:\users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 10:52 . 2014-11-13 11:12 -------- d-----w- c:\users\Myriam\AppData\Roaming\DriverTurbo
2014-11-12 05:53 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 05:53 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 05:53 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 05:53 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 05:53 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 05:53 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 05:53 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-12 05:53 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 05:53 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 05:53 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-12 05:53 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-12 05:53 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-11 21:54 . 2014-11-11 21:54 -------- d-----w- c:\windows\SysWow64\Adobe
2014-11-09 18:42 . 2014-11-09 18:42 -------- d-----w- c:\users\Myriam\AppData\Local\PDF24
2014-11-09 18:41 . 2014-11-09 18:41 -------- d-----w- c:\program files (x86)\PDF24
2014-11-08 16:18 . 2014-11-08 16:18 -------- d-----w- c:\program files (x86)\downloaditkeep
2014-11-08 11:12 . 2014-11-13 11:54 -------- d-----w- c:\windows\system32\appmgmt
2014-11-08 11:09 . 2014-11-12 05:26 -------- d-----w- c:\programdata\downloaditkeep
2014-11-08 11:09 . 2014-11-23 11:08 -------- d-----w- c:\programdata\2fa710b654abf508
2014-11-08 10:49 . 2014-11-08 11:03 -------- d-----w- c:\users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 10:45 . 2014-11-08 10:45 -------- d-----w- c:\users\Myriam\AppData\Roaming\DigitalSites
2014-11-08 10:39 . 2014-11-08 10:39 -------- d-----w- c:\programdata\SlimWare Utilities Inc
2014-11-08 10:39 . 2014-11-13 11:15 -------- d-----w- c:\users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 10:36 . 2014-11-13 11:12 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-11-08 10:36 . 2014-11-08 10:36 -------- d-----w- c:\users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 10:36 . 2014-11-13 12:01 -------- d-----w- c:\program files (x86)\DriverUpdate
2014-11-08 10:31 . 2014-11-08 10:31 -------- d-sh--w- c:\users\Myriam\AppData\Local\EmieUserList
2014-11-08 10:31 . 2014-11-08 10:31 -------- d-sh--w- c:\users\Myriam\AppData\Local\EmieSiteList
2014-11-08 10:29 . 2014-11-08 10:29 -------- d-----w- c:\program files (x86)\GPLGS
2014-11-08 10:29 . 2011-10-04 20:43 87552 ----a-w- c:\windows\system32\custmon64i.dll
2014-11-08 10:29 . 2014-11-08 10:29 -------- d-----w- c:\program files\PDFCreator
2014-11-08 10:29 . 2014-11-08 10:29 -------- d-----w- c:\program files (x86)\PDF Creator
2014-11-02 13:56 . 2014-09-10 14:30 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-10-31 06:12 . 2014-10-31 06:12 -------- d-----w- c:\programdata\EasyCash&Tax
2014-10-31 05:00 . 2014-10-31 05:00 -------- d-----w- c:\users\Myriam\AppData\Local\Diagnostics
2014-10-30 06:45 . 2014-10-30 07:19 -------- d-----w- c:\users\Myriam\Programme
2014-10-27 08:28 . 2014-11-12 19:57 -------- d-----w- c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-20 06:32 . 2014-10-20 06:32 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-20 06:32 . 2014-10-20 06:32 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 06:29 . 2014-10-20 06:29 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-10-20 06:29 . 2014-10-20 06:29 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-10-20 06:29 . 2014-10-20 06:29 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-10-20 06:29 . 2014-10-20 06:29 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-10-20 06:29 . 2014-10-20 06:29 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-10-20 06:29 . 2014-10-20 06:29 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-10-20 06:29 . 2014-10-20 06:29 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-10-20 06:29 . 2014-10-20 06:29 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-10-20 06:29 . 2014-10-20 06:29 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-10-20 06:29 . 2014-10-20 06:29 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-10-20 06:29 . 2014-10-20 06:29 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-10-20 06:29 . 2014-10-20 06:29 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-10-20 06:29 . 2014-10-20 06:29 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-10-20 06:29 . 2014-10-20 06:29 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-10-20 06:29 . 2014-10-20 06:29 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-10-20 06:29 . 2014-10-20 06:29 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-10-20 06:29 . 2014-10-20 06:29 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-10-20 06:29 . 2014-10-20 06:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-10-20 06:29 . 2014-10-20 06:29 247808 ----a-w- c:\windows\system32\msls31.dll
2014-10-20 06:29 . 2014-10-20 06:29 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-10-20 06:29 . 2014-10-20 06:29 81408 ----a-w- c:\windows\system32\icardie.dll
2014-10-20 06:29 . 2014-10-20 06:29 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-10-20 06:29 . 2014-10-20 06:29 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-10-20 06:29 . 2014-10-20 06:29 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-10-20 06:29 . 2014-10-20 06:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-10-20 06:29 . 2014-10-20 06:29 413696 ----a-w- c:\windows\system32\html.iec
2014-10-20 06:29 . 2014-10-20 06:29 235520 ----a-w- c:\windows\system32\url.dll
2014-10-20 06:29 . 2014-10-20 06:29 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-10-20 06:29 . 2014-10-20 06:29 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-10-20 06:29 . 2014-10-20 06:29 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-10-20 06:29 . 2014-10-20 06:29 774144 ----a-w- c:\windows\system32\jscript.dll
2014-10-20 06:29 . 2014-10-20 06:29 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-10-20 06:29 . 2014-10-20 06:29 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-10-20 06:29 . 2014-10-20 06:29 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-10-20 06:29 . 2014-10-20 06:29 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-10-20 06:29 . 2014-10-20 06:29 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-10-20 06:29 . 2014-10-20 06:29 147968 ----a-w- c:\windows\system32\occache.dll
2014-10-20 06:29 . 2014-10-20 06:29 143872 ----a-w- c:\windows\system32\wextract.exe
2014-10-20 06:29 . 2014-10-20 06:29 13824 ----a-w- c:\windows\system32\mshta.exe
2014-10-20 06:29 . 2014-10-20 06:29 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-10-20 06:29 . 2014-10-20 06:29 101376 ----a-w- c:\windows\system32\inseng.dll
2014-10-20 06:17 . 2014-10-20 06:17 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-10-20 06:17 . 2014-10-20 06:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-10-20 06:17 . 2014-10-20 06:17 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-10-20 06:17 . 2014-10-20 06:17 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-10-20 06:17 . 2014-10-20 06:17 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-10-20 06:17 . 2014-10-20 06:17 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-10-20 06:17 . 2014-10-20 06:17 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-10-20 06:17 . 2014-10-20 06:17 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-10-20 06:17 . 2014-10-20 06:17 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-10-20 06:17 . 2014-10-20 06:17 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-10-20 06:17 . 2014-10-20 06:17 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-10-20 06:17 . 2014-10-20 06:17 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-10-20 06:17 . 2014-10-20 06:17 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-10-20 06:17 . 2014-10-20 06:17 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-10-20 06:17 . 2014-10-20 06:17 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-10-20 06:17 . 2014-10-20 06:17 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-10-20 06:17 . 2014-10-20 06:17 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-10-20 06:17 . 2014-10-20 06:17 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-10-20 06:17 . 2014-10-20 06:17 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-10-20 06:17 . 2014-10-20 06:17 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-10-20 06:17 . 2014-10-20 06:17 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-10-20 06:17 . 2014-10-20 06:17 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-10-20 06:17 . 2014-10-20 06:17 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-09-25 02:08 . 2014-10-19 18:49 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-19 18:49 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-10-19 14:17 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-10-19 14:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-18 12:21 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-18 12:21 372736 ----a-w- c:\windows\SysWow64\rastls.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smoother"="c:\users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe" [2014-08-27 489651]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-09 292848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 51cdb72;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 lsdprn;lsdprn;c:\windows\SysWOW64\lsdprn.exe;c:\windows\SysWOW64\lsdprn.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 RtkBleServ;RtkBleServ;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-02-24 13667032]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-08 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-08 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-08 770544]
"UMonit64"="c:\windows\SysWOW64\UMonit64.exe" [2014-01-06 53248]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2014-01-06 216064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49203;https=127.0.0.1:49203
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.autoDisableScopes - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-mbot_de_300 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-25 20:21:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-25 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 439.494.656.000 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 444.138.037.248 Bytes frei
.
- - End Of File - - F39FC958338F3EFA5A13B7CDE4AD7361
5FB38429D5D77768867C76DCBDB35194 Es gab 2 mal Gemecker wegen Security Essentials obwohl abgeschaltet (screenshots gemacht). weggeklickt, lief dann weiter  Habe mit Revo Uninstaller auch Clickup weggemacht  Sieht so aus als wären die Quälgeister aus dem Mozilla verschwunden. happy. war's das (schon) ? LG MyBGuten Morgen.  Das war es wohl doch noch nicht.  Der Rechner ist merkwürdig langsam. Ob es dazu noch eine Idee geben wird? warte jetzt mit Geduld  der Zustand ist im Moment arbeitstauglich.spendentechnisch: ich darf soviel wie ich kann? ich mach mal jetzt so und in einigen Wochen sieht das wohl anders aus für einen Nachschlag. |
|
26.11.2014, 21:42
| #7 |
| /// the machine /// TB-Ausbilder | Windows7: Ads by clickup Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2014, 17:50
| #8 |
| | Windows7: Ads by clickup Hei Schrauber Danke für letzten Einsatz. Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.11.2014 Suchlauf-Zeit: 16:42:04 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.09.19.05 Rootkit Datenbank: v2014.09.18.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Myriam Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 365158 Verstrichene Zeit: 5 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 16 PUP.Optional.Astromenda, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [176a13dcbcbf4aec3df3385047bb649c], PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [176a13dcbcbf4aec3df3385047bb649c], PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [9ee3ee01bdbeff3795a64cbeb350847c], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [146d787704778da9fd09d9964cb82ad6], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [770aa24d6813d165b812ef19798a3ec2], PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [7d0435baaecd11252850342f9e6629d7], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [9ce54ca3aad1de58b273b65bde25c33d], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [bfc230bf7ffcb48266c732401ee6c63a], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [4c35ae412e4da98d2c0277fbdd2728d8], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [295831beb1ca3bfb00c9c04862a1fe02], PUP.Optional.RocketTab.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, In Quarantäne, [dca523ccdba00135f13b6e9854af956b], PUP.Optional.WebSearches.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [daa7b8370a71a690afd79773838031cf], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [fb86797653282313c89882f0aa5aab55], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [3c45ba35a3d860d6fe9a93a5e023966a], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [87fa5d923d3e39fd39bfa4aa51b3e41c], PUP.Optional.SuperFish.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [770a29c62853270f19e2bf55d03328d8], Registrierungswerte: 4 PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [9ce54ca3aad1de58b273b65bde25c33d] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [295831beb1ca3bfb00c9c04862a1fe02] PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X1L1C1C1J2Z, In Quarantäne, [87fa5d923d3e39fd39bfa4aa51b3e41c] PUP.Optional.RocketTab.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, In Quarantäne, [99e8ea055427b77ff43734d27e85d52b] Registrierungsdaten: 2 PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}),Ersetzt,[9fe2d51a1a61999d25fcfc0a689d29d7] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}),Ersetzt,[1d64b03f215af83e4eb36a91ab5917e9] Ordner: 4 PUP.Optional.OpenCandy, C:\Users\Myriam\AppData\Roaming\OpenCandy, In Quarantäne, [e9984fa07803b6809d3beaebbe44ee12], PUP.Optional.OpenCandy, C:\Users\Myriam\AppData\Roaming\OpenCandy\C4261B085315468781EE4FE40A45F062, In Quarantäne, [e9984fa07803b6809d3beaebbe44ee12], PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], PUP.Optional.FLVMPlayer, C:\Program Files (x86)\FLVM Player, In Quarantäne, [542d28c75526c86ee8a759a3788aa957], Dateien: 8 PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, In Quarantäne, [a3ded8179edda98dd35b42c451b214ec], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, In Quarantäne, [027f16d9c8b35cda45e93acc976cc040], PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], PUP.Optional.CrossRider.A, C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "149dbdf633a22df1d0c10ca4a47389cf");), Ersetzt,[aed35798275474c219cd46f2e61f0cf4] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 27/11/2014 um 17:01:24
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-23.7 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Myriam - MYRIAM-PC
# Gestartet von : C:\Users\Myriam\Downloads\AdwCleaner_4.102.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : lsdprn
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\SmootherWeb
Ordner Gelöscht : C:\ProgramData\2fa710b654abf508
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files\shopperz
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\torch
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\BoBrowser
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\Vosteran
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\SmootherWeb
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\DriverTurbo
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
Ordner Gelöscht : C:\Users\Myriam\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Myriam\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Windows\SysWOW64\lsdprn.exe
Datei Gelöscht : C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\user.js
***** [ Tasks ] *****
Task Gelöscht : LaunchSignup
Task Gelöscht : RocketTab Update Task
Task Gelöscht : RocketTab
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [smoother]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Search Extensions
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\Vosteran Browser
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmootherWeb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v33.1 (x86 de)
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.90222mP2MQd2mmsO.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.RaNsBqoaFFLu3fWs.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "149dbdf633a22df1d0c10ca4a47389cf");
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutC[...]
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1Czu[...]
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1C[...]
-\\ Google Chrome v
-\\ Comodo Dragon v
*************************
AdwCleaner[R0].txt - [12320 octets] - [27/11/2014 16:59:51]
AdwCleaner[S0].txt - [11589 octets] - [27/11/2014 17:01:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11650 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Professional x64
Ran by Myriam on 27.11.2014 at 17:12:09,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\downloaditkeep
~~~ FireFox
Emptied folder: C:\Users\Myriam\AppData\Roaming\mozilla\firefox\profiles\1zn4v21r.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.11.2014 at 17:15:49,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01 Ran by Myriam (administrator) on MYRIAM-PC on 27-11-2014 17:24:00 Running from C:\Users\Myriam\Desktop\TrojanerBoard Loaded Profile: Myriam (Available profiles: Myriam) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Windows\SysWOW64\UMonit64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [53248 2014-01-06] () HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE160AC8BCAEACF01 HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default FF DefaultSearchEngine: Yahoo FF SelectedSearchEngine: Yahoo FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\searchplugins\ixquick-https.xml FF Extension: Firefox Booster - C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi [2014-11-27] FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed] R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed] S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-02-18] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-02-20] (Realtek Semiconductor Corporation ) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-13] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-27 17:15 - 2014-11-27 17:15 - 00000822 _____ () C:\Users\Myriam\Desktop\JRT.txt 2014-11-27 17:12 - 2014-11-27 17:12 - 00000000 ____D () C:\Windows\ERUNT 2014-11-27 17:10 - 2014-11-27 17:11 - 01707532 _____ (Thisisu) C:\Users\Myriam\Downloads\JRT.exe 2014-11-27 17:10 - 2014-11-27 17:10 - 00011743 _____ () C:\Users\Myriam\Desktop\AdwCleaner[S0].txt 2014-11-27 16:59 - 2014-11-27 17:01 - 00000000 ____D () C:\AdwCleaner 2014-11-27 16:58 - 2014-11-27 16:58 - 02148864 _____ () C:\Users\Myriam\Downloads\AdwCleaner_4.102.exe 2014-11-27 16:57 - 2014-11-27 16:57 - 00007055 _____ () C:\Users\Myriam\Desktop\mbam.txt 2014-11-27 16:41 - 2014-11-27 17:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-27 16:41 - 2014-11-27 16:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-27 16:41 - 2014-11-27 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-27 16:40 - 2014-11-27 16:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-27 16:40 - 2014-11-27 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-27 16:40 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-27 16:40 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-27 16:40 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-27 16:35 - 2014-11-27 16:38 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Myriam\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-27 14:40 - 2014-11-27 14:40 - 00001139 _____ () C:\Users\Myriam\Desktop\Dagmar Strack-Bidinger - Verknüpfung.lnk 2014-11-25 21:23 - 2014-11-25 21:23 - 00178447 _____ () C:\Users\Myriam\Desktop\Allgemeine Smiley1.odt 2014-11-25 21:22 - 2014-11-25 21:22 - 00178429 _____ () C:\Users\Myriam\Desktop\Allgemeine Smileys.odt 2014-11-25 20:21 - 2014-11-25 20:21 - 00040694 _____ () C:\ComboFix.txt 2014-11-25 20:08 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-25 20:08 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-25 20:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-25 20:03 - 2014-11-25 20:21 - 00000000 ____D () C:\Qoobox 2014-11-25 20:03 - 2014-11-25 20:20 - 00000000 ____D () C:\Windows\erdnt 2014-11-25 19:42 - 2014-11-25 19:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-24 15:33 - 2014-11-27 17:24 - 00000000 ____D () C:\FRST 2014-11-24 15:29 - 2014-11-27 17:24 - 00000000 ____D () C:\Users\Myriam\Desktop\TrojanerBoard 2014-11-24 15:26 - 2014-11-24 15:26 - 00000000 _____ () C:\Users\Myriam\defogger_reenable 2014-11-23 10:06 - 2014-11-23 10:06 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\QuickScan 2014-11-23 10:03 - 2014-11-27 17:03 - 00000442 __RSH () C:\ProgramData\ntuser.pol 2014-11-23 10:03 - 2014-11-23 12:14 - 00000000 ____D () C:\ProgramData\TinyWallet 2014-11-23 10:03 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\TinyWallet 2014-11-23 10:03 - 2014-11-23 10:26 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Google 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Comodo 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator 2014-11-23 09:48 - 2014-11-23 09:48 - 00003150 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser 2014-11-23 09:35 - 2014-11-23 09:35 - 00001831 _____ () C:\Windows\patsearch.bin 2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf 2014-11-22 14:53 - 2014-11-22 14:53 - 09665384 _____ () C:\Users\Myriam\Documents\Regale voller GoldBarren Focus online.odt 2014-11-22 07:34 - 2014-11-22 07:34 - 00123537 _____ () C:\Users\Myriam\Documents\Kühe.odt 2014-11-22 07:30 - 2014-11-22 07:36 - 01046283 _____ () C:\Users\Myriam\Documents\Schweine.odt 2014-11-19 14:28 - 2014-11-19 14:28 - 00952124 _____ () C:\Users\Myriam\Desktop\Audi Schätzung Nov'14.odt 2014-11-19 13:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 13:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 13:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 13:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-18 11:22 - 2014-11-18 11:22 - 00494259 _____ () C:\Users\Myriam\Desktop\NADH.odt 2014-11-18 11:10 - 2014-11-18 11:16 - 00017058 _____ () C:\Users\Myriam\Desktop\Serotonin.odt 2014-11-15 21:45 - 2014-11-15 21:45 - 00004700 _____ () C:\Users\Myriam\Downloads\Lass deine Augen das Beste sehen.odt 2014-11-13 19:46 - 2014-11-13 19:46 - 00006569 _____ () C:\Users\Myriam\Documents\Impressum.odt 2014-11-13 12:55 - 2014-11-13 12:55 - 00000000 ____D () C:\Users\Myriam\Documents\Fax 2014-11-13 12:53 - 2014-11-13 12:53 - 00792796 _____ () C:\Users\Myriam\Documents\141114 veraltete Treiber.odt 2014-11-13 12:52 - 2014-11-13 12:52 - 00223511 _____ () C:\Users\Myriam\Documents\141114 Erstattung Trixie Maulschlaufe.odt 2014-11-13 12:24 - 2014-11-13 12:24 - 00003152 _____ () C:\Windows\System32\Tasks\{D4059A91-59EB-4BD4-8D46-E7191558AA7A} 2014-11-13 12:10 - 2014-11-13 12:10 - 05798968 _____ (Innovative Solutions ) C:\Users\Myriam\Downloads\hp-treiber.exe 2014-11-13 12:10 - 2014-11-13 12:10 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieBrowserModeList 2014-11-13 12:08 - 2014-11-13 12:08 - 00825248 _____ ( ) C:\Users\Myriam\Downloads\hp-treiber_setup.exe 2014-11-12 06:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 06:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 06:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 06:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 06:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 06:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 06:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 06:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 06:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 06:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 06:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 06:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 06:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 06:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 06:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 06:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 06:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 06:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 06:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 06:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 06:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 06:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 06:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 06:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 06:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 06:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 06:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 06:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 06:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 06:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 06:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 06:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 06:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 06:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 06:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 06:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 06:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 06:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 06:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 06:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 06:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 06:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 06:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 06:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 06:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 06:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 06:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 06:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 06:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 06:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 06:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 06:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 06:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 06:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 06:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 06:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 06:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 06:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 06:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 06:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 06:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 06:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 06:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 06:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 06:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 06:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 06:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 06:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 06:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 06:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 06:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 06:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 06:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 06:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 06:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 06:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 06:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 06:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 06:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 06:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 06:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 06:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 06:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 06:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 06:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 06:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 06:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 06:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 06:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-11 22:54 - 2014-11-11 22:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-11-11 07:00 - 2014-11-11 07:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 11:57 - 2014-11-10 21:10 - 00005558 _____ () C:\Users\Myriam\Documents\Hundespiel.odt 2014-11-10 06:58 - 2014-11-10 06:58 - 00004809 _____ () C:\Users\Myriam\Documents\Kfz in der BF 6 Absatz 1 Nr.odt 2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\Users\Myriam\AppData\Local\PDF24 2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-11-09 10:10 - 2014-11-09 19:25 - 00005619 _____ () C:\Users\Myriam\Desktop\Liebe Devani.odt 2014-11-08 17:18 - 2014-11-08 17:18 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep 2014-11-08 12:45 - 2014-11-25 08:15 - 00000085 _____ () C:\Users\Myriam\AppData\Roaming\WB.CFG 2014-11-08 12:12 - 2014-11-13 12:54 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-11-08 11:49 - 2014-11-08 12:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\CUSTPDF Writer 2014-11-08 11:39 - 2014-11-13 12:15 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Downloaded Installers 2014-11-08 11:39 - 2014-11-08 11:39 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc 2014-11-08 11:36 - 2014-11-13 13:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate 2014-11-08 11:36 - 2014-11-13 12:12 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Myriam\AppData\Local\SlimWare Utilities Inc 2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieUserList 2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieSiteList 2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator 2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files\PDFCreator 2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\PDF Creator 2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\GPLGS 2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll 2014-11-08 11:25 - 2014-11-08 11:25 - 00812160 _____ ( ) C:\Users\Myriam\Downloads\PdfCreatorSetup.exe 2014-11-02 19:20 - 2014-11-02 19:22 - 00011776 ___SH () C:\Users\Myriam\Documents\Thumbs.db 2014-11-02 18:24 - 2014-11-02 19:18 - 58885280 _____ () C:\Users\Myriam\Documents\Gute Energie 141102 NutzenFußnote.pptx 2014-10-31 11:23 - 2014-10-31 11:24 - 05033168 _____ (Lenovo Group Limited ) C:\Users\Myriam\Downloads\a3ub03w7.exe 2014-10-31 07:12 - 2014-10-31 07:12 - 00000000 ____D () C:\ProgramData\EasyCash&Tax 2014-10-31 06:14 - 2014-11-20 21:32 - 00000000 ____D () C:\Users\Myriam\Documents\EC&T KontenDateien Einst 2014-10-30 22:33 - 2014-10-30 22:33 - 00003036 _____ () C:\Windows\System32\Tasks\{F21E1B53-A4BF-42A2-965F-D8F872357334} 2014-10-30 07:45 - 2014-10-30 08:19 - 00000000 ____D () C:\Users\Myriam\Programme 2014-10-29 21:58 - 2014-10-29 22:03 - 307709680 _____ () C:\Users\Myriam\Downloads\OJJ4500_Full_13.exe 2014-10-29 18:10 - 2014-10-29 18:10 - 00000000 ____D () C:\Users\Myriam\Documents\OneNote-Notizbücher 2014-10-29 12:17 - 2014-10-29 12:17 - 01825672 _____ () C:\Users\Myriam\Documents\141029 Erklärung Datenschutz.odt 2014-10-29 10:09 - 2014-11-25 07:54 - 00000000 ____D () C:\Users\Myriam\Downloads\141125 Silverlight statt FlashP 2014-10-29 09:37 - 2014-10-29 12:11 - 00043265 _____ () C:\Users\Myriam\Documents\Bild Löwe Regulus von Devani.odt 2014-10-28 11:32 - 2014-10-28 11:32 - 01189723 _____ () C:\Users\Myriam\Desktop\141028 Dame...Herr.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-27 17:10 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-27 17:10 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-27 17:07 - 2011-04-12 08:43 - 00702436 _____ () C:\Windows\system32\perfh007.dat 2014-11-27 17:07 - 2011-04-12 08:43 - 00150044 _____ () C:\Windows\system32\perfc007.dat 2014-11-27 17:07 - 2009-07-14 06:13 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-27 17:05 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Myriam\Documents\Outlook-Dateien 2014-11-27 17:03 - 2014-10-18 12:46 - 00239034 _____ () C:\Users\Myriam\AppData\Local\BTServer.log 2014-11-27 17:02 - 2014-10-18 02:10 - 01137824 _____ () C:\Windows\WindowsUpdate.log 2014-11-27 17:02 - 2010-11-21 04:47 - 00051758 _____ () C:\Windows\PFRO.log 2014-11-27 17:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-27 17:02 - 2009-07-14 05:51 - 00033454 _____ () C:\Windows\setupact.log 2014-11-27 16:53 - 2014-10-20 13:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01AB2F2F-7029-49A9-8627-BE87BF065232} 2014-11-25 20:24 - 2014-10-20 21:57 - 01646762 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-25 20:21 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-11-25 20:18 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-25 20:17 - 2009-07-14 03:34 - 62652416 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-11-25 20:17 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-11-25 20:17 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-11-25 20:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-11-25 20:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-11-24 17:40 - 2014-04-26 08:21 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Betrieb 2014-11-24 15:26 - 2014-10-17 20:16 - 00000000 ____D () C:\Users\Myriam 2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-11-23 09:39 - 2014-10-18 13:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Adobe 2014-11-22 07:50 - 2014-10-21 12:59 - 00000000 ____D () C:\Users\Myriam\Documents\DVDVideoSoft 2014-11-20 19:41 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Microsoft Help 2014-11-19 14:21 - 2014-10-19 15:04 - 00000416 _____ () C:\Windows\BRWMARK.INI 2014-11-19 14:21 - 2014-10-19 15:04 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT 2014-11-14 16:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash 2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\EasyCash&Tax 2014-11-13 13:23 - 2014-10-20 15:21 - 00002480 _____ () C:\ProgramData\hpzinstall.log 2014-11-13 08:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-13 07:06 - 2014-10-18 13:04 - 00086552 _____ () C:\Users\Myriam\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-13 07:05 - 2009-07-14 05:45 - 00342576 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-13 07:03 - 2014-10-20 08:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 21:02 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 20:57 - 2014-10-27 09:28 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 20:55 - 2014-10-27 09:27 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-12 06:26 - 2014-10-18 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-02 14:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-10-29 14:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp Some content of TEMP: ==================== C:\Users\Myriam\AppData\Local\Temp\Quarantine.exe C:\Users\Myriam\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 09:12 ==================== End Of Log ============================ Was jetzt während der CHecks aufkam: eine Flash Player Warnung in Mozilla: Download Flash Player die sich mehrmals aufgerufen hat. Hoffe Hausaufgaben ok. Grüße Freude MyB |
|
28.11.2014, 17:40
| #9 |
| /// the machine /// TB-Ausbilder | Windows7: Ads by clickupESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.11.2014, 18:54
| #10 |
| | Windows7: Ads by clickup new results:Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d90951a6d411a24a80330f00b2342074
# engine=21314
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-28 05:33:36
# local_time=2014-11-28 06:33:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3562250 40180010 0 0
# scanned=11760
# found=11
# cleaned=0
# scan_time=1484
sh=1135DD49674F04451296CAF3DFBE2EA360E1546B ft=1 fh=bec9e5b6c6c31d3d vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1313315996-2717873473-2842918071-1000\$RTTQIQW.exe"
sh=65231873C2B9508463CE3924E61E68D4EDC44F7A ft=1 fh=7fa43737affed640 vn="Variante von Win32/FirseriaInstaller.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\Uninstall_PCSpeedUp.exe.vir"
sh=744A0640927DA7065DC79212074BF7D69FDD316F ft=1 fh=0394227f5f901456 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\SmootherWeb\Uninstall.exe.vir"
sh=E5A22D682B5B9C1F5AD1E1F7D98E685772BED8FC ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js.vir"
sh=F2A8917500E1C6B9E4ADD5299BAF66B57DD4EB63 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js.vir"
sh=CE3159B58A6DFF52E43F2445A4E094B983DD0EBA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js.vir"
sh=FD7368BFE59CB6D2E4853110A8BDE09937D30BFA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js.vir"
sh=976811C69907F2A7CEA2337FC38B1A1DF1D2936B ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Roaming\SmootherWeb\jid1-U7omKQ6kQfxMaQ@jetpack.xpi.vir"
sh=0C53AD8C5815EC193F269B7F4225526331F55560 ft=1 fh=428351b47f1227d5 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe.vir"
sh=83F0543DF9233DBE19DCA183E2738C9A1F1036C2 ft=1 fh=34e7354aef346a57 vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\lsdprn.exe.vir"
sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PDF Creator\message.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.90 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.189 Adobe Reader XI Mozilla Firefox (33.1) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01 Ran by Myriam (administrator) on MYRIAM-PC on 28-11-2014 18:47:36 Running from C:\Users\Myriam\Desktop\TrojanerBoard Loaded Profile: Myriam (Available profiles: Myriam) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Windows\SysWOW64\UMonit64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe () C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\System32\prevhost.exe () C:\Users\Myriam\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor) HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [53248 2014-01-06] () HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited) HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE160AC8BCAEACF01 HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default FF DefaultSearchEngine: Yahoo FF SelectedSearchEngine: Yahoo FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1313315996-2717873473-2842918071-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Myriam\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\searchplugins\ixquick-https.xml FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed] R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed] S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-02-18] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-02-20] (Realtek Semiconductor Corporation ) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-13] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-28 18:37 - 2014-11-28 18:37 - 00854414 _____ () C:\Users\Myriam\Downloads\SecurityCheck.exe 2014-11-28 17:58 - 2014-11-28 17:58 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-11-28 17:57 - 2014-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Myriam\Downloads\esetsmartinstaller_deu.exe 2014-11-28 11:09 - 2014-11-28 11:10 - 02000331 _____ () C:\Users\Myriam\Desktop\141127 ESA Webinar Holz in die Hand.odt 2014-11-28 09:49 - 2014-11-28 18:24 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1313315996-2717873473-2842918071-1000.job 2014-11-28 09:49 - 2014-11-28 09:49 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1313315996-2717873473-2842918071-1000 2014-11-28 09:48 - 2014-11-28 09:49 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Citrix 2014-11-28 09:47 - 2014-11-28 09:47 - 00293944 _____ (Citrix Online) C:\Users\Myriam\Downloads\GoToWebinar Launcher(1).exe 2014-11-28 08:32 - 2014-11-28 08:32 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Drucker 2014-11-28 08:28 - 2014-11-28 08:30 - 00000000 ____D () C:\Users\Myriam\Downloads\exe von TrojanerBoard 2014-11-28 08:26 - 2014-11-28 08:30 - 00000000 ____D () C:\Users\Myriam\Downloads\Lenovo 2014-11-28 08:26 - 2014-11-28 08:26 - 00004549 _____ () C:\Users\Myriam\Desktop\Das schönste was ein Mensch tragen kann.odt 2014-11-28 07:16 - 2014-11-28 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo 2014-11-28 07:16 - 2014-11-28 07:16 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2014-11-28 07:15 - 2014-11-28 07:15 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\InstallShield 2014-11-27 18:57 - 2014-11-27 18:57 - 436912709 _____ () C:\Windows\MEMORY.DMP 2014-11-27 18:57 - 2014-11-27 18:57 - 00281904 _____ () C:\Windows\Minidump\112714-12589-01.dmp 2014-11-27 18:57 - 2014-11-27 18:57 - 00000000 ____D () C:\Windows\Minidump 2014-11-27 17:12 - 2014-11-27 17:12 - 00000000 ____D () C:\Windows\ERUNT 2014-11-27 16:59 - 2014-11-27 17:01 - 00000000 ____D () C:\AdwCleaner 2014-11-27 16:41 - 2014-11-28 18:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-27 16:41 - 2014-11-27 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-27 16:40 - 2014-11-27 16:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-27 16:40 - 2014-11-27 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-27 16:40 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-27 16:40 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-27 16:40 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-25 20:21 - 2014-11-25 20:21 - 00040694 _____ () C:\ComboFix.txt 2014-11-25 20:08 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-25 20:08 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-25 20:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-25 20:08 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-25 20:03 - 2014-11-25 20:21 - 00000000 ____D () C:\Qoobox 2014-11-25 20:03 - 2014-11-25 20:20 - 00000000 ____D () C:\Windows\erdnt 2014-11-25 19:42 - 2014-11-25 19:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-24 15:33 - 2014-11-28 18:47 - 00000000 ____D () C:\FRST 2014-11-24 15:29 - 2014-11-28 18:47 - 00000000 ____D () C:\Users\Myriam\Desktop\TrojanerBoard 2014-11-24 15:26 - 2014-11-24 15:26 - 00000000 _____ () C:\Users\Myriam\defogger_reenable 2014-11-23 10:06 - 2014-11-23 10:06 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\QuickScan 2014-11-23 10:03 - 2014-11-28 06:50 - 00000442 __RSH () C:\ProgramData\ntuser.pol 2014-11-23 10:03 - 2014-11-23 10:26 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Google 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Comodo 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$ 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator 2014-11-23 09:48 - 2014-11-23 09:48 - 00003150 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser 2014-11-23 09:35 - 2014-11-23 09:35 - 00001831 _____ () C:\Windows\patsearch.bin 2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf 2014-11-22 14:53 - 2014-11-22 14:53 - 09665384 _____ () C:\Users\Myriam\Documents\Regale voller GoldBarren Focus online.odt 2014-11-22 07:34 - 2014-11-22 07:34 - 00123537 _____ () C:\Users\Myriam\Documents\Kühe.odt 2014-11-22 07:30 - 2014-11-22 07:36 - 01046283 _____ () C:\Users\Myriam\Documents\Schweine.odt 2014-11-19 13:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 13:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 13:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 13:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-15 21:45 - 2014-11-15 21:45 - 00004700 _____ () C:\Users\Myriam\Desktop\Lass deine Augen das Beste sehen.odt 2014-11-13 19:46 - 2014-11-13 19:46 - 00006569 _____ () C:\Users\Myriam\Documents\Impressum.odt 2014-11-13 12:55 - 2014-11-13 12:55 - 00000000 ____D () C:\Users\Myriam\Documents\Fax 2014-11-13 12:53 - 2014-11-13 12:53 - 00792796 _____ () C:\Users\Myriam\Documents\141114 veraltete Treiber.odt 2014-11-13 12:52 - 2014-11-13 12:52 - 00223511 _____ () C:\Users\Myriam\Documents\141114 Erstattung Trixie Maulschlaufe.odt 2014-11-13 12:24 - 2014-11-13 12:24 - 00003152 _____ () C:\Windows\System32\Tasks\{D4059A91-59EB-4BD4-8D46-E7191558AA7A} 2014-11-13 12:10 - 2014-11-13 12:10 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieBrowserModeList 2014-11-12 06:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 06:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 06:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 06:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 06:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 06:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 06:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 06:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 06:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 06:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 06:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 06:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 06:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 06:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 06:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 06:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 06:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 06:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 06:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 06:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 06:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 06:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 06:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 06:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 06:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 06:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 06:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 06:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 06:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 06:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 06:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 06:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 06:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 06:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 06:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 06:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 06:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 06:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 06:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 06:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 06:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 06:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 06:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 06:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 06:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 06:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 06:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 06:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 06:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 06:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 06:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 06:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 06:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 06:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 06:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 06:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 06:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 06:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 06:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 06:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 06:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 06:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 06:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 06:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 06:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 06:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 06:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 06:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 06:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 06:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 06:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 06:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 06:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 06:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 06:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 06:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 06:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 06:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 06:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 06:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 06:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 06:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 06:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 06:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 06:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 06:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 06:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 06:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 06:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 06:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 06:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-11 22:54 - 2014-11-11 22:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe 2014-11-11 07:00 - 2014-11-11 07:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-10 11:57 - 2014-11-10 21:10 - 00005558 _____ () C:\Users\Myriam\Documents\Hundespiel.odt 2014-11-10 06:58 - 2014-11-10 06:58 - 00004809 _____ () C:\Users\Myriam\Documents\Kfz in der BF 6 Absatz 1 Nr.odt 2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\Users\Myriam\AppData\Local\PDF24 2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\Program Files (x86)\PDF24 2014-11-08 17:18 - 2014-11-08 17:18 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep 2014-11-08 12:45 - 2014-11-25 08:15 - 00000085 _____ () C:\Users\Myriam\AppData\Roaming\WB.CFG 2014-11-08 12:12 - 2014-11-13 12:54 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-11-08 11:49 - 2014-11-08 12:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\CUSTPDF Writer 2014-11-08 11:39 - 2014-11-13 12:15 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Downloaded Installers 2014-11-08 11:39 - 2014-11-08 11:39 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc 2014-11-08 11:36 - 2014-11-13 13:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate 2014-11-08 11:36 - 2014-11-13 12:12 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers 2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Myriam\AppData\Local\SlimWare Utilities Inc 2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieUserList 2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieSiteList 2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator 2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files\PDFCreator 2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\PDF Creator 2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\GPLGS 2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll 2014-11-02 19:20 - 2014-11-02 19:22 - 00011776 ___SH () C:\Users\Myriam\Documents\Thumbs.db 2014-11-02 18:24 - 2014-11-02 19:18 - 58885280 _____ () C:\Users\Myriam\Documents\Gute Energie 141102 NutzenFußnote.pptx 2014-10-31 07:12 - 2014-10-31 07:12 - 00000000 ____D () C:\ProgramData\EasyCash&Tax 2014-10-31 06:14 - 2014-11-20 21:32 - 00000000 ____D () C:\Users\Myriam\Documents\EC&T KontenDateien Einst 2014-10-30 22:33 - 2014-10-30 22:33 - 00003036 _____ () C:\Windows\System32\Tasks\{F21E1B53-A4BF-42A2-965F-D8F872357334} 2014-10-30 07:45 - 2014-10-30 08:19 - 00000000 ____D () C:\Users\Myriam\Programme 2014-10-29 18:10 - 2014-10-29 18:10 - 00000000 ____D () C:\Users\Myriam\Documents\OneNote-Notizbücher 2014-10-29 12:17 - 2014-10-29 12:17 - 01825672 _____ () C:\Users\Myriam\Documents\141029 Erklärung Datenschutz.odt 2014-10-29 10:09 - 2014-11-25 07:54 - 00000000 ____D () C:\Users\Myriam\Downloads\141125 Silverlight statt FlashP 2014-10-29 09:37 - 2014-10-29 12:11 - 00043265 _____ () C:\Users\Myriam\Documents\Bild Löwe Regulus von Devani.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-28 18:33 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Myriam\Documents\Outlook-Dateien 2014-11-28 17:50 - 2011-04-12 08:43 - 00702436 _____ () C:\Windows\system32\perfh007.dat 2014-11-28 17:50 - 2011-04-12 08:43 - 00150044 _____ () C:\Windows\system32\perfc007.dat 2014-11-28 17:50 - 2009-07-14 06:13 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-28 17:50 - 2009-07-14 05:51 - 00035268 _____ () C:\Windows\setupact.log 2014-11-28 17:35 - 2014-10-20 13:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01AB2F2F-7029-49A9-8627-BE87BF065232} 2014-11-28 17:31 - 2014-10-18 02:10 - 01227148 _____ () C:\Windows\WindowsUpdate.log 2014-11-28 09:47 - 2014-04-24 22:24 - 00000000 ____D () C:\Users\Myriam\Downloads\exe on hold 2014-11-28 08:33 - 2014-10-20 07:29 - 00000000 ____D () C:\Users\Myriam\Downloads\exe FondsFinanz 2014-11-28 08:33 - 2014-04-26 08:21 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Betrieb 2014-11-28 07:16 - 2014-10-18 12:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-28 06:57 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-28 06:57 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-28 06:49 - 2014-10-18 12:46 - 00255710 _____ () C:\Users\Myriam\AppData\Local\BTServer.log 2014-11-28 06:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-27 17:02 - 2010-11-21 04:47 - 00051758 _____ () C:\Windows\PFRO.log 2014-11-25 20:24 - 2014-10-20 21:57 - 01646762 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-25 20:21 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-11-25 20:18 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-25 20:17 - 2009-07-14 03:34 - 62652416 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-11-25 20:17 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-11-25 20:17 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-11-25 20:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-11-25 20:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-11-24 15:26 - 2014-10-17 20:16 - 00000000 ____D () C:\Users\Myriam 2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-11-23 09:39 - 2014-10-18 13:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Adobe 2014-11-22 07:50 - 2014-10-21 12:59 - 00000000 ____D () C:\Users\Myriam\Documents\DVDVideoSoft 2014-11-20 19:41 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Microsoft Help 2014-11-19 14:21 - 2014-10-19 15:04 - 00000416 _____ () C:\Windows\BRWMARK.INI 2014-11-19 14:21 - 2014-10-19 15:04 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT 2014-11-14 16:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash 2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\EasyCash&Tax 2014-11-13 13:23 - 2014-10-20 15:21 - 00002480 _____ () C:\ProgramData\hpzinstall.log 2014-11-13 08:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-13 07:06 - 2014-10-18 13:04 - 00086552 _____ () C:\Users\Myriam\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-13 07:05 - 2009-07-14 05:45 - 00342576 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-13 07:03 - 2014-10-20 08:52 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 21:02 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 20:57 - 2014-10-27 09:28 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 20:55 - 2014-10-27 09:27 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-12 06:26 - 2014-10-18 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-02 14:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-10-29 14:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp Some content of TEMP: ==================== C:\Users\Myriam\AppData\Local\Temp\Quarantine.exe C:\Users\Myriam\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-25 09:12 ==================== End Of Log ============================ War heute kaum am Rechner, scheint normal zu laufen. Liebe Grüße Freude MyB |
|
29.11.2014, 18:28
| #11 |
| /// the machine /// TB-Ausbilder | Windows7: Ads by clickup Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\$RECYCLE.BIN
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.11
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.11.2014, 07:07
| #12 |
| | heute Weihnachtsmarkt-Arbeit :abklatsch: hier Fixlog die ganze andere Liste werde ich in Ruhe abarbeiten.  :Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Myriam at 2014-11-30 06:27:57 Run:1
Running from C:\Users\Myriam\Desktop\TrojanerBoard
Loaded Profile: Myriam (Available profiles: Myriam)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\$RECYCLE.BIN
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.11
*****************
C:\$RECYCLE.BIN => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
51cdb72 => Service deleted successfully.
"c:\Program Files (x86)\Optimizer Pro 3.11" => File/Directory not found.
The system needed a reboot.
==== End of Fixlog ====
 MyB |
|
30.11.2014, 09:04
| #13 |
| /// the machine /// TB-Ausbilder | Windows7: Ads by clickup ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.12.2014, 09:53
| #14 |
| | Windows7: Ads by clickup Yippieehh alles erledigt Riesen Danke an dich report/fragen:Auf Automatisierung der Updates habe ich bisher geachtet. Seit diesem Jahr habe ich einige Backoffice Anbindungen, täglich lange Verweilzeiten online. im Lauf der Zeit gearbeitet mit Norton Gdata Trendmicro - nacheinander! Antivirus hat oft vorhandene Systemtools gestört. zuletzt auf den Tipp gehört, mich auf Security Essentials zu verlassen. Scheint, das reicht nicht aus. Jetzt unsicher - auch angesichts deiner Tipps - welche Schutzsoftware ich neu reinnehmen soll, was von den Systemtools aktiv laufen soll. WinSecEssentials lassen? Welche Kombination funktioniert? Kann / soll ich jetzt wirklich -Secunia Online Software. -MalwareBytes Anti Malware -WinPatrol -SpywareBlaster -MVPs hosts file -WOT alle in mein System einbauen ? hab ich so verstanden, (jedes tut einen anderen Zweck und Du sagst die vertragen sich alle) oder sind da welche nicht parallel zu fahren? Was mache ich mit dem Smartfon ??!! das hängt regelmäßig am Rechner. Gibt es ein Kombiangebot für Rechner und Smart ggf auch Tablet das Du empfehlen kannst? Wenn ich den Tipp noch bekommen kann, wie ich security gesamt hinbekomme, da bin ich echt dankbar. Freeware tipps find ich klasse. Klar auch dass ich ein nötiges Programm kaufe, so der preis tragbar ist. Bleibe gern bei Mozilla. Browser Apps hab ich übernommen. TFC habe ich übernommen. der Registry Cleaner ist gefressen worden - hab ich verstanden, (die Blogs dazu, da bin ich wg englisch nicht so sattelfest, lass ich mal on hold.) Bin total happy, dass Du / Trojanerboard mich da durchgelotst hast Hoffe damit krieg ich jetzt eine komplette Sicherheitsroutine hin. DANKEdankedanke spendeauchklar. Freue mich auf die letzten Hinweise. Liebe Grüße Freude MyB Nachtrag: kann WOT nicht öffnen "Programm nicht bekannt" Suche nach Programm www no result. |
|
05.12.2014, 09:02
| #15 |
| /// the machine /// TB-Ausbilder | Windows7: Ads by clickup SpywareBlaster und WinPatrol sind nicht unbedingt nötig, wenn Du dich ein wenig auskennst und nicht auf alles klickst was bunt ist. Ich empfehle immer Emsisoft Dort gibt es auch Mobile Angebote. WOT und Co bitte direkt in FIrefox unter Extras > Addons suchen und installieren, dann kannste ie XPI Dateien löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
Linear-Darstellung
