| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BING.VC löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.08.2015, 12:43
| #1 |
| |  BING.VC löschen Habe mir durch irgend eine Software den Bing.vc eingehandelt, er befindet sich auf der Startseite von Firefox und Internet Explorer. Habe schon alle mir bekannten Schadsoftware Programme durchlaufen lassen, doch bei jedem neustart von FF oder IE kommt diese Bing.vc -Seite sofort wieder. Verwendet habe ich OTL: LogfileOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.08.2015 13:24:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Egon Ganahl\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,97 Gb Total Physical Memory | 6,16 Gb Available Physical Memory | 77,29% Memory free
15,93 Gb Paging File | 13,68 Gb Available in Paging File | 85,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 69,97 Gb Free Space | 58,73% Space Free | Partition Type: NTFS
Drive D: | 468,73 Gb Total Space | 421,37 Gb Free Space | 89,90% Space Free | Partition Type: NTFS
Computer Name: BÜRO-PC | User Name: Egon Ganahl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B9AE7F4-8B52-4126-9F6B-89C7718970C9}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{61AFC914-59C7-4179-A923-6C8BC68CE13C}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{725EDD41-38B2-4624-80C7-72A2CC75BF3F}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8C46D348-FF9D-44DF-B50D-7D4E897C697E}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8C5F6A5D-D215-40D2-9E03-F15A045236D4}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{9F974E6A-B320-4275-BE9D-FE54B2B12E3A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{EB315EEB-FD87-432A-AD9D-D2639993FE5C}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{FD743F73-B821-48B0-BCDB-A46E249046E7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11B6B529-9EB8-4A87-88FA-DBE309A74810}" = dir=in | app=d:\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{1F0B562C-0FEE-4E99-A543-2D8FE7762576}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{37B57550-63CC-4065-83BE-B85569A4DC08}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{3F5D6E46-15A2-4199-AC99-B1095A87AA51}" = dir=in | app=d:\cyberlink\powerdvd10\powerdvd10.exe |
"{4A310891-4B91-48D6-ADB1-F41EDB4E0962}" = protocol=6 | dir=in | app=d:\mozilla firefox\firefox.exe |
"{79F9B2A8-2F13-432E-AC58-E173C617D7DA}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\asus mobilink\iphone simulator\pnsvc.exe |
"{9FC9AAD2-7C46-4673-9D4F-3A7A45830ED5}" = protocol=17 | dir=in | app=d:\mozilla firefox\firefox.exe |
"{C88FB73E-E2F6-4155-84EF-419874FBEDC9}" = dir=in | app=d:\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{205E1A40-060A-4F84-8C1D-74C71BBB9848}C:\program files\logitech gaming software\lcore.exe" = protocol=6 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
"UDP Query User{44BAF18C-65E8-4CB9-8742-26906F443AE3}C:\program files\logitech gaming software\lcore.exe" = protocol=17 | dir=in | app=c:\program files\logitech gaming software\lcore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2
"{6E98BFB0-55E3-4D3C-8C10-B44F6063535E}" = DxO FilmPack 3
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 355.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 355.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 355.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.5.12.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.5.12.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.34.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.5.12.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.30
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.70
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"sp6" = Logitech SetPoint 6.67
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FECEE0-16B2-43DB-BC3B-C844477FC142}" = Kaspersky Total Security
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{10427BCB-0742-43BE-81E2-3920972946F5}" = LightScribe System Software
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{35DAA04C-1720-4BE3-A920-A03731EC6A1D}" = Google Earth Pro
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go 7
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}" = CyberLink MediaShow 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer 5.5
"{BA30CBCD-03DA-457A-A34B-3EF637D45D4E}" = Disk Unlocker
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{e6e75766-da0f-4ba2-9788-6ea593ce702d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe Flash Player ActiveX" = Adobe Flash Player 18 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"Biet-O-Matic v2.14.12" = Biet-O-Matic v2.14.12
"ElsterFormular für Privatanwender und Unternehmer 12.0.0.5880k" = ElsterFormular-Upgrade
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite 10
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}" = Kaspersky Total Security
"MagniDriver" = marvell 91xx driver
"Mozilla Firefox 40.0 (x86 de)" = Mozilla Firefox 40.0 (x86 de)
"Mozilla Firefox 40.0.2 (x86 de)" = Mozilla Firefox 40.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1baecab78b735f22" = cardXIssue
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.08.2015 04:56:51 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.08.2015 05:33:31 | Computer Name = Büro-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 17.08.2015 05:37:13 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.2.5702,
Zeitstempel: 0x55cc03bd Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.2.5702,
Zeitstempel: 0x55cbf190 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000e631 ID des fehlerhaften
Prozesses: 0x7a8 Startzeit der fehlerhaften Anwendung: 0x01d0d8cfeb2a82cd Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Berichtskennung:
89f2c848-44c3-11e5-b81b-f46d045831a4
Error - 17.08.2015 05:37:20 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.2.5702,
Zeitstempel: 0x55cc03bd Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.2.5702,
Zeitstempel: 0x55cbf190 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000e631 ID des fehlerhaften
Prozesses: 0x748 Startzeit der fehlerhaften Anwendung: 0x01d0d8cfeb324b1b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Berichtskennung:
8db5d1d2-44c3-11e5-b81b-f46d045831a4
Error - 17.08.2015 05:37:26 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.2.5702,
Zeitstempel: 0x55cc03bd Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.2.5702,
Zeitstempel: 0x55cbf190 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000e631 ID des fehlerhaften
Prozesses: 0xcc0 Startzeit der fehlerhaften Anwendung: 0x01d0d8cfeb22ba80 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Berichtskennung:
91799eae-44c3-11e5-b81b-f46d045831a4
Error - 17.08.2015 05:37:49 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.2.5702,
Zeitstempel: 0x55cc03bd Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.2.5702,
Zeitstempel: 0x55cbf190 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000e631 ID des fehlerhaften
Prozesses: 0x10bc Startzeit der fehlerhaften Anwendung: 0x01d0d8d04c1fb96e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Berichtskennung:
9f1f9fe7-44c3-11e5-b81b-f46d045831a4
Error - 17.08.2015 05:38:04 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 40.0.2.5702,
Zeitstempel: 0x55cc03bd Name des fehlerhaften Moduls: mozglue.dll, Version: 40.0.2.5702,
Zeitstempel: 0x55cbf190 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000e631 ID des fehlerhaften
Prozesses: 0x8d4 Startzeit der fehlerhaften Anwendung: 0x01d0d8d04c17ca11 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Berichtskennung:
a81267b2-44c3-11e5-b81b-f46d045831a4
Error - 17.08.2015 06:44:54 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.08.2015 06:49:31 | Computer Name = Büro-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EC Simulator.exe, Version: 1.0.0.19,
Zeitstempel: 0x4cd8f8db Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18933,
Zeitstempel: 0x55a69ec4 Ausnahmecode: 0x0eedfade Fehleroffset: 0x0000c42d ID des fehlerhaften
Prozesses: 0x1098 Startzeit der fehlerhaften Anwendung: 0x01d0d8d9808605de Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC
Simulator.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung:
a36f4cca-44cd-11e5-b2ba-f46d045831a4
Error - 17.08.2015 06:53:48 | Computer Name = Büro-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 17.08.2015 06:49:32 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies
ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 17.08.2015 06:50:01 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 17.08.2015 06:50:01 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 17.08.2015 06:50:30 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 17.08.2015 06:50:30 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 17.08.2015 06:51:54 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 17.08.2015 06:51:56 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 17.08.2015 06:51:56 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "ASDiskUnlocker" hat einen ungültigen aktuellen Status
gemeldet: 11
Error - 17.08.2015 06:51:56 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "ASDiskUnlocker" hat einen ungültigen aktuellen Status
gemeldet: 11
Error - 17.08.2015 06:51:56 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "ASDiskUnlocker" hat einen ungültigen aktuellen Status
gemeldet: 11
< End of report >
von Firefox sowie au Internet ExplorerOTL Logfile: Code:
ATTFilter OTL logfile created on: 17.08.2015 13:24:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Egon Ganahl\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17959) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 6,16 Gb Available Physical Memory | 77,29% Memory free 15,93 Gb Paging File | 13,68 Gb Available in Paging File | 85,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 69,97 Gb Free Space | 58,73% Space Free | Partition Type: NTFS Drive D: | 468,73 Gb Total Space | 421,37 Gb Free Space | 89,90% Space Free | Partition Type: NTFS Computer Name: BÜRO-PC | User Name: Egon Ganahl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015.08.17 13:16:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Egon Ganahl\Downloads\OTL.exe PRC - [2015.08.13 04:58:03 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2015.08.07 06:22:17 | 000,410,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2015.07.24 06:22:16 | 002,634,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2015.07.24 06:22:13 | 001,871,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2015.07.09 19:11:40 | 000,194,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe PRC - [2015.07.09 19:11:40 | 000,192,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.04.26 11:20:48 | 001,101,440 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2011.04.13 15:15:22 | 001,116,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe PRC - [2011.03.23 15:08:12 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.17 15:38:20 | 000,702,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe PRC - [2011.01.11 16:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.11.25 09:12:56 | 002,529,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe PRC - [2010.11.25 09:12:56 | 000,252,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe PRC - [2010.11.08 15:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.09.24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe ========== Modules (No Company Name) ========== MOD - [2015.07.24 06:22:16 | 000,011,920 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll MOD - [2014.12.23 16:54:24 | 000,608,040 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll MOD - [2014.12.23 16:54:24 | 000,502,056 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll MOD - [2014.12.23 16:54:24 | 000,338,216 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll MOD - [2011.04.07 17:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011.03.23 15:05:04 | 000,964,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011.03.04 10:33:44 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll MOD - [2011.02.24 10:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2011.02.09 09:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011.01.19 21:23:40 | 001,655,296 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll MOD - [2011.01.13 16:47:34 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2011.01.07 16:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2011.01.06 10:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2010.12.01 12:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2010.11.25 15:12:54 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll MOD - [2010.11.25 15:12:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll MOD - [2010.11.25 15:12:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll MOD - [2010.11.25 15:12:54 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll MOD - [2010.11.25 09:12:56 | 000,703,488 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll MOD - [2010.11.25 09:12:56 | 000,661,504 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll MOD - [2010.11.25 09:12:56 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll MOD - [2010.11.25 09:12:56 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll MOD - [2010.10.15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2010.08.23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll MOD - [2010.08.06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2009.08.12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2009.05.21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ========== Services (SafeList) ========== SRV:64bit: - [2015.07.16 22:21:50 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2015.05.25 20:19:13 | 001,255,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV - [2015.08.14 15:12:02 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015.08.13 04:58:15 | 000,149,160 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015.08.07 06:22:17 | 000,410,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2015.07.24 06:22:13 | 001,871,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2015.07.24 06:22:13 | 001,155,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService) SRV - [2015.07.24 06:22:11 | 005,544,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc) SRV - [2015.07.09 19:11:40 | 000,194,000 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe -- (AVP15.0.2) SRV - [2015.07.02 22:21:26 | 000,356,808 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2014.04.11 23:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013.09.02 18:14:04 | 000,243,464 | ---- | M] (CyberLink) [Auto | Stopped] -- d:\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_4C1DB90F) SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.03.13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.02 11:34:50 | 000,258,688 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe -- (ASDiskUnlocker) SRV - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.05.14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- D:\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9475A87B) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015.07.25 01:28:44 | 000,204,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2015.07.09 19:11:38 | 000,190,648 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2015.07.09 19:11:38 | 000,085,360 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp) DRV:64bit: - [2015.07.09 19:11:38 | 000,065,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2015.07.09 19:11:38 | 000,040,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2015.07.09 19:11:38 | 000,039,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2015.07.09 19:11:38 | 000,024,944 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:64bit: - [2015.07.09 19:11:36 | 000,850,608 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2015.07.09 19:11:36 | 000,225,976 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk) DRV:64bit: - [2015.07.09 19:11:36 | 000,159,960 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:64bit: - [2015.07.09 19:11:36 | 000,039,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2015.07.09 19:11:34 | 000,478,392 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2015.07.09 19:11:34 | 000,247,016 | ---- | M] (Kaspersky Lab UK Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km_w.sys -- (cm_km_w) DRV:64bit: - [2015.07.09 19:11:34 | 000,064,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk) DRV:64bit: - [2015.07.03 06:28:26 | 000,047,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:64bit: - [2015.06.18 04:25:00 | 000,086,672 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2015.06.18 04:25:00 | 000,050,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2015.06.11 01:33:42 | 000,068,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGJoyXlCore.sys -- (LGJoyXlCore) DRV:64bit: - [2015.06.11 01:33:42 | 000,026,912 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2015.06.11 01:33:40 | 000,037,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2013.05.30 18:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.13 10:58:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.03.13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2010.12.08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.08 14:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.21 11:29:36 | 000,043,136 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VDiskBus64.sys -- (VDiskBus) DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2010.08.27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.08.17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) DRV:64bit: - [2010.08.10 11:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2015.07.24 06:22:11 | 000,019,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV - [2015.06.21 23:13:48 | 000,014,184 | ---- | M] (Logitech) [Kernel | Auto | Running] -- C:\Programme\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys -- (LGCoreTemp) DRV - [2010.09.16 20:56:06 | 000,016,512 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys -- (ASFLTDrv.sys) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=752 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://de.search.yahoo.com/yhs/search?type=752&hspart=avast&hsimp=yhs-001&p={searchTerms} IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=752&hspart=avast&hsimp=yhs-001&p={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\..\SearchScopes\{40AEE201-0884-4F7F-8F54-17E01B1CC49B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{997A6696-3A88-4EC0-BC26-A41E1A13C9DB}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)" FF - prefs.js..browser.search.defaulturl: "https://de.search.yahoo.com/yhs/search" FF - prefs.js..browser.search.hiddenOneOffs: "Bing,Google,Wikipedia (de)" FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)" FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.selectedEngine: "Yahoo! (Avast)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.update.interval: 31536000 FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0 FF - prefs.js..keyword.URL: "https://de.search.yahoo.com/yhs/search" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll () FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015.08.12 17:47:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015.08.12 17:47:27 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015.08.12 17:47:29 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015.08.12 17:47:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015.08.12 17:47:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015.08.12 17:47:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015.08.12 21:55:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0\extensions\\Components: D:\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0\extensions\\Plugins: D:\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 40.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.08.12 15:56:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Egon Ganahl\AppData\Roaming\mozilla\Extensions [2015.08.16 22:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Egon Ganahl\AppData\Roaming\mozilla\Firefox\Profiles\51kzfsuy.default-1439675671374\extensions [2015.08.16 22:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Egon Ganahl\AppData\Roaming\mozilla\Firefox\Profiles\51kzfsuy.default-1439675671374\extensions\staged [2015.08.17 12:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Egon Ganahl\AppData\Roaming\mozilla\Firefox\Profiles\n6tmf4gm.default-1439756977122\extensions [2015.08.17 12:15:09 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Egon Ganahl\AppData\Roaming\mozilla\Firefox\Profiles\n6tmf4gm.default-1439756977122\extensions\de-DE@dictionaries.addons.mozilla.org [2015.08.17 12:15:09 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Egon Ganahl\AppData\Roaming\mozilla\Firefox\Profiles\n6tmf4gm.default-1439756977122\extensions\DeviceDetection@logitech.com [2015.08.16 14:43:49 | 000,007,224 | ---- | M] () (No name found) -- C:\Users\Egon Ganahl\AppData\Roaming\mozilla\firefox\profiles\51kzfsuy.default-1439675671374\extensions\{197003db-974d-4618-9c29-6b814214a2e2}.xpi [2015.04.15 14:40:40 | 000,038,626 | ---- | M] () (No name found) -- C:\Users\Egon Ganahl\AppData\Roaming\mozilla\firefox\profiles\n6tmf4gm.default-1439756977122\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015.08.16 23:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.08.16 23:25:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015.08.12 17:47:27 | 000,000,000 | ---D | M] (Modul zum Sperren von gefährlichen Webseiten) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY TOTAL SECURITY 15.0.2\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2015.08.12 17:47:27 | 000,000,000 | ---D | M] (Sicherer Zahlungsverkehr) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY TOTAL SECURITY 15.0.2\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2015.08.12 17:47:29 | 000,000,000 | ---D | M] (Virtuelle Tastatur) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY TOTAL SECURITY 15.0.2\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Virtual Keyboard Plugin) - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Content Blocker Plugin) - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95B84472-BE5B-46CC-98AE-08578117D65A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\gopher - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2015.08.15 23:00:59 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.08.17 13:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2015.08.17 13:06:53 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2015.08.17 13:06:51 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\Desktop\mbar [2015.08.17 12:39:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015.08.17 11:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2015.08.17 10:25:17 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\QuickScan [2015.08.16 23:25:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2015.08.16 23:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2015.08.16 23:09:09 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\GWX [2015.08.16 22:34:00 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Macromedia [2015.08.16 18:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VIPRE [2015.08.16 18:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2015.08.16 18:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iS3 [2015.08.16 00:03:56 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.08.15 23:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2015.08.15 23:12:38 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Wise Uninstaller [2015.08.15 23:00:35 | 000,000,000 | ---D | C] -- C:\sh4ldr [2015.08.15 22:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2015.08.15 22:21:50 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Intel Drivers Update Utility [2015.08.15 22:21:47 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Intel Drivers Update Utility [2015.08.15 14:23:08 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Programs [2015.08.15 12:58:41 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cardxperts Rainer Kerner [2015.08.15 12:58:15 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Deployment [2015.08.15 12:58:15 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Apps [2015.08.15 11:08:36 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\Documents\DxO FilmPack 3 [2015.08.15 11:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\DxO Labs [2015.08.15 11:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DxO FilmPack 3 [2015.08.15 09:49:41 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2015.08.15 09:48:22 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX [2015.08.15 09:48:21 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX [2015.08.14 23:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic [2015.08.14 23:30:16 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\BOM [2015.08.14 16:30:43 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel [2015.08.14 16:30:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser [2015.08.14 15:11:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2015.08.14 14:47:59 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2015.08.14 14:46:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2015.08.14 10:52:58 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\OpenOffice [2015.08.14 10:01:18 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\GHISLER [2015.08.14 09:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2015.08.14 09:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2015.08.14 09:34:18 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2015.08.14 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\ElevatedDiagnostics [2015.08.13 21:50:08 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\NVIDIA Corporation [2015.08.13 13:23:46 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\GHISLER [2015.08.13 13:10:47 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Google [2015.08.13 13:04:28 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\CrashDumps [2015.08.13 13:01:47 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\FreeFLVConverter [2015.08.13 12:48:02 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\elfopatch [2015.08.13 12:46:47 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\elsterformular [2015.08.13 12:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2015.08.13 12:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2015.08.13 12:43:18 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Adobe [2015.08.12 22:16:30 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Zoner [2015.08.12 22:16:30 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Zoner [2015.08.12 22:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Zoner [2015.08.12 22:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoner Photo Studio 16 [2015.08.12 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Logishrd [2015.08.12 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd [2015.08.12 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2015.08.12 21:52:45 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Leadertech [2015.08.12 21:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2015.08.12 21:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2015.08.12 21:43:17 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\EIZO [2015.08.12 21:42:32 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Downloaded Installations [2015.08.12 21:22:23 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\Documents\CyberLink [2015.08.12 21:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2015.08.12 21:15:20 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Power2Go [2015.08.12 19:53:04 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Microsoft Games [2015.08.12 19:43:23 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Packages [2015.08.12 19:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2015.08.12 19:38:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2015.08.12 19:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2015.08.12 19:37:09 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite [2015.08.12 19:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK [2015.08.12 19:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2015.08.12 19:23:17 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\CyberLink [2015.08.12 19:23:17 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Cyberlink [2015.08.12 19:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink [2015.08.12 19:22:48 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\Desktop\GPS-Tools [2015.08.12 19:22:33 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Desktop\Grafik-Tools [2015.08.12 19:20:45 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2015.08.12 19:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2015.08.12 19:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2015.08.12 19:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2015.08.12 19:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2015.08.12 18:36:44 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\Desktop\Tools [2015.08.12 18:36:35 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Desktop\Spiele [2015.08.12 18:36:21 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\Desktop\Player-Tolls [2015.08.12 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\Desktop\Text-Tools [2015.08.12 18:16:01 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Logitech [2015.08.12 18:16:01 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2015.08.12 18:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2015.08.12 18:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2015.08.12 18:14:25 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Logitech [2015.08.12 18:14:25 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Logishrd [2015.08.12 17:58:48 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\NVIDIA [2015.08.12 17:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2015.08.12 17:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2015.08.12 17:53:11 | 000,112,760 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2015.08.12 17:53:11 | 000,105,080 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2015.08.12 17:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2015.08.12 17:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2015.08.12 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2015.08.12 17:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security [2015.08.12 17:47:32 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\klfphc.dll [2015.08.12 17:47:27 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2015.08.12 17:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2015.08.12 17:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2015.08.12 17:47:23 | 000,850,608 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2015.08.12 17:47:23 | 000,225,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klhk.sys [2015.08.12 17:47:23 | 000,159,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2015.08.12 17:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2015.08.12 17:31:31 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Mozilla [2015.08.12 16:03:48 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2015.08.12 15:56:43 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Thunderbird [2015.08.12 15:56:43 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Thunderbird [2015.08.12 15:56:43 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Mozilla [2015.08.12 15:42:23 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Macromedia [2015.08.12 15:42:22 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Adobe [2015.08.12 15:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2015.08.12 15:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles [2015.08.12 15:37:10 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Intel Corporation [2015.08.12 15:37:10 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\BMExplorer [2015.08.12 15:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2015.08.12 15:31:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2015.08.12 15:30:34 | 000,014,464 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys [2015.08.12 15:30:07 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll [2015.08.12 15:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2015.08.12 15:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS [2015.08.12 15:29:17 | 000,028,672 | R--- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll [2015.08.12 15:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2015.08.12 15:25:01 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\Documents\Bluetooth Folder [2015.08.12 15:24:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program [2015.08.12 15:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros [2015.08.12 15:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite [2015.08.12 15:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2015.08.12 15:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2015.08.12 15:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2015.08.12 15:17:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2015.08.12 15:16:37 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell [2015.08.12 15:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell [2015.08.12 15:16:07 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2015.08.12 15:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2015.08.12 15:15:07 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll [2015.08.12 15:14:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2015.08.12 15:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2015.08.12 15:14:49 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2015.08.12 15:14:49 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2015.08.12 15:14:48 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2015.08.12 15:14:48 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2015.08.12 15:14:48 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2015.08.12 15:14:48 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2015.08.12 15:14:48 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2015.08.12 15:14:48 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2015.08.12 15:14:48 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2015.08.12 15:14:43 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2015.08.12 15:14:43 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2015.08.12 15:14:43 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2015.08.12 15:14:43 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2015.08.12 15:14:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2015.08.12 15:14:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2015.08.12 15:14:39 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2015.08.12 15:14:39 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2015.08.12 15:14:38 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2015.08.12 15:14:38 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2015.08.12 15:14:38 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2015.08.12 15:14:38 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2015.08.12 15:14:38 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2015.08.12 15:14:37 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2015.08.12 15:14:37 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2015.08.12 15:14:37 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2015.08.12 15:14:31 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2015.08.12 15:14:31 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2015.08.12 15:14:30 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2015.08.12 15:14:30 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2015.08.12 15:14:30 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2015.08.12 15:14:30 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2015.08.12 15:14:30 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2015.08.12 15:14:30 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2015.08.12 15:14:30 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2015.08.12 15:14:30 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2015.08.12 15:14:29 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2015.08.12 15:14:29 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2015.08.12 15:14:29 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2015.08.12 15:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2015.08.12 15:14:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2015.08.12 15:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2015.08.12 15:13:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2015.08.12 15:13:38 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2015.08.12 15:13:37 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\InstallShield [2015.08.12 15:12:39 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2015.08.12 15:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2015.08.12 15:09:35 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2015.08.12 15:09:35 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Searches [2015.08.12 15:09:35 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2015.08.12 15:09:30 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Identities [2015.08.12 15:09:29 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Contacts [2015.08.12 15:09:28 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\VirtualStore [2015.08.12 15:09:24 | 000,000,000 | --SD | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Videos [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Saved Games [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Pictures [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Music [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Links [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Favorites [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Downloads [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Documents [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\Desktop [2015.08.12 15:09:24 | 000,000,000 | R--D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Vorlagen [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\AppData\Local\Verlauf [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\AppData\Local\Temporary Internet Files [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Startmenü [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\SendTo [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Recent [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Netzwerkumgebung [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Lokale Einstellungen [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Documents\Eigene Videos [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Documents\Eigene Musik [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Eigene Dateien [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Documents\Eigene Bilder [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Druckumgebung [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Cookies [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\AppData\Local\Anwendungsdaten [2015.08.12 15:09:24 | 000,000,000 | -HSD | C] -- C:\Users\Egon Ganahl\Anwendungsdaten [2015.08.12 15:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Egon Ganahl\AppData [2015.08.12 15:09:24 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Temp [2015.08.12 15:09:24 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Local\Microsoft [2015.08.12 15:09:24 | 000,000,000 | ---D | C] -- C:\Users\Egon Ganahl\AppData\Roaming\Media Center Programs [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2015.08.12 15:09:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2015.08.12 15:09:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2015.08.12 15:04:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch ========== Files - Modified Within 30 Days ========== [2015.08.17 13:15:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.08.17 13:15:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015.08.17 13:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.08.17 13:07:31 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.08.17 13:06:53 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2015.08.17 12:59:45 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.08.17 12:59:45 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.08.17 12:58:44 | 001,648,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.08.17 12:58:44 | 000,713,958 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.08.17 12:58:44 | 000,658,506 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.08.17 12:58:44 | 000,154,074 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.08.17 12:58:44 | 000,126,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.08.17 12:51:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.08.17 12:51:52 | 2121,641,983 | -HS- | M] () -- C:\hiberfil.sys [2015.08.17 10:27:29 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2015.08.16 19:06:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat [2015.08.15 23:00:59 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2015.08.15 14:30:32 | 000,277,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.08.14 23:37:18 | 001,622,000 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2015.08.14 23:34:06 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk [2015.08.14 11:47:00 | 000,016,303 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2015.08.14 11:47:00 | 000,016,303 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2015.08.14 10:51:05 | 000,000,642 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\quickstart.lnk [2015.08.13 13:42:11 | 000,001,375 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\Internet Explorer (64-bit).lnk [2015.08.13 13:08:13 | 000,001,087 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\googleearth.lnk [2015.08.13 12:55:29 | 000,000,606 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\pica - Verknüpfung.lnk [2015.08.12 22:23:36 | 000,001,344 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\Zoner.lnk [2015.08.12 21:53:06 | 000,001,354 | ---- | M] () -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2015.08.12 21:34:53 | 000,000,997 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\TOTALCMD64.lnk [2015.08.12 21:34:01 | 000,000,612 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\MozBackup.lnk [2015.08.12 21:19:19 | 000,000,985 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\Thunderbird.lnk [2015.08.12 19:46:55 | 000,000,000 | ---- | M] () -- C:\Windows\lgfwup.ini [2015.08.12 17:48:04 | 000,002,303 | ---- | M] () -- C:\Users\Egon Ganahl\Desktop\Sicherer Zahlungsverkehr.lnk [2015.08.12 17:47:36 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Total Security.lnk [2015.08.12 15:31:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf [2015.08.12 15:27:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2015.08.12 15:25:02 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin [2015.08.12 15:15:07 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll [2015.08.12 15:11:25 | 000,029,047 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2015.08.12 15:11:07 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2015.08.12 15:07:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2015.08.12 15:07:00 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2015.08.12 15:05:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2015.08.07 13:06:30 | 042,840,184 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll [2015.08.07 13:06:30 | 037,819,000 | ---- | M] () -- C:\Windows\SysWow64\nvcompiler.dll [2015.08.07 13:06:30 | 000,112,760 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2015.08.07 13:06:30 | 000,105,080 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2015.08.07 13:06:30 | 000,033,050 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2015.08.03 12:12:34 | 005,133,709 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin ========== Files Created - No Company Name ========== [2015.08.16 19:06:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat [2015.08.15 23:00:59 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2015.08.15 22:21:47 | 001,875,456 | R--- | C] () -- C:\Users\Egon Ganahl\AppData\Local\IconOverlayEx.dll [2015.08.14 23:34:06 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk [2015.08.14 23:34:00 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2015.08.14 16:47:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2015.08.14 15:11:44 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.08.14 11:47:00 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2015.08.14 11:47:00 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2015.08.14 10:51:05 | 000,000,642 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\quickstart.lnk [2015.08.13 22:06:13 | 042,840,184 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll [2015.08.13 22:06:13 | 037,819,000 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll [2015.08.13 13:11:34 | 000,002,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk [2015.08.13 13:10:52 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.08.13 13:10:52 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015.08.13 13:08:13 | 000,001,087 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\googleearth.lnk [2015.08.13 13:01:58 | 000,001,175 | ---- | C] () -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk [2015.08.13 13:01:47 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx [2015.08.13 13:01:47 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb [2015.08.13 13:01:47 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx [2015.08.13 13:00:13 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2015.08.13 12:55:29 | 000,000,606 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\pica - Verknüpfung.lnk [2015.08.12 22:23:36 | 000,001,344 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\Zoner.lnk [2015.08.12 21:53:06 | 000,001,354 | ---- | C] () -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2015.08.12 21:34:53 | 000,000,997 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\TOTALCMD64.lnk [2015.08.12 21:34:01 | 000,000,612 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\MozBackup.lnk [2015.08.12 21:19:19 | 000,000,985 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\Thunderbird.lnk [2015.08.12 19:30:57 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini [2015.08.12 18:40:47 | 000,001,375 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\Internet Explorer (64-bit).lnk [2015.08.12 17:53:21 | 005,133,709 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2015.08.12 17:52:04 | 001,622,000 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2015.08.12 17:50:55 | 000,033,050 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2015.08.12 17:48:04 | 000,002,303 | ---- | C] () -- C:\Users\Egon Ganahl\Desktop\Sicherer Zahlungsverkehr.lnk [2015.08.12 17:47:39 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Total Security.lnk [2015.08.12 17:31:25 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2015.08.12 17:31:24 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2015.08.12 15:31:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf [2015.08.12 15:29:16 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2015.08.12 15:29:09 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2015.08.12 15:27:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf [2015.08.12 15:18:25 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din [2015.08.12 15:17:49 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din [2015.08.12 15:15:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2015.08.12 15:11:07 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2015.08.12 15:11:00 | 000,029,047 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2015.08.12 15:09:36 | 000,001,475 | ---- | C] () -- C:\Users\Egon Ganahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2015.08.12 15:06:54 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2015.08.12 15:06:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2015.08.12 15:05:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2015.08.11 23:07:13 | 2121,641,983 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.07.10 19:51:25 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.07.10 19:34:07 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2015.08.14 23:34:19 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\BOM [2015.08.12 21:43:17 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\EIZO [2015.08.13 12:46:53 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\elsterformular [2015.08.13 13:01:58 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\FreeFLVConverter [2015.08.16 00:58:58 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\GHISLER [2015.08.12 21:52:45 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\Leadertech [2015.08.14 10:52:58 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\OpenOffice [2015.08.17 10:25:17 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\QuickScan [2015.08.12 15:56:43 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\Thunderbird [2015.08.16 00:58:56 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\Wise Uninstaller [2015.08.12 22:16:30 | 000,000,000 | ---D | M] -- C:\Users\Egon Ganahl\AppData\Roaming\Zoner ========== Purity Check ========== < End of report > MBAR Logfile: Malwarebytes Anti-Rootkit BETA 1.09.1.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17959 File system is: NTFS Disk drives: B:\ DRIVE_FIXED, C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 3.310000 GHz Memory total: 8555479040, free: 6614949888 Downloaded database version: v2015.08.17.05 Downloaded database version: v2015.08.16.01 Downloaded database version: v2015.07.28.01 ======================================= Initializing... ------------ Kernel report ------------ 08/17/2015 13:07:31 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\kl1.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\cm_km_w.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\jraid.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\AiChargerPlus.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\DRIVERS\mv91xx.sys \SystemRoot\system32\DRIVERS\mvxxmm.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\system32\DRIVERS\klflt.sys \SystemRoot\system32\DRIVERS\klhk.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\klpd.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\kltdi.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\klwtp.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\VDiskBus64.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\kneps.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\SysWow64\drivers\AsUpIO.sys \SystemRoot\SysWow64\drivers\AsIO.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\e1c62x64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\asmtxhci.sys \SystemRoot\system32\DRIVERS\1394ohci.sys \SystemRoot\system32\DRIVERS\ICCWDT.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\btath_bus.sys \SystemRoot\system32\drivers\LGBusEnum.sys \SystemRoot\system32\drivers\LGJoyXlCore.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\asmthub3.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\System32\Drivers\LUsbFilt.Sys \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\klkbdflt.sys \SystemRoot\system32\DRIVERS\LGSHidFilt.Sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\btfilter.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\Drivers\rikvm_4C1DB90F.sys \??\C:\Windows\system32\Drivers\rikvm_9475A87B.sys \SystemRoot\system32\drivers\USBSTOR.SYS \SystemRoot\system32\DRIVERS\kldisk.sys \??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\bthmodem.sys \SystemRoot\system32\DRIVERS\btath_rcp.sys \SystemRoot\system32\drivers\btath_a2dp.sys \SystemRoot\system32\DRIVERS\btath_hcrp.sys \SystemRoot\system32\DRIVERS\btath_flt.sys \SystemRoot\system32\DRIVERS\btath_lwflt.sys \??\C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys \SystemRoot\system32\drivers\LGVirHid.sys \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\ws2_32.dll \Windows\System32\wininet.dll \Windows\System32\advapi32.dll \Windows\System32\shell32.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\user32.dll \Windows\System32\kernel32.dll \Windows\System32\msctf.dll \Windows\System32\setupapi.dll \Windows\System32\Wldap32.dll \Windows\System32\difxapi.dll \Windows\System32\msvcrt.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\comdlg32.dll \Windows\System32\usp10.dll \Windows\System32\nsi.dll \Windows\System32\urlmon.dll \Windows\System32\psapi.dll \Windows\System32\oleaut32.dll \Windows\System32\normaliz.dll \Windows\System32\sechost.dll \Windows\System32\imagehlp.dll \Windows\System32\imm32.dll \Windows\System32\ole32.dll \Windows\System32\shlwapi.dll \Windows\System32\iertutil.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\userenv.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\System32\profapi.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2015.08.17.05 rootkit: v2015.08.16.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8009753060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009753b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009753060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80069a46e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80069ab050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 44098610 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 249860096 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 128035676160 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8009754060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009754b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009754060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80069aae40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8006dec050, DeviceName: \Device\Ide\IAAStorageDevice-3\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 3F62A595 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 983007232 Partition file system is NTFS Partition is not bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 983009280 Numsec = 970510336 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800b6bb790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b6b9040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b6bb790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b501b60, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800b6bf060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b6bfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b6bf060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b625060, DeviceName: \Device\000000ac\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800b6be060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b6c06a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b6be060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b6734a0, DeviceName: \Device\000000ad\, DriverName: \Driver\USBSTOR\ ------------ End ---------- File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6FD3BDAC075B4FB7AFF1E38C299C6345DDA51088.bin.VF" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6FD3BDAC075B4FB7AFF1E38C299C6345DDA51088.bin.VE1" is compressed (flags = 1) Scan finished ======================================= Scan started Database versions: main: v2015.08.17.05 rootkit: v2015.08.16.01 <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 44098610 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 249860096 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 128035676160 bytes Sector size: 512 bytes Done! Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 3F62A595 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 983007232 Partition file system is NTFS Partition is not bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 983009280 Numsec = 970510336 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800b6bb790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b6b9040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b6bb790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b501b60, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa800b6bf060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b6bfb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b6bf060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b625060, DeviceName: \Device\000000ac\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa800b6be060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800b6c06a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800b6be060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800b6734a0, DeviceName: \Device\000000ad\, DriverName: \Driver\USBSTOR\ ------------ End ---------- File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6FD3BDAC075B4FB7AFF1E38C299C6345DDA51088.bin.VF" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6FD3BDAC075B4FB7AFF1E38C299C6345DDA51088.bin.VE1" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished |
| Themen zu BING.VC löschen |
| adobe, bho, bing.vc, error, firefox, flash player, format, google, home, homepage, iexplore.exe, install.exe, installation, internet, launch, mozilla, neustart, nvidia, realtek, registry, rundll, scan, security, software, tastatur, udp, windows, windows xp |
Baum-Darstellung