Trojaner-Board - Windows 7 weisser Sperbildschirm

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014

Ran by diseck (administrator) on DISECK-PC on 18-12-2014 14:49:45

Running from C:\Users\diseck\Downloads

Loaded Profile: diseck (Available profiles: diseck)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\Serviio\bin\ServiioService.exe

() C:\Program Files\Serviio\bin\ServiioService.exe

(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

() C:\Program Files\Serviio\bin\ServiioConsole.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)

HKU\S-1-5-21-2442715595-2237258959-3315423054-1000\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)

Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk

ShortcutTarget: AutoStarter.lnk -> C:\Users\diseck\AppData\Roaming\autostarter.exe (No File)

Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk

ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2442715595-2237258959-3315423054-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

SearchScopes: HKU\S-1-5-21-2442715595-2237258959-3315423054-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=21&locale=de_DE&gct=sb&qsrc=2869

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKU\S-1-5-21-2442715595-2237258959-3315423054-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF [2014-11-12]

FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2014-12-18]
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-12]

CHR Extension: (Google Drive) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-12]

CHR Extension: (YouTube) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-12]

CHR Extension: (Google-Suche) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-12]

CHR Extension: (Google Tabellen) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-12]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-10]

CHR Extension: (Google Wallet) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-12]

CHR Extension: (Google Mail) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-12]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-12]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-14] (Microsoft Corporation) [File not signed]

S3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-14] (Microsoft Corporation) [File not signed]

S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-14] (Microsoft Corporation) [File not signed]

R3 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation) [File not signed]

S3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-14] (Microsoft Corporation) [File not signed]

R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]

R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]

S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] (Microsoft Corporation) [File not signed]

S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]

R2 BFE; C:\Windows\System32\bfe.dll [494592 2010-11-20] (Microsoft Corporation) [File not signed]

R2 BITS; C:\Windows\System32\qmgr.dll [585728 2010-11-20] (Microsoft Corporation) [File not signed]

S3 Browser; C:\Windows\System32\browser.dll [102912 2012-07-04] (Microsoft Corporation) [File not signed]

S3 bthserv; C:\Windows\system32\bthserv.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]

S3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]

S3 COMSysApp; C:\Windows\system32\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) [File not signed]

R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [143872 2014-07-07] (Microsoft Corporation) [File not signed]

R2 CscService; C:\Windows\System32\cscsvc.dll [546304 2010-11-20] (Microsoft Corporation) [File not signed]

R2 DcomLaunch; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]

S3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-14] (Microsoft Corporation) [File not signed]

R2 Dhcp; C:\Windows\system32\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]

R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-03] (Microsoft Corporation) [File not signed]

S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] (Microsoft Corporation) [File not signed]

R2 DPS; C:\Windows\system32\dps.dll [144384 2010-11-20] (Microsoft Corporation) [File not signed]

R3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-14] (Microsoft Corporation) [File not signed]

S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]

S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation) [File not signed]

R2 eventlog; C:\Windows\System32\wevtsvc.dll [1086976 2010-11-20] (Microsoft Corporation) [File not signed]

R2 EventSystem; C:\Windows\system32\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]

S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]

S3 fdPHost; C:\Windows\system32\fdPHost.dll [12800 2009-07-14] (Microsoft Corporation) [File not signed]

S3 FDResPub; C:\Windows\system32\fdrespub.dll [28160 2009-07-14] (Microsoft Corporation) [File not signed]

R2 FontCache; C:\Windows\system32\FntCache.dll [906240 2014-11-14] (Microsoft Corporation) [File not signed]

R2 gpsvc; C:\Windows\System32\gpsvc.dll [593408 2010-11-20] (Microsoft Corporation) [File not signed]

S3 hidserv; C:\Windows\system32\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]

S3 hkmsvc; C:\Windows\system32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation) [File not signed]

S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]

S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]

S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2014-11-22] (Microsoft Corporation) [File not signed]

R2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation) [File not signed]

S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [78848 2009-07-14] (Microsoft Corporation) [File not signed]

R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [499712 2012-10-03] (Microsoft Corporation) [File not signed]

R3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 KtmRm; C:\Windows\system32\msdtckrm.dll [308736 2009-07-14] (Microsoft Corporation) [File not signed]

R2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] (Microsoft Corporation) [File not signed]

R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2010-11-20] (Microsoft Corporation) [File not signed]

S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-14] (Microsoft Corporation) [File not signed]

S2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-14] (Microsoft Corporation) [File not signed]

S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]

R2 MMCSS; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]

R2 MpsSvc; C:\Windows\system32\mpssvc.dll [566272 2010-11-20] (Microsoft Corporation) [File not signed]

S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-14] (Microsoft Corporation) [File not signed]

S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [114688 2009-07-14] (Microsoft Corporation) [File not signed]

S3 msiserver; C:\Windows\System32\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]

S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] (Microsoft Corporation) [File not signed]

S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

R3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-14] (Microsoft Corporation) [File not signed]

R3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]

R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)

R2 NlaSvc; C:\Windows\System32\nlasvc.dll [242176 2012-10-03] (Microsoft Corporation) [File not signed]

R2 nsi; C:\Windows\system32\nsisvc.dll [19456 2009-07-14] (Microsoft Corporation) [File not signed]

S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]

S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) [File not signed]

R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation) [File not signed]

S3 PeerDistSvc; C:\Windows\system32\peerdistsvc.dll [1004544 2009-07-14] (Microsoft Corporation) [File not signed]

S3 pla; C:\Windows\system32\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]

R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [293376 2011-05-24] (Microsoft Corporation) [File not signed]

S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) [File not signed]

S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]

R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350208 2010-11-20] (Microsoft Corporation) [File not signed]

R2 Power; C:\Windows\system32\umpo.dll [119808 2010-11-20] (Microsoft Corporation) [File not signed]

R2 ProfSvc; C:\Windows\system32\profsvc.dll [164352 2012-05-01] (Microsoft Corporation) [File not signed]

S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]

S3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]

S3 RasMan; C:\Windows\System32\rasmans.dll [286208 2010-11-20] (Microsoft Corporation) [File not signed]

S4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]

S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [112640 2009-07-14] (Microsoft Corporation) [File not signed]

R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-14] (Microsoft Corporation) [File not signed]

S3 RpcLocator; C:\Windows\system32\locator.exe [9216 2009-07-14] (Microsoft Corporation) [File not signed]

R2 RpcSs; C:\Windows\system32\rpcss.dll [376832 2010-11-20] (Microsoft Corporation) [File not signed]

R2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-14] (Microsoft Corporation) [File not signed]

R2 Schedule; C:\Windows\system32\schedsvc.dll [750592 2010-11-20] (Microsoft Corporation) [File not signed]

S3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2010-11-20] (Microsoft Corporation) [File not signed]

S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]

S3 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-14] (Microsoft Corporation) [File not signed]

R2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]

S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]

R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2014-03-18] () [File not signed]

S3 SessionEnv; C:\Windows\system32\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]

S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-14] (Microsoft Corporation) [File not signed]

R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]

S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-14] (Microsoft Corporation) [File not signed]

R2 Spooler; C:\Windows\System32\spoolsv.exe [317440 2012-02-11] (Microsoft Corporation) [File not signed]

R2 sppsvc; C:\Windows\system32\sppsvc.exe [3179520 2010-11-20] (Microsoft Corporation) [File not signed]

R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [53760 2010-11-20] (Microsoft Corporation) [File not signed]

R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-14] (Microsoft Corporation) [File not signed]

S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [90112 2009-07-14] (Microsoft Corporation) [File not signed]

R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]

S3 StorSvc; C:\Windows\system32\storsvc.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]

S3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-14] (Microsoft Corporation) [File not signed]

R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TapiSrv; C:\Windows\System32\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-14] (Microsoft Corporation) [File not signed]

S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) [File not signed]

R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]

S3 THREADORDER; C:\Windows\system32\mmcss.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]

R2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-14] (Microsoft Corporation) [File not signed]

R2 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-20] (Microsoft Corporation) [File not signed]

S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2009-07-14] (Microsoft Corporation) [File not signed]

S3 UmRdpService; C:\Windows\System32\umrdp.dll [171008 2010-11-20] (Microsoft Corporation) [File not signed]

S3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]

R2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-14] (Microsoft Corporation) [File not signed]

S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 vds; C:\Windows\System32\vds.exe [453632 2010-11-20] (Microsoft Corporation) [File not signed]

S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2010-11-20] (Microsoft Corporation) [File not signed]

S3 W32Time; C:\Windows\system32\w32time.dll [288768 2009-07-14] (Microsoft Corporation) [File not signed]

S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]

S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) [File not signed]

S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]

S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]

R3 WdiServiceHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WdiSystemHost; C:\Windows\system32\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]

S3 Wecsvc; C:\Windows\system32\wecsvc.dll [147968 2009-07-14] (Microsoft Corporation) [File not signed]

S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) [File not signed]

S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]

R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [168960 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WinRM; C:\Windows\system32\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed]

R2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) [File not signed]

S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]

S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]

R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [85504 2010-11-20] (Microsoft Corporation) [File not signed]

R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]

R2 WSearch; C:\Windows\system32\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation) [File not signed]

R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [73216 2012-07-26] (Microsoft Corporation) [File not signed]

S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-28] (Microsoft Corporation) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]

S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] (Microsoft Corporation) [File not signed]

R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]

S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [55296 2009-07-14] (Microsoft Corporation) [File not signed]

S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]

S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] (Microsoft Corporation) [File not signed]

S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]

S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation) [File not signed]

S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) [File not signed]

R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141209.001\BHDrvx86.sys [1138392 2014-12-03] (Symantec Corporation)

R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]

R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] (Microsoft Corporation) [File not signed]

S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.) [File not signed]

S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.) [File not signed]

S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Brother Industries Ltd.) [File not signed]

S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.) [File not signed]

S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.) [File not signed]

S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.) [File not signed]

S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [56320 2009-07-14] (Microsoft Corporation) [File not signed]

R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)

R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] (Microsoft Corporation) [File not signed]

R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]

S3 circlass; C:\Windows\system32\drivers\circlass.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]

R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-14] (Microsoft Corporation) [File not signed]

R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT32.sys [488448 2009-08-11] (Conexant Systems Inc.) [File not signed]

R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2010-11-20] (Microsoft Corporation) [File not signed]

R1 CSC; C:\Windows\System32\drivers\csc.sys [388096 2010-11-20] (Microsoft Corporation) [File not signed]

R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]

R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] (Microsoft Corporation) [File not signed]

S3 dmvsc; C:\Windows\system32\drivers\dmvsc.sys [62464 2010-11-20] (Microsoft Corporation) [File not signed]

S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] (Microsoft Corporation) [File not signed]

S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation) [File not signed]

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-18] (Symantec Corporation)

U3 EraserUtilDrv11411; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [111408 2014-12-18] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-08-26] (Symantec Corporation)

S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]

S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] (Microsoft Corporation) [File not signed]

R3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] (Microsoft Corporation) [File not signed]

S3 fdc; C:\Windows\system32\drivers\fdc.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]

S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] (Microsoft Corporation) [File not signed]

S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]

S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.) [File not signed]

S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2010-11-20] (Microsoft Corporation) [File not signed]

R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]

S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]

S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [91136 2009-07-14] (Microsoft Corporation) [File not signed]

S3 HidIr; C:\Windows\system32\drivers\hidir.sys [37888 2009-07-14] (Microsoft Corporation) [File not signed]

S3 HidUsb; C:\Windows\system32\drivers\hidusb.sys [24064 2010-11-20] (Microsoft Corporation) [File not signed]

R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] (Microsoft Corporation) [File not signed]

R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] (Microsoft Corporation) [File not signed]

R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141217.001\IDSvix86.sys [479448 2014-12-05] (Symantec Corporation)

R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] (Microsoft Corporation) [File not signed]

S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] (Microsoft Corporation) [File not signed]

S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] (Microsoft Corporation) [File not signed]

S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] (Microsoft Corporation) [File not signed]

S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]

S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] (Microsoft Corporation) [File not signed]

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [51712 2009-07-27] (Atheros Communications, Inc.) [File not signed]

R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]

R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] (Microsoft Corporation) [File not signed]

S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]

R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]

S3 mouhid; C:\Windows\system32\drivers\mouhid.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]

R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]

S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] (Microsoft Corporation) [File not signed]

R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] (Microsoft Corporation) [File not signed]

R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] (Microsoft Corporation) [File not signed]

R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] (Microsoft Corporation) [File not signed]

R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] (Microsoft Corporation) [File not signed]

S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] (Microsoft Corporation) [File not signed]

S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] (Microsoft Corporation) [File not signed]

S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] (Microsoft Corporation) [File not signed]

S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] (Microsoft Corporation) [File not signed]

S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]

S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]

R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation) [File not signed]

R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141217.035\NAVENG.SYS [95704 2014-12-08] (Symantec Corporation)

R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141217.035\NAVEX15.SYS [1636696 2014-12-08] (Symantec Corporation)

S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] (Microsoft Corporation) [File not signed]

R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]

R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] (Microsoft Corporation) [File not signed]

R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] (Microsoft Corporation) [File not signed]

R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]

R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] (Microsoft Corporation) [File not signed]

R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] (Microsoft Corporation) [File not signed]

R3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [6114816 2009-09-15] (Intel Corporation) [File not signed]

R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]

R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed]

R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] (Microsoft Corporation) [File not signed]

R3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [9824000 2009-08-06] (NVIDIA Corporation) [File not signed]

S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed]

S3 Parport; C:\Windows\system32\drivers\parport.sys [79360 2009-07-14] (Microsoft Corporation) [File not signed]

S2 Parvdm; C:\Windows\system32\drivers\parvdm.sys [8704 2009-07-14] (Microsoft Corporation) [File not signed]

R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] (Microsoft Corporation) [File not signed]

R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] (Microsoft Corporation) [File not signed]

S3 Processor; C:\Windows\system32\drivers\processr.sys [52224 2009-07-14] (Microsoft Corporation) [File not signed]

R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] (Microsoft Corporation) [File not signed]

S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]

S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] (Microsoft Corporation) [File not signed]

R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] (Microsoft Corporation) [File not signed]

R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] (Microsoft Corporation) [File not signed]

R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] (Microsoft Corporation) [File not signed]

R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] (Microsoft Corporation) [File not signed]

R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] (Microsoft Corporation) [File not signed]

R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] (Microsoft Corporation) [File not signed]

R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] (Microsoft Corporation) [File not signed]

S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133632 2010-11-20] (Microsoft Corporation) [File not signed]

R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]

R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]

S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) [File not signed]

R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]

S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [5632 2010-11-20] (Microsoft Corporation) [File not signed]

S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] (Microsoft Corporation) [File not signed]

R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]

S3 Serenum; C:\Windows\system32\drivers\serenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]

S3 Serial; C:\Windows\system32\drivers\serial.sys [83456 2009-07-14] (Microsoft Corporation) [File not signed]

S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]

S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]

S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] (Microsoft Corporation) [File not signed]

S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]

S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]

S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] (Microsoft Corporation) [File not signed]

R3 SRTSP; C:\Windows\system32\drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)

R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] (Microsoft Corporation) [File not signed]

R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] (Microsoft Corporation) [File not signed]

R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] (Microsoft Corporation) [File not signed]

R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2014-08-26] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-08-26] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-11-12] (Symantec Corporation)

R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2014-08-26] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\system32\drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-08-26] (Symantec Corporation)

R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] (Microsoft Corporation) [File not signed]

S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] (Microsoft Corporation) [File not signed]

R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] (Microsoft Corporation) [File not signed]

S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) [File not signed]

S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] (Microsoft Corporation) [File not signed]

S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation) [File not signed]

R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] (Microsoft Corporation) [File not signed]

S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] (Microsoft Corporation) [File not signed]

R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2010-11-20] (Microsoft Corporation) [File not signed]

S3 UmPass; C:\Windows\system32\drivers\umpass.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]

R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] (Microsoft Corporation) [File not signed]

S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]

R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [43520 2013-11-27] (Microsoft Corporation) [File not signed]

R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] (Microsoft Corporation) [File not signed]

S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-27] (Microsoft Corporation) [File not signed]

S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]

S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [36352 2013-07-03] (Microsoft Corporation) [File not signed]

R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] (Microsoft Corporation) [File not signed]

R3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [24064 2013-11-27] (Microsoft Corporation) [File not signed]

R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation) [File not signed]

S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]

R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]

S3 ViaC7; C:\Windows\system32\drivers\viac7.sys [52736 2009-07-14] (Microsoft Corporation) [File not signed]

S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [17920 2010-11-20] (Microsoft Corporation) [File not signed]

R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] (Microsoft Corporation) [File not signed]

R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [21632 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]

R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] (Microsoft Corporation) [File not signed]

R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]

S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] (Microsoft Corporation) [File not signed]

R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2009-07-14] (Microsoft Corporation) [File not signed]

S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] (Microsoft Corporation) [File not signed]

R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] (Microsoft Corporation) [File not signed]

R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation) [File not signed]
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-18 14:49 - 2014-12-18 14:50 - 00043895 _____ () C:\Users\diseck\Downloads\FRST.txt

2014-12-18 14:49 - 2014-12-18 14:49 - 01113600 _____ (Farbar) C:\Users\diseck\Downloads\FRST.exe

2014-12-16 23:15 - 2014-12-16 23:15 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-16 19:29 - 2014-12-17 19:32 - 00063020 _____ () C:\OTL.Txt

2014-12-16 17:32 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-16 17:32 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-16 17:32 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-16 17:32 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-16 17:32 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-16 15:44 - 2014-12-18 14:49 - 00000000 ____D () C:\FRST

2014-12-11 01:20 - 2014-12-16 23:24 - 00000032 _____ () C:\Users\diseck\AppData\Roaming\url.txt

2014-12-10 14:35 - 2014-12-10 14:35 - 00000000 ____D () C:\Users\diseck\AppData\Local\PDF24

2014-12-10 14:34 - 2014-12-10 14:34 - 00001823 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk

2014-12-10 14:34 - 2014-12-10 14:34 - 00001803 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk

2014-12-10 14:34 - 2014-12-10 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

2014-12-10 14:34 - 2014-12-10 14:34 - 00000000 ____D () C:\Program Files\PDF24

2014-12-10 14:29 - 2014-12-10 14:32 - 16342352 _____ (Geek Software GmbH ) C:\Users\diseck\Downloads\pdf24-creator-6.9.2.exe

2014-12-10 14:04 - 2014-12-10 14:04 - 00015810 _____ () C:\Users\diseck\Downloads\Turmspringen_2014_TSP_2014_Licht_Stundenzettel (1).xlsx

2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieUserList

2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieSiteList

2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieBrowserModeList

2014-12-10 09:27 - 2014-12-10 09:27 - 00015810 _____ () C:\Users\diseck\Downloads\Turmspringen_2014_TSP_2014_Licht_Stundenzettel.xlsx

2014-12-10 08:52 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:52 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:52 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:52 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:52 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:52 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:52 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:52 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:52 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:52 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:52 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:52 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:52 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:52 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:52 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:52 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-10 08:52 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:52 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:52 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:52 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:52 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:52 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:52 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:52 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:52 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:52 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:52 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:52 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:52 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:52 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:52 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:52 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:52 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:52 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:52 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:51 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-10 08:51 - 2014-10-30 02:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-12-10 08:51 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2014-12-04 23:47 - 2014-12-05 14:59 - 00000000 ____D () C:\Users\diseck\Documents\Daten Wichtig

2014-12-04 12:45 - 2014-12-04 12:45 - 00015192 _____ () C:\Users\diseck\Desktop\1.Januar 2013.ods

2014-12-04 12:11 - 2014-12-08 15:22 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-12-04 12:11 - 2014-12-04 12:11 - 00000000 ____D () C:\ProgramData\McAfee

2014-12-04 12:10 - 2014-12-04 12:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-12-04 12:10 - 2014-12-04 12:10 - 00000000 ____D () C:\Program Files\Adobe

2014-12-04 12:09 - 2014-12-04 12:15 - 00000000 ____D () C:\ProgramData\Adobe

2014-12-04 12:08 - 2014-12-04 12:12 - 00000000 ____D () C:\Users\diseck\AppData\Local\Adobe

2014-12-02 18:03 - 2014-12-02 18:03 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\WinRAR

2014-11-25 00:52 - 2014-11-25 00:52 - 00000000 ____D () C:\Users\diseck\AppData\Local\CrashDumps

2014-11-23 17:37 - 2014-11-23 17:37 - 00011844 _____ () C:\Users\diseck\Downloads\Verpflegungsmehraufwand Mai 2014.xlsx

2014-11-23 14:28 - 2014-11-23 14:28 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-11-23 14:28 - 2014-11-23 14:28 - 00000000 ____D () C:\Program Files\epson

2014-11-23 14:28 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe

2014-11-23 14:28 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escdev.dll

2014-11-23 14:28 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\eswiaud.dll

2014-11-23 14:22 - 2014-11-23 14:23 - 12872704 _____ () C:\Users\diseck\Downloads\epson323810eu.exe

2014-11-22 22:43 - 2014-11-23 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2014-11-22 22:42 - 2008-08-08 02:09 - 00086528 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBFDE.DLL

2014-11-22 22:42 - 2007-12-07 02:01 - 00078848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BFDE.DLL

2014-11-22 22:42 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2014-11-22 22:41 - 2014-11-22 22:43 - 00000000 ____D () C:\ProgramData\EPSON

2014-11-22 22:40 - 2014-11-22 22:40 - 15605760 _____ () C:\Users\diseck\Downloads\epson323813eu.exe

2014-11-22 22:36 - 2014-11-22 22:36 - 00012615 _____ () C:\Users\diseck\Desktop\Unbenannt 1.odt

2014-11-19 12:24 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-19 12:24 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-18 22:28 - 2014-12-09 20:15 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\vlc

2014-11-18 22:28 - 2014-11-18 22:28 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2014-11-18 22:28 - 2014-11-18 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-11-18 22:27 - 2014-11-18 22:27 - 00000000 ____D () C:\Program Files\VideoLAN

2014-11-18 22:26 - 2014-11-18 22:27 - 24743106 _____ () C:\Users\diseck\Downloads\vlc-2.1.5-win32.exe

2014-11-18 12:45 - 2014-11-18 12:45 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-11-18 12:45 - 2014-11-18 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-11-18 12:45 - 2014-11-18 12:45 - 00000000 ____D () C:\Program Files\WinRAR

2014-11-18 12:44 - 2014-11-18 12:44 - 01857192 _____ () C:\Users\diseck\Downloads\wrar511d.exe

2014-11-18 12:31 - 2014-12-11 01:20 - 00000000 ____D () C:\Users\diseck\Documents\UseNeXT

2014-11-18 12:31 - 2014-12-11 01:19 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\UseNeXT

2014-11-18 12:31 - 2014-12-09 01:00 - 00000000 ____D () C:\Program Files\UseNeXT

2014-11-18 12:31 - 2014-11-21 11:28 - 00001807 _____ () C:\Users\diseck\Desktop\UseNeXT by Tangysoft.lnk

2014-11-18 12:31 - 2014-11-21 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT

2014-11-18 12:31 - 2014-11-18 12:31 - 00064024 _____ () C:\Users\diseck\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-18 12:30 - 2014-11-18 12:30 - 05274000 _____ (Tangysoft Ltd. ) C:\Users\diseck\Downloads\UseNeXTSetup_5.63.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-18 14:49 - 2014-11-12 18:41 - 01589385 _____ () C:\Windows\WindowsUpdate.log

2014-12-18 14:40 - 2009-07-14 05:39 - 00032281 _____ () C:\Windows\setupact.log

2014-12-18 14:40 - 2009-07-14 05:34 - 00027248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-18 14:40 - 2009-07-14 05:34 - 00027248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-18 14:23 - 2014-11-12 22:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-18 13:38 - 2014-11-12 22:19 - 00000110 _____ () C:\.dir

2014-12-18 13:38 - 2014-11-12 22:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-18 13:37 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-16 23:15 - 2014-11-15 14:14 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-16 23:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-12-16 23:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat

2014-12-16 16:32 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-16 16:27 - 2014-11-12 18:49 - 00000000 ____D () C:\Users\diseck

2014-12-15 01:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2014-12-10 08:55 - 2014-11-12 22:10 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-08 15:22 - 2014-11-12 21:01 - 00000000 ____D () C:\ProgramData\Norton

2014-12-08 15:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-12-08 15:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-12-04 12:17 - 2014-11-17 09:45 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\Adobe

2014-12-03 11:43 - 2010-11-20 22:48 - 00009768 _____ () C:\Windows\PFRO.log

2014-11-25 00:52 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries

2014-11-24 23:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-23 14:28 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32

2014-11-19 12:18 - 2009-07-14 05:33 - 00286616 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-18 15:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
 

Some content of TEMP:

====================

C:\Users\diseck\AppData\Local\Temp\i4jdel0.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe

[2014-11-14 10:00] - [2014-07-17 02:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870
 

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-05 02:24
 

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014

Ran by diseck at 2014-12-18 14:50:29

Running from C:\Users\diseck\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Norton Internet Security (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)

Druckerdeinstallation für EPSON SX210 Series (HKLM\...\EPSON SX210 Series) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )

Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2243.0 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)

Java(TM) 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)

OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)

PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)

Serviio (HKLM\...\Serviio) (Version:  - )

Softwarenetz Rechnung3 (HKLM\...\Rechnung3) (Version:  - )

Softwarenetz Rechnung5 (HKLM\...\Rechnung5) (Version:  - Softwarenetz)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.0.3 - Synaptics Incorporated)

UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WinRAR 5.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

03-12-2014 20:11:21 Geplanter Prüfpunkt

11-12-2014 10:09:26 Windows Update

16-12-2014 16:31:17 Windows Update

18-12-2014 13:41:16 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {26C12393-9E37-4810-9F0D-69F1104BF5BC} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)

Task: {296536C7-05B7-48FA-A337-7FF1AA4E5DC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)

Task: {3392CC24-3C23-4C4E-A7A0-105E0444C1CA} - System32\Tasks\{FAA9BC10-DF97-4626-A9F7-EE97FDC9AD62} => pcalua.exe -a C:\Users\diseck\Downloads\epson323813eu.exe -d C:\Users\diseck\Downloads

Task: {508B9766-F55C-4A9F-A92E-91CF48ECED59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)

Task: {8A43651C-219B-4DFE-8C95-14BF88C9CCB5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {9B40F866-0C07-4797-BE95-2C11141B15D0} - System32\Tasks\{21AEC0C5-2E77-4823-ABFD-1E862A0DB32A} => pcalua.exe -a C:\Users\diseck\Downloads\epson323810eu.exe -d C:\Users\diseck\Downloads

Task: {FC5E1FD4-A3D1-4AD5-8BCB-48BBCDF82E59} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-03-18 00:52 - 2014-03-18 00:52 - 00327680 _____ () C:\Program Files\Serviio\bin\ServiioService.exe

2014-03-18 00:52 - 2014-03-18 00:52 - 00368640 _____ () C:\Program Files\Serviio\bin\ServiioConsole.exe

2014-12-10 08:55 - 2014-12-08 23:57 - 01165640 _____ () C:\Program Files\Google\Chrome\Application\41.0.2243.0\libglesv2.dll

2014-12-10 08:55 - 2014-12-08 23:57 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2243.0\libegl.dll

2014-12-10 08:55 - 2014-12-08 23:57 - 09204552 _____ () C:\Program Files\Google\Chrome\Application\41.0.2243.0\pdf.dll

2014-12-10 08:55 - 2014-12-08 23:57 - 14913352 _____ () C:\Program Files\Google\Chrome\Application\41.0.2243.0\PepperFlash\pepflashplayer.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

========================= Accounts: ==========================
 

Administrator (S-1-5-21-2442715595-2237258959-3315423054-500 - Administrator - Disabled)

diseck (S-1-5-21-2442715595-2237258959-3315423054-1000 - Administrator - Enabled) => C:\Users\diseck

Gast (S-1-5-21-2442715595-2237258959-3315423054-501 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (12/18/2014 01:39:51 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm iexplore.exe, Version 11.0.9600.17496 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: a34
 

Startzeit: 01d01abf86181a00
 

Endzeit: 17
 

Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
 

Berichts-ID: d5d75b10-86b2-11e4-b0ed-60eb697c3512
 

Error: (12/18/2014 01:38:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/17/2014 05:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2014 11:26:30 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2014 11:18:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2014 04:28:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/11/2014 10:06:20 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/11/2014 09:46:18 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/10/2014 01:58:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (12/10/2014 01:33:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (12/18/2014 02:18:33 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 

Error: (12/18/2014 01:38:03 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: Der Name "DISECK-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.32

registriert werden. Der Computer mit IP-Adresse 192.168.178.21 hat nicht

zugelassen, dass dieser Computer diesen Namen verwendet.
 

Error: (12/18/2014 01:38:03 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: Der Name "DISECK-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.32

registriert werden. Der Computer mit IP-Adresse 192.168.178.21 hat nicht

zugelassen, dass dieser Computer diesen Namen verwendet.
 

Error: (12/18/2014 01:38:03 PM) (Source: Server) (EventID: 2505) (User: )

Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{73B31066-C41C-4DA6-94F8-0865E73280A4} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 

Error: (12/18/2014 01:37:56 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎17.‎12.‎2014 um 17:08:31 unerwartet heruntergefahren.
 

Error: (12/17/2014 05:07:44 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: Der Name "DISECK-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.32

registriert werden. Der Computer mit IP-Adresse 192.168.178.21 hat nicht

zugelassen, dass dieser Computer diesen Namen verwendet.
 

Error: (12/17/2014 05:07:44 PM) (Source: NetBT) (EventID: 4321) (User: )

Description: Der Name "DISECK-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.32

registriert werden. Der Computer mit IP-Adresse 192.168.178.21 hat nicht

zugelassen, dass dieser Computer diesen Namen verwendet.
 

Error: (12/17/2014 05:07:44 PM) (Source: Server) (EventID: 2505) (User: )

Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{73B31066-C41C-4DA6-94F8-0865E73280A4} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 

Error: (12/17/2014 05:07:36 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎16.‎12.‎2014 um 23:29:44 unerwartet heruntergefahren.
 

Error: (12/16/2014 11:25:55 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎16.‎12.‎2014 um 23:24:20 unerwartet heruntergefahren.
 
 

Microsoft Office Sessions:

=========================

Error: (12/18/2014 01:39:51 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: iexplore.exe11.0.9600.17496a3401d01abf86181a0017C:\Program Files\Internet Explorer\iexplore.exed5d75b10-86b2-11e4-b0ed-60eb697c3512
 

Error: (12/18/2014 01:38:13 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/17/2014 05:07:55 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2014 11:26:30 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2014 11:18:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/16/2014 04:28:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/11/2014 10:06:20 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/11/2014 09:46:18 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (12/10/2014 01:58:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005
 

Error: (12/10/2014 01:33:54 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz

Percentage of memory in use: 52%

Total physical RAM: 2042.93 MB

Available physical RAM: 966.66 MB

Total Pagefile: 4085.86 MB

Available Pagefile: 2740.43 MB

Total Virtual: 2047.88 MB

Available Virtual: 1921.52 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:138.94 GB) (Free:105.81 GB) NTFS

Drive d: () (Fixed) (Total:135.05 GB) (Free:107.05 GB) NTFS

Drive e: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Drive f: (KINGSTON) (Removable) (Total:29.26 GB) (Free:29.26 GB) FAT32
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E5598D59)

Partition 1: (Not Active) - (Size=24 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=138.9 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=135 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 29.3 GB) (Disk ID: 2F12F716)

Partition 1: (Active) - (Size=29.3 GB) - (Type=0C)
 

==================== End Of Log ============================

--- --- ---

AdwCleaner Logfile:

Code:

# AdwCleaner v4.105 - Bericht erstellt am 18/12/2014 um 16:41:10

# Aktualisiert 08/12/2014 von Xplode

# Database : 2014-12-16.1 [Live]

# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)

# Benutzername : diseck - DISECK-PC

# Gestartet von : C:\Users\diseck\Downloads\AdwCleaner_4.105.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17496
 
 

-\\ Google Chrome v41.0.2243.0
 
 

*************************
 

AdwCleaner[R0].txt - [1451 octets] - [18/12/2014 16:38:09]

AdwCleaner[S0].txt - [1372 octets] - [18/12/2014 16:41:10]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1432 octets] ##########

--- --- ---

[/CODE]

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Professional x86

Ran by diseck on 18.12.2014 at 16:47:32,43

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18.12.2014 at 16:50:34,36

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
 

Protection, 18.12.2014 16:56:53, SYSTEM, DISECK-PC, Protection, Malware Protection, Starting, 

Protection, 18.12.2014 16:56:53, SYSTEM, DISECK-PC, Protection, Malware Protection, Started, 

Protection, 18.12.2014 16:56:53, SYSTEM, DISECK-PC, Protection, Malicious Website Protection, Starting, 

Protection, 18.12.2014 16:57:02, SYSTEM, DISECK-PC, Protection, Malicious Website Protection, Started, 

Update, 18.12.2014 16:57:06, SYSTEM, DISECK-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 

Update, 18.12.2014 16:57:06, SYSTEM, DISECK-PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.14.1, 

Update, 18.12.2014 16:57:14, SYSTEM, DISECK-PC, Manual, Malware Database, 2014.11.20.6, 2014.12.18.3, 

Protection, 18.12.2014 16:57:14, SYSTEM, DISECK-PC, Protection, Refresh, Starting, 

Protection, 18.12.2014 16:57:14, SYSTEM, DISECK-PC, Protection, Malicious Website Protection, Stopping, 

Protection, 18.12.2014 16:57:15, SYSTEM, DISECK-PC, Protection, Malicious Website Protection, Stopped, 

Protection, 18.12.2014 16:57:21, SYSTEM, DISECK-PC, Protection, Refresh, Success, 

Protection, 18.12.2014 16:57:21, SYSTEM, DISECK-PC, Protection, Malicious Website Protection, Starting, 

Protection, 18.12.2014 16:57:21, SYSTEM, DISECK-PC, Protection, Malicious Website Protection, Started, 

Scan, 18.12.2014 17:09:49, SYSTEM, DISECK-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 12 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 0-Malwareerkennung, 
 

(end)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014

Ran by diseck (administrator) on DISECK-PC on 18-12-2014 17:15:10

Running from C:\Users\diseck\Downloads

Loaded Profile: diseck (Available profiles: diseck)

Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe

() C:\Program Files\Serviio\bin\ServiioService.exe

() C:\Program Files\Serviio\bin\ServiioService.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE

() C:\Program Files\Serviio\bin\ServiioConsole.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [484920 2009-07-20] (Conexant Systems, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1549608 2009-08-14] (Synaptics Incorporated)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)

HKU\S-1-5-21-2442715595-2237258959-3315423054-1000\...\Run: [EPSON SX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)

Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk

ShortcutTarget: AutoStarter.lnk -> C:\Users\diseck\AppData\Roaming\autostarter.exe (No File)

Startup: C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk

ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-2442715595-2237258959-3315423054-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\IPSFF [2014-11-12]

FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2014-12-18]
 

Chrome: 

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-12]

CHR Extension: (Google Drive) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-12]

CHR Extension: (YouTube) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-12]

CHR Extension: (Google-Suche) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-12]

CHR Extension: (Google Tabellen) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-12]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2014-12-10]

CHR Extension: (Google Wallet) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-12]

CHR Extension: (Google Mail) - C:\Users\diseck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-12]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-11-12]
 

========================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)

R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2014-03-18] () [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20141209.001\BHDrvx86.sys [1138392 2014-12-03] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)

R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-18] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-18] (Symantec Corporation)

R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20141217.001\IDSvix86.sys [479448 2014-12-05] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-18] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141217.035\NAVENG.SYS [95704 2014-12-08] (Symantec Corporation)

R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20141217.035\NAVEX15.SYS [1636696 2014-12-08] (Symantec Corporation)

R3 SRTSP; C:\Windows\system32\drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2014-08-26] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-08-26] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-11-12] (Symantec Corporation)

R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [63576 2014-08-26] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\system32\drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-08-26] (Symantec Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-18 17:14 - 2014-12-18 17:14 - 01113600 _____ (Farbar) C:\Users\diseck\Downloads\FRST.exe

2014-12-18 17:13 - 2014-12-18 17:13 - 00001546 _____ () C:\Users\diseck\Desktop\mbam.txt

2014-12-18 17:12 - 2014-12-18 17:12 - 00001546 _____ () C:\Users\diseck\Desktop\anti.txt

2014-12-18 16:56 - 2014-12-18 16:57 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-18 16:56 - 2014-12-18 16:56 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-18 16:56 - 2014-12-18 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-18 16:56 - 2014-12-18 16:56 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-18 16:56 - 2014-12-18 16:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-12-18 16:56 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-18 16:56 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-18 16:56 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-18 16:55 - 2014-12-18 16:55 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\diseck\Downloads\mbam-setup-2.0.4.1028.exe

2014-12-18 16:50 - 2014-12-18 16:50 - 00000626 _____ () C:\Users\diseck\Desktop\JRT.txt

2014-12-18 16:47 - 2014-12-18 16:47 - 00000000 ____D () C:\Windows\ERUNT

2014-12-18 16:46 - 2014-12-18 16:46 - 01707646 _____ (Thisisu) C:\Users\diseck\Downloads\JRT.exe

2014-12-18 16:38 - 2014-12-18 16:41 - 00000000 ____D () C:\AdwCleaner

2014-12-18 16:37 - 2014-12-18 16:37 - 02166272 _____ () C:\Users\diseck\Downloads\AdwCleaner_4.105.exe

2014-12-18 14:50 - 2014-12-18 14:50 - 00016567 _____ () C:\Users\diseck\Downloads\Addition.txt

2014-12-18 14:49 - 2014-12-18 17:15 - 00011454 _____ () C:\Users\diseck\Downloads\FRST.txt

2014-12-16 23:15 - 2014-12-16 23:15 - 00000000 ____D () C:\Windows\system32\appraiser

2014-12-16 19:29 - 2014-12-17 19:32 - 00063020 _____ () C:\OTL.Txt

2014-12-16 17:32 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2014-12-16 17:32 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2014-12-16 17:32 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2014-12-16 17:32 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2014-12-16 17:32 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2014-12-16 15:44 - 2014-12-18 17:15 - 00000000 ____D () C:\FRST

2014-12-11 01:20 - 2014-12-16 23:24 - 00000032 _____ () C:\Users\diseck\AppData\Roaming\url.txt

2014-12-10 14:35 - 2014-12-10 14:35 - 00000000 ____D () C:\Users\diseck\AppData\Local\PDF24

2014-12-10 14:34 - 2014-12-10 14:34 - 00001823 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk

2014-12-10 14:34 - 2014-12-10 14:34 - 00001803 _____ () C:\Users\Public\Desktop\PDF24 Fax.lnk

2014-12-10 14:34 - 2014-12-10 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

2014-12-10 14:34 - 2014-12-10 14:34 - 00000000 ____D () C:\Program Files\PDF24

2014-12-10 14:29 - 2014-12-10 14:32 - 16342352 _____ (Geek Software GmbH ) C:\Users\diseck\Downloads\pdf24-creator-6.9.2.exe

2014-12-10 14:04 - 2014-12-10 14:04 - 00015810 _____ () C:\Users\diseck\Downloads\Turmspringen_2014_TSP_2014_Licht_Stundenzettel (1).xlsx

2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieUserList

2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieSiteList

2014-12-10 13:37 - 2014-12-10 13:37 - 00000000 __SHD () C:\Users\diseck\AppData\Local\EmieBrowserModeList

2014-12-10 09:27 - 2014-12-10 09:27 - 00015810 _____ () C:\Users\diseck\Downloads\Turmspringen_2014_TSP_2014_Licht_Stundenzettel.xlsx

2014-12-10 08:52 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-12-10 08:52 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-12-10 08:52 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-12-10 08:52 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2014-12-10 08:52 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-12-10 08:52 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-12-10 08:52 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-12-10 08:52 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-12-10 08:52 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-12-10 08:52 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-12-10 08:52 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-12-10 08:52 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-12-10 08:52 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-12-10 08:52 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-12-10 08:52 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-12-10 08:52 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-12-10 08:52 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-10 08:52 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-12-10 08:52 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-12-10 08:52 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-12-10 08:52 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-12-10 08:52 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-12-10 08:52 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-12-10 08:52 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-12-10 08:52 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-12-10 08:52 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-12-10 08:52 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-12-10 08:52 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-12-10 08:52 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-12-10 08:52 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-12-10 08:52 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-12-10 08:52 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-12-10 08:52 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-12-10 08:52 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-12-10 08:52 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-12-10 08:52 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2014-12-10 08:51 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-12-04 23:47 - 2014-12-05 14:59 - 00000000 ____D () C:\Users\diseck\Documents\Daten Wichtig

2014-12-04 12:45 - 2014-12-04 12:45 - 00015192 _____ () C:\Users\diseck\Desktop\1.Januar 2013.ods

2014-12-04 12:11 - 2014-12-08 15:22 - 00000000 ____D () C:\Program Files\McAfee Security Scan

2014-12-04 12:11 - 2014-12-04 12:11 - 00000000 ____D () C:\ProgramData\McAfee

2014-12-04 12:10 - 2014-12-04 12:10 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-12-04 12:10 - 2014-12-04 12:10 - 00000000 ____D () C:\Program Files\Adobe

2014-12-04 12:09 - 2014-12-04 12:15 - 00000000 ____D () C:\ProgramData\Adobe

2014-12-04 12:08 - 2014-12-04 12:12 - 00000000 ____D () C:\Users\diseck\AppData\Local\Adobe

2014-12-02 18:03 - 2014-12-02 18:03 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\WinRAR

2014-11-25 00:52 - 2014-11-25 00:52 - 00000000 ____D () C:\Users\diseck\AppData\Local\CrashDumps

2014-11-23 17:37 - 2014-11-23 17:37 - 00011844 _____ () C:\Users\diseck\Downloads\Verpflegungsmehraufwand Mai 2014.xlsx

2014-11-23 14:28 - 2014-11-23 14:28 - 00000934 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-11-23 14:28 - 2014-11-23 14:28 - 00000000 ____D () C:\Program Files\epson

2014-11-23 14:28 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe

2014-11-23 14:28 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escdev.dll

2014-11-23 14:28 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\eswiaud.dll

2014-11-23 14:22 - 2014-11-23 14:23 - 12872704 _____ () C:\Users\diseck\Downloads\epson323810eu.exe

2014-11-22 22:43 - 2014-11-23 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2014-11-22 22:42 - 2008-08-08 02:09 - 00086528 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBFDE.DLL

2014-11-22 22:42 - 2007-12-07 02:01 - 00078848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BFDE.DLL

2014-11-22 22:42 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2014-11-22 22:41 - 2014-11-22 22:43 - 00000000 ____D () C:\ProgramData\EPSON

2014-11-22 22:40 - 2014-11-22 22:40 - 15605760 _____ () C:\Users\diseck\Downloads\epson323813eu.exe

2014-11-22 22:36 - 2014-11-22 22:36 - 00012615 _____ () C:\Users\diseck\Desktop\Unbenannt 1.odt

2014-11-19 12:24 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-19 12:24 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-18 22:28 - 2014-12-09 20:15 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\vlc

2014-11-18 22:28 - 2014-11-18 22:28 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2014-11-18 22:28 - 2014-11-18 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-11-18 22:27 - 2014-11-18 22:27 - 00000000 ____D () C:\Program Files\VideoLAN

2014-11-18 22:26 - 2014-11-18 22:27 - 24743106 _____ () C:\Users\diseck\Downloads\vlc-2.1.5-win32.exe

2014-11-18 12:45 - 2014-11-18 12:45 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-11-18 12:45 - 2014-11-18 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2014-11-18 12:45 - 2014-11-18 12:45 - 00000000 ____D () C:\Program Files\WinRAR

2014-11-18 12:44 - 2014-11-18 12:44 - 01857192 _____ () C:\Users\diseck\Downloads\wrar511d.exe

2014-11-18 12:31 - 2014-12-11 01:20 - 00000000 ____D () C:\Users\diseck\Documents\UseNeXT

2014-11-18 12:31 - 2014-12-11 01:19 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\UseNeXT

2014-11-18 12:31 - 2014-12-09 01:00 - 00000000 ____D () C:\Program Files\UseNeXT

2014-11-18 12:31 - 2014-11-21 11:28 - 00001807 _____ () C:\Users\diseck\Desktop\UseNeXT by Tangysoft.lnk

2014-11-18 12:31 - 2014-11-21 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT

2014-11-18 12:31 - 2014-11-18 12:31 - 00064024 _____ () C:\Users\diseck\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-18 12:30 - 2014-11-18 12:30 - 05274000 _____ (Tangysoft Ltd. ) C:\Users\diseck\Downloads\UseNeXTSetup_5.63.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-18 17:03 - 2014-11-12 18:41 - 01637820 _____ () C:\Windows\WindowsUpdate.log

2014-12-18 16:43 - 2014-11-12 22:19 - 00000110 _____ () C:\.dir

2014-12-18 16:43 - 2014-11-12 22:10 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-18 16:43 - 2009-07-14 05:34 - 00027248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-18 16:43 - 2009-07-14 05:34 - 00027248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-18 16:42 - 2010-11-20 22:48 - 00010086 _____ () C:\Windows\PFRO.log

2014-12-18 16:42 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-18 16:42 - 2009-07-14 05:39 - 00032393 _____ () C:\Windows\setupact.log

2014-12-18 16:41 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

2014-12-18 16:36 - 2014-11-12 22:10 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-16 23:15 - 2014-11-15 14:14 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-12-16 23:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat

2014-12-16 16:32 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-16 16:27 - 2014-11-12 18:49 - 00000000 ____D () C:\Users\diseck

2014-12-15 01:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration

2014-12-10 08:55 - 2014-11-12 22:10 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-08 15:22 - 2014-11-12 21:01 - 00000000 ____D () C:\ProgramData\Norton

2014-12-08 15:22 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-12-08 15:20 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2014-12-04 12:17 - 2014-11-17 09:45 - 00000000 ____D () C:\Users\diseck\AppData\Roaming\Adobe

2014-11-25 00:52 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries

2014-11-24 23:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-23 14:28 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32

2014-11-19 12:18 - 2009-07-14 05:33 - 00286616 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-18 15:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
 

Some content of TEMP:

====================

C:\Users\diseck\AppData\Local\Temp\i4jdel0.exe

C:\Users\diseck\AppData\Local\Temp\Quarantine.exe

C:\Users\diseck\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-12-05 02:24
 

==================== End Of Log ============================

--- --- ---

--- --- ---