Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   neuer Befall oder doch noch alt? (https://www.trojaner-board.de/165562-neuer-befall-noch-alt.html)

egi1610 28.03.2015 10:07
neuer Befall oder doch noch alt?
 
Hallo,
habe mal wieder routine mäßig den ESET über mein System laufen lassen und dabei folgende Einträge gefunden:

Esetlog:
Code:
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Local\Temp\0043eed2.exe        Variante von MSIL/Injector.IMD Trojaner
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\BrokerInfrastructure.exe        MSIL/Agent.QFC Trojaner
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\LookupSvi.exe        Variante von MSIL/Agent.QBE Trojaner
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\secdrv.exe        Variante von MSIL/Injector.HAB Trojaner
bitte erneut um Eure Hilfe bzw die Frage ob es nicht vernünftiger ist, den Rechner komplett neu aufzusetzen...

Greats

EGI

deeprybka 28.03.2015 11:32
Hi,
Beim letzten ESET-Scan waren die nicht da. Schauen wir mal wo es herkommt.

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

egi1610 28.03.2015 16:07
Hallo Jürgen,
danke für Deine Hilfe,

anbei FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by ich (administrator) on ICH-PC on 28-03-2015 16:02:52
Running from C:\Users\ich\Downloads
Loaded Profiles: ich (Available profiles: ich)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Akamai Technologies, Inc.) C:\Users\ich\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Akamai Technologies, Inc.) C:\Users\ich\AppData\Local\Akamai\netsession_win.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(Razer USA Ltd.) C:\Program Files (x86)\n52te\razerhid.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297624 2015-02-06] (COMODO)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [Jomantha] => C:\Program Files (x86)\n52te\razerhid.exe [163840 2008-04-09] (Razer USA Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\Run: [Akamai NetSession Interface] => C:\Users\ich\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-02-19] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-02-14] (SlySoft, Inc.)
HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\RunOnce: [Adobe Speed Launcher] => 1427554684
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-02-19] (Garmin Ltd or its subsidiaries)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll (SmartSoft Ltd.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-711161388-283650032-2311018211-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-711161388-283650032-2311018211-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-711161388-283650032-2311018211-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-711161388-283650032-2311018211-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-10] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-10] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15]
CHR Extension: (Google Drive) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-15]
CHR Extension: (YouTube) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-15]
CHR Extension: (Google Search) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-15]
CHR Extension: (Gmail) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-05-24] (Advanced Micro Devices, Inc.) [File not signed]
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-25] (Comodo Security Solutions, Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2015-02-06] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2015-02-06] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-27] (Comodo Security Solutions, Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2015-02-19] (Garmin Ltd or its subsidiaries)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-09] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-09] (Malwarebytes Corporation)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2015-03-14] (Robert McNeel & Associates)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 FastUserSwitchingCompatibility; C:\Windows\installer\AMDEx2.msi [X]
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{CED577F6-63AF-4536-9043-0383D1FC3A40}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-01-30] (COMODO)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
S3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-16] (SlySoft, Inc.)
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-01-30] (COMODO)
S3 JmtFltr; C:\Windows\System32\drivers\JmtFltr.sys [46464 2007-09-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-02-09] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-02-09] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft)
R3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [13952 2007-09-29] (Windows (R) Codename Longhorn DDK provider)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 V2iMount; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 16:02 - 2015-03-28 16:03 - 00020797 _____ () C:\Users\ich\Downloads\FRST.txt
2015-03-28 16:02 - 2015-03-28 16:02 - 02095616 _____ (Farbar) C:\Users\ich\Downloads\FRST64.exe
2015-03-28 16:02 - 2015-03-28 16:02 - 00000000 ____D () C:\FRST
2015-03-28 07:22 - 2015-03-28 07:22 - 02347384 _____ (ESET) C:\Users\ich\Downloads\esetsmartinstaller_deu.exe
2015-03-15 00:15 - 2015-03-15 00:15 - 00023668 _____ () C:\ComboFix.txt
2015-03-14 23:48 - 2015-03-14 23:42 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00098816 _____ () C:\Windows\sed.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00080412 _____ () C:\Windows\grep.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00068096 _____ () C:\Windows\zip.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-14 23:46 - 2015-03-15 00:16 - 00000000 ____D () C:\Qoobox
2015-03-14 23:46 - 2015-03-14 23:48 - 00002651 _____ () C:\DelFix.txt
2015-03-14 22:59 - 2015-03-14 22:59 - 02582057 _____ () C:\Users\ich\Downloads\Rudersterne STL_ Rev_00 (1).stl
2015-03-14 22:51 - 2015-03-14 22:52 - 06752638 _____ () C:\Users\ich\Downloads\Rudersterne STL_ Rev_00.stl
2015-03-14 21:41 - 2015-03-14 21:41 - 00177103 _____ () C:\Users\ich\Downloads\Profil.3dm
2015-03-14 21:39 - 2015-03-14 21:39 - 00003110 _____ () C:\Windows\System32\Tasks\{18477C70-B532-43BC-8D7E-63C418A6A93F}
2015-03-14 20:43 - 2015-03-14 20:43 - 00001347 _____ () C:\Users\ich\Downloads\j5012.txt
2015-03-13 16:43 - 2015-03-13 16:43 - 00149297 _____ () C:\Users\ich\Documents\The Walking Dead - S05E04 - Slabtown - mkv - by Videomann.XtoDVD
2015-03-11 16:04 - 2015-03-11 16:04 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 16:04 - 2015-03-11 16:04 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 16:03 - 2015-03-11 16:03 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 16:03 - 2015-03-11 16:03 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 16:03 - 2015-03-11 16:03 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 16:03 - 2015-03-11 16:03 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 16:03 - 2015-03-11 16:03 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 16:03 - 2015-03-11 16:03 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 16:03 - 2015-03-11 16:03 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 16:03 - 2015-03-11 16:03 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 16:03 - 2015-03-11 16:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 16:03 - 2015-03-11 16:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 16:03 - 2015-03-11 16:03 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 16:02 - 2015-03-11 16:02 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 16:02 - 2015-03-11 16:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 16:02 - 2015-03-11 16:02 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 16:02 - 2015-03-11 16:02 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 16:02 - 2015-03-11 16:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 16:02 - 2015-03-11 16:02 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-03-11 16:02 - 2015-03-11 16:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-03-11 16:02 - 2015-03-11 16:02 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 16:02 - 2015-03-11 16:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 16:02 - 2015-03-11 16:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 16:02 - 2015-03-11 16:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 16:02 - 2015-03-11 16:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 16:02 - 2015-03-11 16:02 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 16:02 - 2015-02-23 10:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 16:02 - 2015-02-23 09:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 16:02 - 2015-02-21 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 16:02 - 2015-02-21 05:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-11 15:55 - 2015-03-11 15:55 - 01589864 _____ () C:\Users\ich\Downloads\jrk-windows-121204 (1).zip.v3ylorg.partial
2015-03-04 07:43 - 2015-03-04 07:43 - 00000962 _____ () C:\Users\ich\Downloads\VM.rdp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-28 16:02 - 2014-12-13 00:11 - 00466448 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-03-28 16:02 - 2009-07-14 11:57 - 00832238 _____ () C:\Windows\system32\perfh007.dat
2015-03-28 16:02 - 2009-07-14 11:57 - 00192274 _____ () C:\Windows\system32\perfc007.dat
2015-03-28 16:02 - 2009-07-14 06:13 - 01813574 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 16:01 - 2012-04-26 16:05 - 01498076 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 15:58 - 2014-05-15 12:29 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-28 15:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 15:58 - 2009-07-14 05:51 - 00103960 _____ () C:\Windows\setupact.log
2015-03-28 10:31 - 2012-04-26 16:14 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2015-03-28 10:23 - 2014-05-15 12:29 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-28 07:31 - 2012-04-27 22:36 - 00000000 ____D () C:\Users\ich\AppData\Local\Adobe
2015-03-28 07:29 - 2009-07-14 05:45 - 00017184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 07:29 - 2009-07-14 05:45 - 00017184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 07:21 - 2015-02-09 23:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-28 07:21 - 2014-10-12 12:17 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Dropbox
2015-03-23 23:51 - 2012-04-27 22:33 - 00000000 ____D () C:\Users\ich\AppData\Roaming\vlc
2015-03-23 23:24 - 2014-05-15 12:29 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-23 23:11 - 2013-04-24 09:13 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-03-23 23:10 - 2012-04-26 17:06 - 00000000 ____D () C:\Users\ich\AppData\Roaming\UseNeXT
2015-03-18 00:14 - 2014-04-09 20:24 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Skype
2015-03-17 23:31 - 2014-08-24 07:21 - 00000000 ____D () C:\Users\ich\Documents\modellbau
2015-03-15 00:08 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-15 00:07 - 2015-02-09 18:54 - 00000000 ____D () C:\Windows\erdnt
2015-03-15 00:07 - 2012-05-06 16:59 - 00025148 _____ () C:\Windows\PFRO.log
2015-03-14 23:42 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-03-14 23:32 - 2013-12-02 19:10 - 00001082 _____ () C:\Users\Public\Desktop\Rhinoceros 5 (64-bit).lnk
2015-03-14 23:32 - 2013-12-02 19:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 5
2015-03-14 21:40 - 2013-12-02 19:10 - 00001028 _____ () C:\Users\Public\Desktop\Rhinoceros 5.lnk
2015-03-14 20:39 - 2013-12-14 21:22 - 00000500 _____ () C:\Windows\SysWOW64\Drivers\iczgzv_465.set
2015-03-14 20:39 - 2013-12-14 21:22 - 00000500 _____ () C:\Windows\SysWOW64\Drivers\deqordi208.dat
2015-03-14 20:39 - 2013-12-14 21:22 - 00000500 _____ () C:\Windows\d_kenkpm182.ini
2015-03-13 18:01 - 2012-06-14 15:23 - 00000000 ____D () C:\Users\ich\Documents\ConvertXToDVD
2015-03-13 16:43 - 2012-06-14 15:21 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Vso
2015-03-13 15:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 15:25 - 2014-09-27 07:54 - 00000000 ____D () C:\ProgramData\VSO
2015-03-11 16:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 16:36 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-11 16:36 - 2009-07-14 05:45 - 05035456 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 16:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 16:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 16:08 - 2013-08-17 18:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 16:05 - 2012-04-26 16:57 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:54 - 2014-10-12 12:18 - 00000973 _____ () C:\Users\ich\Desktop\Dropbox.lnk
2015-03-11 15:54 - 2014-10-12 12:17 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2014-09-25 22:36 - 2014-09-25 23:09 - 0000086 _____ () C:\Users\ich\AppData\Roaming\2014_09_22_XX
2012-12-09 15:36 - 2012-12-09 15:36 - 0000156 _____ () C:\Users\ich\AppData\Roaming\ff.xml
2012-12-09 15:36 - 2013-01-30 12:01 - 0000194 _____ () C:\Users\ich\AppData\Roaming\opera.xml
2014-09-27 07:54 - 2014-09-27 07:54 - 0007859 _____ () C:\Users\ich\AppData\Roaming\pcouffin.cat
2014-09-27 07:54 - 2014-09-27 07:54 - 0001167 _____ () C:\Users\ich\AppData\Roaming\pcouffin.inf
2014-09-27 07:54 - 2014-09-27 07:54 - 0000055 _____ () C:\Users\ich\AppData\Roaming\pcouffin.log
2014-09-27 07:54 - 2014-09-27 07:54 - 0082816 _____ (VSO Software) C:\Users\ich\AppData\Roaming\pcouffin.sys
2014-01-13 22:51 - 2014-01-13 22:51 - 0118534 _____ () C:\Users\ich\AppData\Local\ars.cache
2014-01-13 22:51 - 2014-01-13 22:51 - 0176943 _____ () C:\Users\ich\AppData\Local\census.cache
2014-01-13 22:34 - 2014-01-13 22:34 - 0000036 _____ () C:\Users\ich\AppData\Local\housecall.guid.cache
2015-02-08 20:45 - 2015-02-12 22:24 - 0007602 _____ () C:\Users\ich\AppData\Local\resmon.resmoncfg
2012-04-27 22:21 - 2015-01-14 20:33 - 0000124 ___SH () C:\ProgramData\.zreglib
2014-04-07 08:46 - 2014-04-07 08:46 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\ich\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpawcppr.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-15 00:45

==================== End Of Log ============================
--- --- ---


und addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by ich at 2015-03-28 16:03:27
Running from C:\Users\ich\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: 10.0.19 - 3Dconnexion)
ac72 (HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\ac72) (Version:  - )
AC72 A (HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\AC72 A) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.7.0 - SlySoft)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
avi.NET 3.5.1.0 (HKLM-x32\...\avi.NET 3.5.1.0) (Version:  - )
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ClipGrab 3.4.8 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
CloneCD (HKLM-x32\...\CloneCD) (Version:  - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security (HKLM\...\{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}) (Version: 5.10.31649.2253 - COMODO Security Solutions Inc.)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}) (Version: 15.1.0.588 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.1.588 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.1.588 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.1 - Corel Corporation) Hidden
CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.1.0.588 - Corel Corporation)
DATA BECKER - Die große CD-Druckerei (HKLM-x32\...\DATA BECKER - Die große CD-Druckerei) (Version:  - )
Dropbox (HKU\S-1-5-21-711161388-283650032-2311018211-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.24.430 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
GeekBuddy (HKLM-x32\...\{79B9250E-3714-4877-A2B0-D6C1E93E471A}) (Version: 4.18.121 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HydraVision (x32 Version: 4.2.206.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.62.0 - JMicron Technology Corp.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
KONICA MINOLTA magicolor 1690MF (HKLM\...\KONICA MINOLTA magicolor 1690MF) (Version:  - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{EE79A8D3-6676-41FF-967C-242017CEC0F2}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (x32 Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{838A0DDB-239D-4668-94E7-7E8AC329D1C4}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MetaTrader - ActivTrades (HKLM-x32\...\MetaTrader - ActivTrades) (Version: 4.00 - MetaQuotes Software Corp.)
MetaTrader 4 at FOREX.com (HKLM-x32\...\MetaTrader 4 at FOREX.com) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
n52te Editor (HKLM-x32\...\{0AC8162B-5175-41D7-B963-8307A40BD456}) (Version: 1.2 - Razer USA Ltd.)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
NVIDIA 3D Vision Video Player (HKLM-x32\...\{244FB715-13C4-4C85-BEB6-6C1ABB29D8B1}) (Version: 1.7.5 - NVIDIA Corporation)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Pololu Jrk USB Motor Controller with Feedback (HKLM-x32\...\{1BA94413-B303-4506-B55D-0638208A4DAE}) (Version: 1.3.0 - Pololu)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.2.5.0108 - QNAP Systems, Inc.)
Rhinoceros 5 (64-bit) (HKLM\...\{37C85F21-DC21-4CBC-A09A-DFC664B8B996}) (Version: 5.11.50226.17195 - Robert McNeel & Associates)
Rhinoceros 5 (HKLM-x32\...\{03512755-59DA-44D7-8750-BE5DEA68CF52}) (Version: 5.11.50226.17195 - Robert McNeel & Associates)
Rhinoceros 5 Help Media (HKLM-x32\...\{60CEB140-F864-4994-8506-904A517A3310}) (Version: 5.2.30222.18095 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (de-DE) (HKLM-x32\...\{1EAAC8A6-66B7-44C4-97AB-31936CCC2831}) (Version: 5.2.30227.18515 - Robert McNeel & Associates)
Rhinoceros 5 Language Pack Installer (en-US) (HKLM-x32\...\{1C08E7B1-D5A8-4BED-ACEB-0219C36C4CAF}) (Version: 5.5.30717.16015 - Robert McNeel & Associates)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Scientific WorkPlace 5.0 (HKLM-x32\...\{DA6B13CF-A177-42DF-B416-A1EFDD8E7693}) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{08C100ED-2D39-4B6E-8821-3F06B99C477C}) (Version: 6.0.2068.0 - SmartSoft Ltd.)
SmartFTP Client German (Germany) MUI (HKLM\...\{4A29ACD2-84DE-4A6D-9F17-6373AA7BBFA2}) (Version: 6.0.2068.0 - SmartSoft Ltd.)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 4.0.0.0 - Stellar Information Systems Ltd)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.0 - Tweaking.com)
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600211) (Version: 1 - Microsoft Corporation)
Update 4.0.3 for Microsoft .NET Framework 4 Extended (KB2600211) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600211) (Version: 1 - Microsoft Corporation)
USB PnP Sound Device (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vsk5 - patch1 (HKLM-x32\...\Vsk5_is1) (Version:  - Nadeo)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.2.0.22 - VSO Software)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinX DVD Ripper 5.5.12 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.0.5.16057 - Blizzard Entertainment)
WorldUnlock Codes Calculator (HKLM-x32\...\WorldUnlock Codes Calculator) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-711161388-283650032-2311018211-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ich\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

14-03-2015 23:46:39 Ende der Bereinigung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-03-15 00:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16AD27A3-A8B9-429F-80CD-7ADAE599CF7C} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {181DDCC2-A67F-47ED-B462-65AD0590C3EA} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-06] (COMODO)
Task: {50EAEE27-21F2-400B-BD1D-84F1186C9E8F} - System32\Tasks\{18477C70-B532-43BC-8D7E-63C418A6A93F} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/de/go/help.faq.installer?LastError=1618
Task: {7AA9D4FA-45B1-48CF-938A-F1AE69025F0E} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-06] (COMODO)
Task: {7C17F369-5475-43DA-BAD3-467DEF744D32} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-06] (COMODO)
Task: {823F4E8D-FF6A-4704-B7DE-4743E5F24C01} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {A14655A7-441B-47A6-AAEF-DFDDB08CF84B} - System32\Tasks\AdobeAAMUpdater-1.0-ich-PC-ich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {A15C8AF1-6244-44B5-BFDD-7D38D4DD3EF2} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-01-14] ()
Task: {B69D380A-810E-49B2-80D5-CECB49892678} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {EBE85128-5FBC-474B-90C2-48E3FB5363D1} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-06] (COMODO)
Task: {EC969639-8CE3-4407-82C1-0D14A3683F8B} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-02-19] ()
Task: {EDB1C06F-9488-4A18-BE43-5F6D2E0CED3B} - System32\Tasks\{40B90F7A-871D-46F7-9781-642C6E2A1982} => pcalua.exe -a C:\Users\ich\AppData\Local\Temp\Temp1_VIA_Audio_DriverV6018100_XPvista7.zip\Audio\AsusSetup.exe
Task: {F8EB744D-6DD0-4538-B87E-B791EBDB09AC} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-06] (COMODO)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-11 18:48 - 2015-01-14 21:10 - 01739952 _____ () C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
2011-05-24 22:18 - 2011-05-24 22:18 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-03-14 13:20 - 2011-03-14 13:20 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-14 13:20 - 2011-03-14 13:20 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2011-05-24 22:50 - 2011-05-24 22:50 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-30 01:51 - 2015-02-14 13:29 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2011-12-19 17:59 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-09-14 18:00 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung SSD Magician\SAMSUNG_SSD.dll
2015-03-23 23:24 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-23 23:24 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-23 23:24 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-23 23:24 - 2015-03-14 11:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\grep.exe:$CmdTcID
AlternateDataStreams: C:\Windows\MBR.exe:$CmdTcID
AlternateDataStreams: C:\Windows\NIRCMD.exe:$CmdTcID
AlternateDataStreams: C:\Windows\PEV.exe:$CmdTcID
AlternateDataStreams: C:\Windows\sed.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWREG.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWSC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SWXCACLS.exe:$CmdTcID
AlternateDataStreams: C:\Windows\zip.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegisterIEPKEYs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iesysprep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\RegisterIEPKEYs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Program Files\Common Files\System:tCPMPaly2ApBJsJQpTebTuZA
AlternateDataStreams: C:\ProgramData\Microsoft:hrBn6kAGDs0KqiCN0hFBOeRTpM46
AlternateDataStreams: C:\ProgramData\Microsoft:Y5qYE5j2HE9BvdnochLyKhxzfs
AlternateDataStreams: C:\Users\ich\Desktop\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Desktop\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Desktop\tweaking.com_windows_repair_aio_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Desktop\tweaking.com_windows_repair_aio_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\300-4525-wwtopo_install.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\60Sec Sun Indicator.ex4:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\AS5048A,B.pdf:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Austriamicrosystems-AS5048A-AB-1.0-datasheet.pdf:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\AÖSMV-Urkunde-Allg2014.cdr:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Bibi & Tina - Der Film - Cover.jpg:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Chantika v7 (1).ex4:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Chantika v7.ex4:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\clipgrab-3.4.8.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\clipgrab-3.4.8.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\esetsmartinstaller_deu.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\esetsmartinstaller_deu.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\GarminExpress (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\GarminExpress (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Instalador Mapear V11.4 - GPS.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\Instalador Mapear V11.4 - GPS.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\InstallMyDriveConnect.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\InstallMyDriveConnect.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\j5012.txt:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\jrk-windows-121204 (1).zip.v3ylorg.partial:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\Kontoauszug_easybank_AT251420020001968395_2015_007.pdf:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Kontoauszug_easybank_AT251420020001968395_2015_008.pdf:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Kontoauszug_easybank_AT331420020010121974_2014_006.pdf:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\MULTIFlight_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\MULTIFlight_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\NEuralNetworks in Forex.pdf:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\OhRACLE03.zip:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\osm_generic_gmapsupp (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Profil.3dm:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\QNAPQfinderWindows-4.2.5.0108.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\QNAPQfinderWindows-4.2.5.0108.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Rudersterne STL_ Rev_00 (1).stl:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Rudersterne STL_ Rev_00.stl:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Schaltplan Ardufoiler4 (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Schaltplan Ardufoiler4.pdf:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\SetupAnyDVD7540.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\SetupAnyDVD7540.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\SetupAnyDVD7570.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\SetupAnyDVD7570.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Sicherungskopie_von_AÖSMV-UrkundeEhren2015Pichling.cdr:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\SixtySecondTrades.ex4:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\SuperEMA_CrossNoStop.mq4:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\tweaking.com_windows_repair_aio_setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\ich\Downloads\tweaking.com_windows_repair_aio_setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\VM.rdp:$CmdZnID
AlternateDataStreams: C:\Users\ich\Downloads\Wiring diagram Ardufoiler Rev01.pdf:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-711161388-283650032-2311018211-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ich\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 195.34.133.21 - 212.186.211.21

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-711161388-283650032-2311018211-500 - Administrator - Disabled)
Gast (S-1-5-21-711161388-283650032-2311018211-501 - Limited - Disabled)
ich (S-1-5-21-711161388-283650032-2311018211-1000 - Administrator - Enabled) => C:\Users\ich

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2015 07:25:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/28/2015 07:24:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/15/2015 00:47:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/13/2015 03:49:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/04/2015 09:21:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/14/2015 01:27:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/14/2015 01:17:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/14/2015 01:17:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/14/2015 00:50:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/14/2015 00:27:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/28/2015 04:00:08 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (03/28/2015 04:00:07 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (03/28/2015 04:00:06 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (03/28/2015 04:00:05 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (03/28/2015 04:00:03 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (03/28/2015 03:59:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (03/28/2015 03:58:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
CFRMD

Error: (03/28/2015 03:58:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "AMD External Events Utility .NET." wurde mit folgendem Fehler beendet:
%%126

Error: (03/28/2015 10:31:44 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (03/28/2015 10:31:43 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004


Microsoft Office Sessions:
=========================
Error: (03/28/2015 07:25:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ich\Downloads\esetsmartinstaller_deu.exe

Error: (03/28/2015 07:24:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ich\Downloads\esetsmartinstaller_deu.exe

Error: (03/15/2015 00:47:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/13/2015 03:49:50 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/04/2015 09:21:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/14/2015 01:27:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ich\Desktop\esetsmartinstaller_deu.exe

Error: (02/14/2015 01:17:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/14/2015 01:17:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (02/14/2015 00:50:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (02/14/2015 00:27:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ich\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-03-15 00:05:33.323
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-15 00:05:33.269
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-15 00:05:33.217
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-03-15 00:05:33.164
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-09 19:02:35.513
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-02-09 19:02:35.341
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1090T Processor
Percentage of memory in use: 45%
Total physical RAM: 4094.16 MB
Available physical RAM: 2224.41 MB
Total Pagefile: 4292.35 MB
Available Pagefile: 1821.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:148.49 GB) NTFS
Drive d: (2TB) (Fixed) (Total:1863.01 GB) (Free:104.03 GB) NTFS
Drive j: () (Fixed) (Total:465.75 GB) (Free:53.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 1F2AFC99)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C496320C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: AB8DAB8D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
lG,
EGI

deeprybka 28.03.2015 16:23
Ich schon wieder gell...:D

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...frstsearch.png
  • Gib in das Search-Feld: ein.
    BrokerInfrastructure.exe;LookupSvi.exe;secdrv.exe;0043eed2.exe
  • Klicke auf den Search Files Button.
  • Bitte poste die erstellte Search.txt - Datei in Deiner nächsten Antwort.

egi1610 28.03.2015 16:31
hui Du bist ja fix :)

anbei die search log datei:
Code:
Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by ich at 2015-03-28 16:30:16
Running from C:\Users\ich\Downloads
Boot Mode: Normal

================== Search Files: "BrokerInfrastructure.exe;LookupSvi.exe;secdrv.exe;0043eed2.exe" =============

C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\BrokerInfrastructure.exe
[2015-03-13 16:35][2015-03-13 16:35] 0012288 ____A (Martin Prikryl) C2054CEDFCB281D110CC4C7D4745CAC8

C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\LookupSvi.exe
[2015-03-13 16:35][2015-03-13 16:35] 0007168 ____A () 445D68E1678BAFAB128CDF043188DD8A

C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\secdrv.exe
[2015-03-13 16:35][2015-03-13 16:34] 24117248 ____N (Mozilla Corporation) 2012930EF624CA1FA3DC6102874ACB57

C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Local\Temp\0043eed2.exe
[2015-03-13 16:35][2015-03-13 16:35] 0292864 __ASH (SecureTeam Software Ltd.) 2527ECE7DE08985C6A7230206A46346B

====== End Of Search ======

deeprybka 28.03.2015 17:01
Zitat:
Zitat von egi1610 (Beitrag 1447836)
hui Du bist ja fix :)

Code:

C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\BrokerInfrastructure.exe
[2015-03-13 16:35][2015-03-13 16:35] 0012288 ____A (Martin Prikryl) C2054CEDFCB281D110CC4C7D4745CAC8
https://www.virustotal.com/de/file/2...2b5f/analysis/

C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\LookupSvi.exe
[2015-03-13 16:35][2015-03-13 16:35] 0007168 ____A () 445D68E1678BAFAB128CDF043188DD8A
https://www.virustotal.com/de/file/d...8658/analysis/


C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\secdrv.exe
[2015-03-13 16:35][2015-03-13 16:34] 24117248 ____N (Mozilla Corporation) 2012930EF624CA1FA3DC6102874ACB57

C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Local\Temp\0043eed2.exe
[2015-03-13 16:35][2015-03-13 16:35] 0292864 __ASH (SecureTeam Software Ltd.) 2527ECE7DE08985C6A7230206A46346B

====== End Of Search ======
Klar. :D

Hab mal paar Virustotal-Links hinzugefügt. Auch wenn es ein anderer Dateiname ist, es handelt sich dabei um die gleichen Hashwerte.

Das ist ja auch jetzt ein anderer PC, als der mit der DHL-Sache. Den hatte ich ja garnicht, sondern der schraubi. :crazy:

Naja, wenn ein User sein "Verhalten" nicht ändert, dann wird der PC immer verseucht werden. Da kannst neuinstallieren soviel Du willst. Es gibt keine sauberen Cracks. Auch wenn die Scanner "jetzt" nichts finden.
Die Dateien wurden ja auch erst einen Monat erstellt, nachdem Du hier fertig warst.

Ich würde jetzt die Dateien löschen lassen und regelmäßige Scans mit Malwarebytes und ESET machen.

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-711161388-283650032-2311018211-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\BrokerInfrastructure.exe
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\LookupSvi.exe
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Local\Temp\0043eed2.exe
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\secdrv.exe
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

egi1610 28.03.2015 17:19
Hi Jürgen,
danke für Deine Hilfe.
Das wundert mich, wie konnte die neu-Infektion entstehen?

ich hab nix mehr runtergeladen oder falsch geklickt und auch keine keygens oder cracks genutzt!

Anbei die Fixlistlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by ich at 2015-03-28 17:11:47 Run:1
Running from C:\Users\ich\Downloads
Loaded Profiles: ich (Available profiles: ich)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-711161388-283650032-2311018211-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\BrokerInfrastructure.exe
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\LookupSvi.exe
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Local\Temp\0043eed2.exe
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\secdrv.exe
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-711161388-283650032-2311018211-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\BrokerInfrastructure.exe => Moved successfully.
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\LookupSvi.exe => Moved successfully.
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Local\Temp\0043eed2.exe => Moved successfully.
C:\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\secdrv.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog 17:11:47 ====
Rechner hat nach dem Fixlist neu gestartet. lG
EGI

deeprybka 28.03.2015 17:23
Wie gesagt, mach halt Kontrollscans.

egi1610 28.03.2015 17:41
Jürgen,
danke!

ermeuter eset scan läuft noch, zeigt aber die selben 4 im Moment schon, soll ich dann gleich wieder ein FRST scan laufen lassen?

lG,
EGI

deeprybka 28.03.2015 17:43
Warte mal ab, wäre ja kein Wunder wenn er die in der FRST-Quarantäne findet. ;)

egi1610 29.03.2015 13:26
Hi Jürgen,
hast recht gehabt.
Anbei das Log:

Code:
C:\FRST\Quarantine\C\VTRoot\HarddiskVolume2\Users\ich\AppData\Local\Temp\0043eed2.exe.xBAD        Variante von MSIL/Injector.IMD Trojaner
C:\FRST\Quarantine\C\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\BrokerInfrastructure.exe.xBAD        MSIL/Agent.QFC Trojaner
C:\FRST\Quarantine\C\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\LookupSvi.exe.xBAD        Variante von MSIL/Agent.QBE Trojaner
C:\FRST\Quarantine\C\VTRoot\HarddiskVolume2\Users\ich\AppData\Roaming\Microsoft\secdrv.exe.xBAD        Variante von MSIL/Injector.HAB Trojaner
Kann man erklären woher der neue Befall kommt?
bzw wie geht es weiter?
Danke Dir!

lG,
EGI

deeprybka 29.03.2015 13:53
Zitat:
Kann man erklären woher der neue Befall kommt?
Diese Datei wurde paar Minuten danach erstellt. Vermutlich hat das was mit dem Download zu tun.
Code:
2015-03-13 16:43 - 2015-03-13 16:43 - 00149297 _____ () C:\Users\ich\Documents\The Walking Dead - S05E04 - Slabtown - mkv - by Videomann.XtoDVD
Relevant ist nur aktive Malware. Und da wurde ja nichts weiter gefunden.

egi1610 29.03.2015 14:11
Hi Jürgen,

ok, das würde bedeuten, daß das Programm ConvertXtoDVD verseucht ist.
Ich habe zu diesem Zeitpunkt ein paar Folgen Walking Dead auf DVD gebrannt (avi files in DVD converted)
Ich werde dieses Programm auch sicherheitshalber löschen! Das war eine testware (30Tage free)

wie kann ich bösen Dateien aus der Quarantäne killen?

DANKE für all Euer Bemühen!

lG,
EGI

deeprybka 29.03.2015 14:30
Zitat:
Zitat von egi1610 (Beitrag 1448169)
ok, das würde bedeuten, daß das Programm ConvertXtoDVD verseucht ist.
Das habe ich nicht gesagt. Ich habe nur den Hinweis gegeben, dass an diesem Tag diese Dateien entstanden sind. (Wenn wir mal annehmen, dass das Datum stimmt.)

Zitat:
wie kann ich bösen Dateien aus der Quarantäne killen?
Mit dem gleichen cleanup welches Dir schrauber damals gepostet hat. (Delfix usw.)

Zitat:
Zitat von egi1610 (Beitrag 1441385)
Hi Schrauber,
sorry die späte Rückmeldung! Alles getan, alles erledigt, keine weiteren Fragen, danke danke danke!

Thread kann aus Deinen Abos raus!

so long EGI
Warum hast Du eigentlich combofix ausgeführt?
Code:
2015-03-15 00:15 - 2015-03-15 00:15 - 00023668 _____ () C:\ComboFix.txt
2015-03-14 23:48 - 2015-03-14 23:42 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00098816 _____ () C:\Windows\sed.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00080412 _____ () C:\Windows\grep.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00068096 _____ () C:\Windows\zip.exe
2015-03-14 23:48 - 2015-03-14 23:42 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-14 23:46 - 2015-03-15 00:16 - 00000000 ____D () C:\Qoobox
2015-03-14 23:46 - 2015-03-14 23:48 - 00002651 _____ () C:\DelFix.txt

egi1610 29.03.2015 17:21
Combofix habe ich zur Wiederholung von Schraubers anleitung gemacht.
Wollte wissen ob der Rechner erneut was findet?


Ich laß also jetzt delfix laufen und dann regelmäßig scannen, right?

lG,
EGI


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:08 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131