thomas992 | 03.05.2015 13:59 | FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Thomas (administrator) on CARINA on 03-05-2015 14:54:21
Running from C:\Users\carina\Downloads
Loaded Profiles: Thomas (Available profiles: Thomas & Gast)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(XTab system) C:\Program Files (x86)\XTab\ProtectService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2012-08-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-06-26] (Alcor Micro Corp.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mbot_de_246] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1415870104&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1415870104&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436&q={searchTerms}
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_GbHG1dd3_ZUO7-UamSYoSbvOknowPzmOk8ItRxiZ4VaZMMLlzO08GanSEwzOWhFYCulV0ghae9uob74YIevSQZwtl0H0JvCNGfe1JNw599cJ4uWwxtpU77wjZVAznq1Mss4Nudzo2jqVQCoSWSBAjooM_KPXS68sw,,&q={searchTerms}
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_GbHG1dd3_ZUO7-UamSYoSbvOknowPzmOk8ItRxiZ4VaZMMLlzO08GanSEwzOWhFYCulV0ghae9uob74YIevSQZwtl0H0JvCNGfe1JNw599cJ4uWwxtpU77wjZVAznq1Mss4Nudzo2jqVQCoSWSBAjooM_KPXS68sw,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1415870104&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436&q={searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1415870104&from=tugs&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2514} URL = hxxp://www.default-search.net/search?sid=514&aid=101&itype=n&ver=14934&tm=573&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe86_GbHG1dd3_ZUO7-UamSYoSbvOknowPzmOk8ItRxiZ4VaZMMLlzO08GanSEwzOWhFYCulV0ghae9uob74YIevSQZwtl0H0JvCNGfe1JNw599cJ4uWwxtpU77wjZVAznq1Mss4Nudzo2jt3noXidyCP6Ix97_yIzlC1A,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2514} URL = hxxp://www.default-search.net/search?sid=514&aid=101&itype=n&ver=14934&tm=573&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> {143000FE-1E1B-4B32-9121-D691D564EBA5} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2514} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3209860814-848477559-1816824793-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-04-20] (Thinknice Co. Limited)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{14EE0616-9CC9-4E8D-AD97-6D77596982CF}: [NameServer] 31.168.224.100,5.135.12.56
Tcpip\..\Interfaces\{79223A10-ECE4-4C70-A8C2-1F8E2D03C61E}: [NameServer] 31.168.224.100,5.135.12.56
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
FireFox:
========
FF ProfilePath: C:\Users\carina\AppData\Roaming\Mozilla\Firefox\Profiles\uuipivvr.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\carina\AppData\Roaming\Mozilla\Firefox\Profiles\uuipivvr.default\searchplugins\delta-homes.xml [2015-05-03]
FF Extension: Fast Start - C:\Users\carina\AppData\Roaming\Mozilla\Firefox\Profiles\uuipivvr.default\Extensions\quick_searchff@gmail.com [2015-04-21]
FF Extension: Search Enginer - C:\Users\carina\AppData\Roaming\Mozilla\Firefox\Profiles\uuipivvr.default\Extensions\sweetsearch@gmail.com [2015-04-21]
FF Extension: Adblock Plus - C:\Users\carina\AppData\Roaming\Mozilla\Firefox\Profiles\uuipivvr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-03]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\carina\AppData\Roaming\Mozilla\Firefox\Profiles\uuipivvr.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\carina\AppData\Roaming\Mozilla\Firefox\Profiles\uuipivvr.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436
CHR StartupUrls: Default -> "hxxp://www.delta-homes.com/?type=hp&ts=1429613244&from=wpm04213&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX61C62F0436F0436"
CHR DefaultSearchKeyword: Default -> delta-homes
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\carina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Google Wallet) - C:\Users\carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-04-20] (XTab system)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S4 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-12-18] ()
R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [393912 2015-04-01] (Taiwan Shui Mu Chih Ching Technology Limited)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-20] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [531968 2015-04-21] (SysTool PasSame LIMITED) [File not signed] <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-20] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 14:54 - 2015-05-03 14:55 - 00018329 _____ () C:\Users\carina\Downloads\FRST.txt
2015-05-03 14:54 - 2015-05-03 14:54 - 00000000 ____D () C:\FRST
2015-05-03 14:53 - 2015-05-03 14:53 - 02101248 _____ (Farbar) C:\Users\carina\Downloads\FRST64.exe
2015-04-27 07:11 - 2015-04-27 07:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-27 06:32 - 2015-04-27 06:32 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-04-27 06:32 - 2015-04-14 01:24 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-27 06:32 - 2015-04-14 01:24 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-27 06:31 - 2015-04-27 06:31 - 00000916 _____ () C:\WINDOWS\PFRO.log
2015-04-27 06:31 - 2015-04-27 06:31 - 00000063 _____ () C:\WINDOWS\setupact.log
2015-04-27 06:31 - 2015-04-27 06:31 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-24 21:51 - 2015-04-24 21:51 - 00000000 ____D () C:\3b6367dc30230d774af6e105
2015-04-22 17:33 - 2015-05-03 14:46 - 00870020 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-22 13:17 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-04-22 13:17 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-04-22 13:14 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-04-22 13:12 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-04-22 13:12 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-04-22 13:12 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-04-22 13:12 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-04-22 13:11 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-22 13:11 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-22 13:11 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-22 13:11 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-22 13:11 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-22 13:11 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-22 13:11 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-22 13:11 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-21 12:48 - 2015-05-03 14:24 - 00000000 ____D () C:\Program Files (x86)\Picexa
2015-04-21 12:48 - 2015-04-21 12:48 - 00001812 _____ () C:\Users\Public\Desktop\Picexa.lnk
2015-04-21 12:48 - 2015-04-21 12:48 - 00000000 ____D () C:\Users\carina\AppData\Roaming\Picexa Viewer
2015-04-21 12:48 - 2015-04-21 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
2015-04-21 12:48 - 2015-04-21 12:48 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-04-21 12:47 - 2015-04-21 12:48 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-04-20 21:22 - 2015-05-03 11:43 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{03B3A874-6E30-4228-8B9D-A4302D24518A}
2015-04-20 21:22 - 2015-04-20 21:22 - 00000000 __SHD () C:\Users\carina\AppData\Local\EmieUserList
2015-04-20 21:22 - 2015-04-20 21:22 - 00000000 __SHD () C:\Users\carina\AppData\Local\EmieSiteList
2015-04-20 21:22 - 2015-04-20 21:22 - 00000000 __SHD () C:\Users\carina\AppData\Local\EmieBrowserModeList
2015-04-20 21:12 - 2015-04-20 21:12 - 00000020 ___SH () C:\Users\carina\ntuser.ini
2015-04-20 14:51 - 2015-04-22 16:30 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-20 14:50 - 2015-05-03 14:50 - 00000000 ____D () C:\Windows.old
2015-04-20 14:50 - 2015-04-20 14:50 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-04-20 14:50 - 2015-04-20 14:50 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-04-20 14:50 - 2015-04-20 14:50 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-04-20 14:50 - 2015-04-20 14:50 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-04-20 14:50 - 2015-04-20 14:50 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-04-20 14:50 - 2015-04-20 14:50 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-04-20 14:50 - 2015-04-20 14:50 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-04-20 14:50 - 2015-04-20 14:50 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-04-20 14:50 - 2015-04-20 14:50 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-04-20 14:48 - 2015-04-20 14:48 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-20 14:48 - 2015-04-20 14:48 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-04-20 14:48 - 2015-04-20 14:48 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-04-20 14:48 - 2015-04-20 14:48 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-04-20 14:48 - 2015-04-20 14:48 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-04-20 14:48 - 2015-04-20 14:48 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-04-20 14:48 - 2015-04-20 14:48 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-04-20 14:48 - 2015-04-20 14:48 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-20 14:47 - 2015-04-20 14:47 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-20 14:46 - 2015-04-20 14:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-20 14:46 - 2015-04-20 14:46 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-20 14:36 - 2015-04-20 14:36 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-20 14:33 - 2015-04-20 14:33 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-04-20 14:30 - 2015-04-20 14:30 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-04-20 14:30 - 2015-04-20 14:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-20 14:29 - 2015-04-20 14:29 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-04-20 14:29 - 2015-04-20 14:29 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-20 14:29 - 2015-04-20 14:29 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-04-20 14:29 - 2015-04-20 14:29 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-04-20 14:29 - 2015-04-20 14:29 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-20 14:29 - 2015-04-20 14:29 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-04-20 14:29 - 2015-04-20 14:29 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-04-20 14:28 - 2015-04-21 06:12 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-20 14:28 - 2015-04-20 14:28 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-20 14:28 - 2015-04-20 14:28 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-04-20 14:28 - 2015-04-20 14:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-04-20 14:28 - 2015-04-20 14:28 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-20 14:28 - 2015-04-20 14:28 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-20 14:28 - 2015-04-20 14:28 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-20 14:28 - 2015-04-20 14:28 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-04-20 14:28 - 2015-04-20 14:28 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-20 14:28 - 2015-04-20 14:28 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-20 14:27 - 2015-04-20 14:27 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-20 14:27 - 2015-04-20 14:27 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-20 14:27 - 2015-04-20 14:27 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-20 14:27 - 2015-04-20 14:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-20 14:27 - 2015-04-20 14:27 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-20 14:27 - 2015-04-20 14:27 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-20 14:27 - 2015-04-20 14:27 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-04-20 14:27 - 2015-04-20 14:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-04-20 14:26 - 2015-04-20 14:26 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-04-20 14:26 - 2015-04-20 14:26 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-04-20 14:26 - 2015-04-20 14:26 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-04-20 14:26 - 2015-04-20 14:26 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-04-20 14:25 - 2015-04-20 14:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-20 14:25 - 2015-04-20 14:25 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-20 14:25 - 2015-04-20 14:25 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-20 14:25 - 2015-04-20 14:25 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-20 14:25 - 2015-04-20 14:25 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-20 14:24 - 2015-04-20 14:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-04-20 14:24 - 2015-04-20 14:24 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-04-20 14:24 - 2015-04-20 14:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-04-20 14:23 - 2015-04-20 14:23 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-04-20 14:23 - 2015-04-20 14:23 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-04-20 14:23 - 2015-04-20 14:23 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-20 14:23 - 2015-04-20 14:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-20 14:23 - 2015-04-20 14:23 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-04-20 14:23 - 2015-04-20 14:23 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-04-20 14:23 - 2015-04-20 14:23 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-04-20 14:23 - 2015-04-20 14:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-04-20 14:23 - 2015-04-20 14:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-04-20 14:21 - 2015-04-20 14:21 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-04-20 14:21 - 2015-04-20 14:21 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-04-20 14:21 - 2015-04-20 14:21 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-20 14:21 - 2015-04-20 14:21 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-04-20 14:21 - 2015-04-20 14:21 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-04-20 14:21 - 2015-04-20 14:21 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-04-20 14:21 - 2015-04-20 14:21 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-04-20 14:21 - 2015-04-20 14:21 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-20 14:20 - 2015-04-20 14:20 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-20 14:20 - 2015-04-20 14:20 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-04-20 14:20 - 2015-04-20 14:20 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-04-20 14:20 - 2015-04-20 14:20 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-04-20 14:20 - 2015-04-20 14:20 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-04-20 14:20 - 2015-04-20 14:20 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-04-20 14:20 - 2015-04-20 14:20 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-04-20 14:20 - 2015-04-20 14:20 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-04-20 14:20 - 2015-04-20 14:20 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-04-20 14:20 - 2015-04-20 14:20 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-04-20 14:20 - 2015-04-20 14:20 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-04-20 14:18 - 2015-04-20 14:18 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-04-20 14:18 - 2015-04-20 14:18 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-04-20 14:18 - 2015-04-20 14:18 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-04-20 14:18 - 2015-04-20 14:18 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-04-20 14:18 - 2015-04-20 14:18 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-20 14:18 - 2015-04-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-04-20 14:18 - 2015-04-20 14:18 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-20 14:17 - 2015-04-20 14:17 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-20 14:17 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-04-20 14:17 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 14:17 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-04-20 14:17 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-20 14:10 - 2015-04-20 14:10 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-04-20 14:09 - 2015-04-20 21:12 - 00000000 ____D () C:\Users\carina
2015-04-20 14:09 - 2015-04-20 14:33 - 00028578 _____ () C:\WINDOWS\diagwrn.xml
2015-04-20 14:09 - 2015-04-20 14:33 - 00028578 _____ () C:\WINDOWS\diagerr.xml
2015-04-20 14:09 - 2015-04-20 14:25 - 00000000 ____D () C:\Users\Gast
2015-04-20 14:09 - 2015-04-20 14:10 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-20 14:09 - 2015-04-20 14:10 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-20 14:09 - 2015-04-20 14:10 - 00000000 ___RD () C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Vorlagen
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Startmenü
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Netzwerkumgebung
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Lokale Einstellungen
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Eigene Dateien
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Druckumgebung
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Musik
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Documents\Eigene Bilder
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Verlauf
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\AppData\Local\Anwendungsdaten
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\Gast\Anwendungsdaten
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Vorlagen
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Startmenü
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Netzwerkumgebung
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Lokale Einstellungen
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Eigene Dateien
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Druckumgebung
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Documents\Eigene Musik
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Documents\Eigene Bilder
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\AppData\Local\Verlauf
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\AppData\Local\Anwendungsdaten
2015-04-20 14:09 - 2015-04-20 14:09 - 00000000 _SHDL () C:\Users\carina\Anwendungsdaten
2015-04-20 14:09 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-20 14:09 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-20 14:09 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-20 14:09 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-20 14:09 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-20 14:09 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-20 14:09 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-20 14:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-20 14:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-20 13:57 - 2015-04-20 13:57 - 00000000 ____D () C:\Program Files (x86)\USB Camera2
2015-04-20 13:56 - 2015-04-20 14:12 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-20 13:56 - 2015-04-20 13:56 - 00000000 ____D () C:\Program Files\Elantech
2015-04-18 10:12 - 2015-04-18 10:12 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-04-18 10:11 - 2015-04-18 10:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-18 10:11 - 2015-04-18 10:11 - 00002058 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-18 10:08 - 2015-04-18 10:08 - 01124072 _____ (Adobe Systems Incorporated) C:\Users\carina\Downloads\readerdc_de_ga_install(1).exe
2015-04-18 10:06 - 2015-04-18 10:06 - 01124072 _____ (Adobe Systems Incorporated) C:\Users\carina\Downloads\readerdc_de_ga_install.exe
2015-04-17 15:32 - 2015-04-17 15:32 - 00000000 ____D () C:\Users\carina\AppData\Local\Macromedia
2015-04-17 15:31 - 2015-05-03 14:28 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-17 15:31 - 2015-04-17 15:31 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-17 15:28 - 2015-05-02 13:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-17 15:28 - 2015-04-21 12:47 - 00001394 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-17 15:28 - 2015-04-21 12:47 - 00001382 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-17 15:28 - 2015-04-17 15:28 - 00000000 ____D () C:\Users\carina\AppData\Roaming\Mozilla
2015-04-17 15:28 - 2015-04-17 15:28 - 00000000 ____D () C:\Users\carina\AppData\Local\Mozilla
2015-04-17 15:28 - 2015-04-17 15:28 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-17 15:26 - 2015-04-17 15:27 - 00243656 _____ () C:\Users\carina\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-04 15:17 - 2015-04-04 15:17 - 01057488 _____ (Adobe) C:\Users\carina\Downloads\install_reader11_de_mssa_aaa_aih.exe
2015-04-04 15:13 - 2015-04-18 10:19 - 00000000 ____D () C:\Users\carina\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-03 14:49 - 2013-02-19 16:26 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3209860814-848477559-1816824793-1001
2015-05-03 14:15 - 2013-02-19 17:22 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-03 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-03 13:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-03 05:08 - 2013-02-19 17:27 - 00002430 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-03 05:08 - 2013-02-19 17:22 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-27 07:07 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-27 07:06 - 2014-11-21 05:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-27 07:06 - 2014-11-21 04:45 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-27 07:06 - 2014-11-21 04:45 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-27 06:32 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-24 21:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-24 21:53 - 2015-02-19 09:19 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-24 21:53 - 2014-11-21 12:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-24 21:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-04-24 21:53 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-04-21 17:47 - 2013-02-19 16:16 - 00000000 ____D () C:\Users\carina\AppData\Local\Packages
2015-04-21 12:47 - 2014-11-13 11:15 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-04-21 12:47 - 2013-02-19 16:18 - 00001673 _____ () C:\Users\carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-21 11:51 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-04-20 21:28 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-20 14:50 - 2013-08-22 17:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-04-20 14:48 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-20 14:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-20 14:44 - 2014-11-21 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-20 14:44 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-04-20 14:44 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-04-20 14:44 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-04-20 14:44 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-04-20 14:44 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-04-20 14:44 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-04-20 14:44 - 2013-08-22 17:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-04-20 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-04-20 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-04-20 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-20 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-20 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-20 14:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-20 14:44 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-04-20 14:37 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-20 14:36 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-20 14:36 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-04-20 14:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-20 14:30 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-20 14:30 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-20 14:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-20 14:29 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-20 14:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-20 14:23 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-04-20 14:21 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-20 14:21 - 2013-08-22 16:44 - 00338016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-20 14:19 - 2015-02-19 09:20 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-04-20 14:19 - 2015-01-15 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-20 14:19 - 2014-12-18 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2015-04-20 14:19 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-20 14:19 - 2013-02-19 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-20 14:19 - 2012-10-22 21:09 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery
2015-04-20 14:19 - 2012-10-22 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2015-04-20 14:19 - 2012-10-22 20:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\Atheros_L1e
2015-04-20 14:19 - 2012-10-22 20:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-20 14:18 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2015-04-20 14:16 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-04-20 14:16 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-04-20 14:16 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-04-20 14:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-04-20 14:16 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-04-20 14:16 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-04-20 14:14 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-04-20 14:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help
2015-04-20 14:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-20 14:12 - 2014-12-26 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2015-04-20 14:12 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-04-20 14:12 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-04-20 14:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-20 14:12 - 2013-03-19 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MumboJumbo
2015-04-20 14:12 - 2013-03-17 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2015-04-20 14:12 - 2012-10-22 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-20 14:12 - 2012-08-01 17:53 - 00000000 ____D () C:\ProgramData\PRICache
2015-04-20 14:10 - 2014-12-20 21:16 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2015-04-20 14:10 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-04-20 14:10 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-04-20 14:01 - 2014-01-26 13:44 - 00000000 __SHD () C:\Recovery
2015-04-20 13:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\System
2015-04-18 10:29 - 2013-02-19 16:17 - 00000000 ____D () C:\Users\carina\AppData\Roaming\Adobe
2015-04-18 10:20 - 2012-10-22 21:03 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-18 10:11 - 2012-10-22 21:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 20:21 - 2013-11-22 19:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 20:18 - 2013-03-21 18:25 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2014-11-13 11:18 - 2014-11-13 11:18 - 2033072 _____ (HQ VideoV13.11) C:\Users\carina\AppData\Roaming\IQQUSQJ.exe
2014-11-13 11:20 - 2014-11-13 11:20 - 1543600 _____ (HQ VideoV13.11) C:\Users\carina\AppData\Roaming\ZMID.exe
2014-11-13 11:22 - 2014-11-13 11:21 - 0613012 _____ (CMI Limited) C:\Users\carina\AppData\Local\nseC3.tmp
2014-11-13 11:39 - 2014-11-13 11:38 - 0613012 _____ (CMI Limited) C:\Users\carina\AppData\Local\nsi4F42.tmp
2014-11-13 11:21 - 2015-01-15 19:13 - 0000003 _____ () C:\Users\carina\AppData\Local\proxy.log
2012-10-22 20:47 - 2012-10-22 20:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-20 13:53
==================== End Of Log ============================ --- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Thomas at 2015-05-03 14:56:46
Running from C:\Users\carina\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3209860814-848477559-1816824793-500 - Administrator - Disabled)
Gast (S-1-5-21-3209860814-848477559-1816824793-501 - Limited - Disabled) => C:\Users\Gast
Thomas (S-1-5-21-3209860814-848477559-1816824793-1001 - Administrator - Enabled) => C:\Users\carina
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.42.71502 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.42.71502 - Alcor Micro Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
AtlantisQuest (HKLM-x32\...\{1D619FC4-4F88-406C-9E78-B948BFC998FA}) (Version: 1.00.0000 - Ihr Firmenname)
Brickshooter Egypt (HKLM-x32\...\{9AA179F5-EAE2-4997-B03E-989068643DBF}) (Version: 1.00.0000 - Purplehills)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.20 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
ETDWare PS/2-X64 11.4.4.2_WHQL (HKLM\...\Elantech) (Version: 11.4.4.2 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Picexa (HKLM-x32\...\Picexa) (Version: - Taiwan Shui Mu Chih Ching Technology Limited)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
21-04-2015 11:51:40 Windows Update
24-04-2015 21:30:08 Windows Update
03-05-2015 11:23:00 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {256C8D66-6D84-42CE-8E38-952E469FB05F} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2A82A01A-8C0A-42C9-999F-A76ED80AA3FB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)
Task: {3A0C397A-AA05-4830-BA26-43EBDE2AE1FE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {4636C5C6-9984-48F4-95DD-57B3F3CE659D} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {55B58325-9B19-4AB2-87B8-51EC6E1E8427} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-20] (Microsoft Corporation)
Task: {5C396CB2-5BCD-42DA-8512-182C969E3759} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {5E5D4910-9601-4005-9740-C78CC3BCC68E} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6B9144BB-1E74-4681-8B71-D1DBA39F6F3A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-20] (Microsoft Corporation)
Task: {72781BCE-D4F6-49F3-A30D-4C6B36660097} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7B33939F-01CC-4273-8B27-2FE827F2C92B} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-20] (Microsoft Corporation)
Task: {7D10BF9B-AD24-4C0A-B4AC-779EA2C13A5B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {9C96F677-9C08-41F7-BBDD-216D7C1152C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-04-20] (Microsoft Corporation)
Task: {A8CEE64C-53FB-4381-A9FA-90ACA75E8430} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19] (Google Inc.)
Task: {B682E440-41D5-459B-88E6-13A60AFFADC3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {D755784B-6DE9-455A-A9FF-5FDEB0DE6195} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {FFE84F6C-5DBA-4487-9D10-269D2EDDE9B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-22 20:42 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\carina\Pictures\Wallpapars_Donwload\1388183166743.jpg
DNS Servers: 31.168.224.100 - 5.135.12.56
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: Mobile Partner. RunOuc => 2
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "ConvertAd"
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\...\StartupApproved\Run: => "Browser Infrastructure Helper"
HKU\S-1-5-21-3209860814-848477559-1816824793-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FDE1A709-9031-4658-9C92-91FEE2BBFC9B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43F429F7-7931-4FF4-840A-C1D3647025E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2907CF13-2292-4A5B-9140-924395F48407}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{C76D9A0E-0909-4CE8-BE92-7F520B424F42}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2015 02:47:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/03/2015 00:35:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/03/2015 10:35:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/03/2015 09:16:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/27/2015 07:14:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
Error: (04/24/2015 09:32:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/24/2015 09:29:55 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
Error: (04/23/2015 03:44:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/22/2015 04:37:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/22/2015 03:15:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (05/03/2015 02:50:19 PM) (Source: DCOM) (EventID: 10010) (User: Carina)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/03/2015 02:49:49 PM) (Source: DCOM) (EventID: 10010) (User: Carina)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/03/2015 01:23:11 PM) (Source: DCOM) (EventID: 10010) (User: Carina)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/03/2015 01:22:41 PM) (Source: DCOM) (EventID: 10010) (User: Carina)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/03/2015 01:09:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/22/2015 05:35:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/22/2015 02:33:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/22/2015 05:37:22 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "CARINA" auf Transport "NetBT_Tcpip_{79223A10-ECE4-4C70-A8C2-1F8E2D03C61E}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (04/21/2015 07:19:22 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/21/2015 01:10:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Microsoft Office Sessions:
=========================
Error: (05/03/2015 02:47:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (05/03/2015 00:35:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (05/03/2015 10:35:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (05/03/2015 09:16:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (04/27/2015 07:14:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestc:\program files\ccleaner\CCleaner.exe
Error: (04/24/2015 09:32:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (04/24/2015 09:29:55 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
Error: (04/23/2015 03:44:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (04/22/2015 04:37:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
Error: (04/22/2015 03:15:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Carina)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU B830 @ 1.80GHz
Percentage of memory in use: 68%
Total physical RAM: 1893.41 MB
Available physical RAM: 591.86 MB
Total Pagefile: 3369.99 MB
Available Pagefile: 1545.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:249.97 GB) (Free:222.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.93 GB) NTFS
Drive e: (Neues Volume) (Fixed) (Total:20 GB) (Free:19.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FBEBD0CD)
Partition: GPT Partition Type.
==================== End Of Log ============================ |