Schritt 1 und 2: Defogger und FRST64 - Logs und Addition Hallo Timo, danke für Deine prompte Antwort!
Trojaner-Board, wie letztes Mal auch, einfach klasse!
Ich vergaß eingangs zu erwähnen: Die Startseite in FF ist eigentlich google.de. Deshalb verwundert es umso mehr, dass sich FF mit MSN Deutschland automatisch öffnet - nicht nur, dass er sich überhaupt beim Windowsstart automatisch öffnet.
Hier die Logs:
1. Defogger (ohne Fehlermeldung, dennoch zur Sicherheit mit Log): Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:51 on 15/06/2015 (Picard)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- 2. FRST64: FRST.txt
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Picard (administrator) on ENTERPRISE on 15-06-2015 16:56:04
Running from C:\Users\Picard\Desktop
Loaded Profiles: Picard (Available Profiles: Picard)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files\NetDrive\nd2svc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Flux Software LLC) C:\Users\Picard\AppData\Local\FluxSoftware\Flux\flux.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [BCSSync] => C:\MS Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Jabra Direct] => C:\Program Files (x86)\Jabra\Direct\JabraDirect.exe [918016 2015-03-17] (GN Netcom A/S)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] (Atheros Communications)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [f.lux] => C:\Users\Picard\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\MountPoints2: {cda14533-ddda-11e4-be8e-689423c584e4} - "E:\AutoRun.exe"
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\MountPoints2: {cda1453a-ddda-11e4-be8e-689423c584e4} - "E:\AutoRun.exe"
SSODL: EldosMountNotificator-cbfs5 - {7A35CB49-0B54-4454-8B23-20588639589D} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {7A35CB49-0B54-4454-8B23-20588639589D} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {A36E313B-FFD9-44BD-9C0F-4F2ED9A8AE3F} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {A36E313B-FFD9-44BD-9C0F-4F2ED9A8AE3F} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll [2015-05-22] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001 -> {045ADA50-4597-4A09-9AF5-EE389F7EF7A6} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\MS Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\MS Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-02-24] (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - &CAS Info@Click - {69128F97-9C35-4881-9ED4-5A23A97A2E3D} - C:\Program Files (x86)\CAS-PIA\InfoClick\icDeskBar.dll [2014-06-03] (CAS Software AG)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Picard\AppData\Roaming\Mozilla\Firefox\Profiles\lcxsgorf.default-1434301459440
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-18] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @cas.de/InfoClick -> C:\Program Files (x86)\CAS-PIA\InfoClick\npInfoClick.dll [2014-06-03] (CAS Software AG)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\MSOFFI~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\MSOFFI~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-12-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2305788995-4209846984-3758418705-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2015-02-09] (Tracker Software Products (Canada) Ltd.)
FF Extension: Adblock Plus - C:\Users\Picard\AppData\Roaming\Mozilla\Firefox\Profiles\lcxsgorf.default-1434301459440\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - C:\Program Files (x86)\Free Download Manager\Firefox\Extension [2015-03-31]
FF HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1
FF Extension: Free Download Manager plugin - C:\ProgramData\Free Download Manager\Firefox\Extensions\1.7.3.1 [2015-04-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider) [File not signed]
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [2647256 2014-01-24] (Blue Coat Systems, Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-06-14] (SurfRight B.V.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; C:\MS Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
R2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive\nd2svc.exe [638008 2015-06-05] ()
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2014-07-26] (Dritek System INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-23] (Advanced Micro Devices)
R2 bckd; C:\Windows\System32\drivers\bckd.sys [126168 2014-01-24] (Blue Coat Systems, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [422080 2015-05-22] (EldoS Corporation)
S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX64.sys [39288 2015-03-03] (GN Netcom A/S)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2014-07-26] (Dritek System Inc.)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 16:56 - 2015-06-15 16:56 - 00024480 ____C C:\Users\Picard\Desktop\FRST.txt
2015-06-15 16:52 - 2015-06-15 16:52 - 00063162 ____C C:\Users\Picard\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
2015-06-15 16:51 - 2015-06-15 16:52 - 00000476 ____C C:\Users\Picard\Desktop\defogger_disable.log
2015-06-15 16:51 - 2015-06-15 16:51 - 00000000 ____C C:\Users\Picard\defogger_reenable
2015-06-15 16:33 - 2015-06-15 16:33 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\SUPERAntiSpyware.com
2015-06-15 16:32 - 2015-06-15 16:33 - 00000000 ___DC C:\Program Files\SUPERAntiSpyware
2015-06-15 16:32 - 2015-06-15 16:32 - 00001828 ____C C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-06-15 16:32 - 2015-06-15 16:32 - 00000000 ___DC C:\ProgramData\SUPERAntiSpyware.com
2015-06-15 16:32 - 2015-06-15 16:32 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-06-15 15:42 - 2015-06-15 15:42 - 00000077 ____C C:\WINDOWS\setupact.log
2015-06-15 15:42 - 2015-06-15 15:42 - 00000000 ____C C:\WINDOWS\setuperr.log
2015-06-15 15:41 - 2015-06-15 15:42 - 05097616 ____C C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-15 07:23 - 2015-06-15 07:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-15 06:40 - 2015-06-15 16:07 - 00121095 ____C C:\WINDOWS\WindowsUpdate.log
2015-06-14 23:31 - 2015-06-14 23:30 - 00450771 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.20150614-233136.backup
2015-06-14 23:30 - 2013-08-22 15:25 - 00000824 ____C C:\WINDOWS\system32\Drivers\etc\hosts.20150614-233012.backup
2015-06-14 23:25 - 2015-06-14 23:25 - 00000000 ___DC C:\Users\Picard\Documents\ProcAlyzer Dumps
2015-06-14 22:20 - 2015-06-15 06:13 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2015-06-14 22:20 - 2015-06-14 22:25 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-06-14 22:20 - 2015-06-14 22:20 - 00000000 ___DC C:\WINDOWS\System32\Tasks\Safer-Networking
2015-06-14 22:20 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2015-06-14 22:02 - 2015-06-15 16:45 - 02109952 ____C (Farbar) C:\Users\Picard\Desktop\FRST64.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00781312 ___RC C:\Users\Picard\Desktop\delfix_1.010.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00448512 ___RC (OldTimer Tools) C:\Users\Picard\Desktop\TFC.exe
2015-06-14 22:02 - 2015-06-14 20:38 - 00050477 ___RC C:\Users\Picard\Desktop\Defogger.exe
2015-06-14 22:02 - 2015-06-14 20:28 - 01107968 ___RC C:\Users\Picard\Desktop\RSIT.exe
2015-06-14 22:02 - 2015-06-14 20:28 - 00380416 ___RC C:\Users\Picard\Desktop\Gmer-19357.exe
2015-06-14 22:02 - 2015-06-14 20:27 - 01137360 ___RC (F-Secure Corporation) C:\Users\Picard\Desktop\fsbl.exe
2015-06-14 22:02 - 2015-06-14 19:35 - 52822240 ___RC (Microsoft Corporation) C:\Users\Picard\Desktop\Windows-KB890830-x64-V5.25.exe
2015-06-14 22:02 - 2015-06-14 19:01 - 01988928 ___RC (Kaspersky Lab) C:\Users\Picard\Desktop\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7691.exe
2015-06-14 22:02 - 2015-06-14 19:00 - 172834064 ___RC (Microsoft Corporation) C:\Users\Picard\Desktop\msert.exe
2015-06-14 22:02 - 2015-06-14 19:00 - 00388608 ___RC (Trend Micro Inc.) C:\Users\Picard\Desktop\HijackThis.exe
2015-06-14 22:02 - 2015-06-14 18:57 - 22171408 ___RC (SUPERAntiSpyware) C:\Users\Picard\Desktop\SUPERAntiSpyware.exe
2015-06-14 21:24 - 2015-06-14 21:23 - 00097888 ____C (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-06-14 21:23 - 2015-06-14 21:23 - 00000000 ___DC C:\Program Files (x86)\Java
2015-06-14 20:46 - 2015-06-14 20:55 - 00000000 ___DC C:\Program Files (x86)\trend micro
2015-06-14 20:46 - 2015-06-14 20:46 - 00000000 ___DC C:\rsit
2015-06-14 20:03 - 2015-06-14 20:03 - 00001098 ____C C:\WINDOWS\system32\.crusader
2015-06-14 20:01 - 2015-06-14 20:01 - 00001982 ____C C:\WINDOWS\system32\start.txt
2015-06-14 15:14 - 1998-04-24 00:00 - 00368912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbar332.dll
2015-06-14 12:47 - 2015-06-14 19:56 - 00000000 __HDC C:\Drm
2015-06-10 21:52 - 2015-05-27 16:35 - 24917504 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 21:52 - 2015-05-27 16:08 - 19607040 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 21:52 - 2015-05-23 05:15 - 00503808 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 21:52 - 2015-05-23 05:14 - 00341504 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 21:52 - 2015-05-23 05:10 - 02278912 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 21:52 - 2015-05-23 05:05 - 00664064 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 21:52 - 2015-05-23 05:04 - 00620032 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 21:52 - 2015-05-23 04:48 - 00076288 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 04305920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 21:52 - 2015-05-23 04:47 - 00128000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 21:52 - 2015-05-23 04:43 - 00880128 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 21:52 - 2015-05-23 04:38 - 00689152 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 21:52 - 2015-05-23 04:38 - 00327168 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 21:52 - 2015-05-23 04:37 - 02052608 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 21:52 - 2015-05-23 04:28 - 12829696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 21:52 - 2015-05-23 04:28 - 01042944 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 21:52 - 2015-05-23 04:20 - 01950720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 21:52 - 2015-05-23 04:16 - 01309696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 21:52 - 2015-05-23 04:14 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 02885632 ____C (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 00584192 ____C (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 21:52 - 2015-05-22 21:00 - 00417792 ____C (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 21:52 - 2015-05-22 20:52 - 06026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 21:52 - 2015-05-22 20:48 - 00633856 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 21:52 - 2015-05-22 20:47 - 00816640 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 21:52 - 2015-05-22 20:47 - 00814080 ____C (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 21:52 - 2015-05-22 20:24 - 00092160 ____C (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 21:52 - 2015-05-22 20:23 - 00145408 ____C (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 21:52 - 2015-05-22 20:21 - 00316928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 21:52 - 2015-05-22 20:15 - 01032704 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 21:52 - 2015-05-22 20:09 - 00262144 ____C (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 21:52 - 2015-05-22 20:08 - 00374272 ____C (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 21:52 - 2015-05-22 20:06 - 00801280 ____C (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 21:52 - 2015-05-22 20:05 - 02125824 ____C (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 21:52 - 2015-05-22 19:57 - 14404096 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 21:52 - 2015-05-22 19:50 - 02426880 ____C (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 21:52 - 2015-05-22 19:49 - 02865152 ____C (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 21:52 - 2015-05-22 19:38 - 01545728 ____C (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 21:52 - 2015-05-22 19:26 - 00800768 ____C (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 21:50 - 2015-05-21 18:47 - 04177920 ____C (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-10 21:50 - 2015-04-25 04:34 - 00653824 ____C (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 21:50 - 2015-04-25 04:33 - 00549888 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-08 23:39 - 2015-06-14 14:09 - 00000000 ___DC C:\Program Files\HitmanPro
2015-06-08 23:38 - 2015-06-14 20:03 - 00000000 ___DC C:\ProgramData\HitmanPro
2015-06-08 23:32 - 2015-06-08 23:32 - 00000207 ____C C:\WINDOWS\tweaking.com-regbackup-ENTERPRISE-Windows-8.1-(64-bit).dat
2015-06-08 23:32 - 2015-06-08 23:32 - 00000000 ___DC C:\RegBackup
2015-06-08 23:25 - 2015-06-14 21:26 - 00000000 ___DC C:\AdwCleaner
2015-06-08 23:14 - 2015-06-15 16:56 - 00000000 ___DC C:\FRST
2015-06-08 03:33 - 2015-06-08 03:33 - 00000000 ___DC C:\Program Files (x86)\WinHTTrack
2015-06-06 13:16 - 2015-06-06 13:16 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\UBitMenu
2015-06-06 12:15 - 2015-06-06 12:15 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\NetDrive2
2015-06-06 12:09 - 2015-06-08 22:11 - 00000000 ___DC C:\ProgramData\NetDrive2
2015-06-06 12:09 - 2015-06-06 12:09 - 00000000 ___DC C:\Program Files\NetDrive
2015-06-06 12:09 - 2015-05-22 12:17 - 00123688 ____C (EldoS Corporation) C:\WINDOWS\system32\cbfsNetRdr5.dll
2015-06-06 12:09 - 2015-05-22 12:17 - 00009000 ____C (EldoS Corporation) C:\WINDOWS\system32\elevtmsg.dll
2015-06-06 12:09 - 2015-05-22 12:16 - 00224040 ____C (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsNetRdr5.dll
2015-06-06 12:09 - 2015-05-22 12:16 - 00186152 ____C (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf5.dll
2015-06-06 12:09 - 2015-05-22 12:15 - 00159528 ____C (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll
2015-06-06 12:09 - 2015-05-22 11:55 - 00422080 ____C (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs5.sys
2015-06-05 10:58 - 2015-06-05 10:58 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\iterate_GmbH
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 _SHDC C:\Users\Picard\wc
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 _SHDC C:\Users\Picard\AppData\Roaming\wyUpdate AU
2015-06-05 09:46 - 2015-06-05 09:46 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Cyberduck
2015-06-05 09:27 - 2015-06-14 21:46 - 00000000 ___DC C:\Users\Picard\Documents\Outlook-Dateien
2015-06-05 08:59 - 2015-06-05 08:59 - 00001255 ____C C:\WINDOWS\system32\TeamViewer10_Hooks.log
2015-06-04 08:20 - 2015-05-25 15:23 - 00036864 ____C (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-04 08:20 - 2015-05-25 15:07 - 01430528 ____C (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-04 08:20 - 2015-05-22 15:08 - 00700416 ____C (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 01119232 ____C (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 01020928 ____C (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00756736 ____C (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00422912 ____C (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00193536 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-04 08:20 - 2015-05-21 15:08 - 00045568 ____C (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-04 08:20 - 2015-05-16 00:01 - 00133288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-06-04 08:20 - 2015-05-15 23:05 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-06-04 08:20 - 2015-05-15 22:47 - 00355328 ____C (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-06-04 08:20 - 2015-05-15 22:23 - 00027136 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-06-04 08:20 - 2015-05-15 21:42 - 03682304 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-06-04 08:20 - 2015-05-15 21:32 - 00035840 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-06-04 08:20 - 2015-05-15 21:31 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 02223104 ____C (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 00408064 ____C (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-06-04 08:20 - 2015-05-15 21:28 - 00095744 ____C (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-06-04 08:20 - 2015-05-15 21:27 - 00891904 ____C (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-06-04 08:20 - 2015-05-15 21:21 - 00124928 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-06-04 08:20 - 2015-05-15 21:21 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-06-04 08:20 - 2015-05-15 21:19 - 00721920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-06-04 08:20 - 2015-05-15 21:19 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-06-04 08:20 - 2015-04-17 00:07 - 00227328 ____C (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-04 00:10 - 2015-06-04 08:37 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2015-06-02 10:29 - 2015-06-02 10:29 - 00000000 ___DC C:\Users\Picard\AppData\Local\GWX
2015-05-27 10:38 - 2015-06-05 11:31 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Zoiper
2015-05-27 10:33 - 2015-05-27 10:33 - 00000000 ___DC C:\Program Files (x86)\Zoiper
2015-05-27 10:18 - 2015-05-27 10:18 - 00000000 ___DC C:\Users\Picard\AppData\Local\GN_Netcom_A_S
2015-05-27 10:15 - 2015-05-27 10:15 - 00000000 ___DC C:\ProgramData\Jabra
2015-05-27 10:05 - 2015-05-27 10:05 - 00000094 ____C C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-05-27 10:05 - 2015-05-27 10:05 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Jabra
2015-05-27 10:03 - 2015-06-06 12:11 - 00000000 ___DC C:\ProgramData\Package Cache
2015-05-27 10:03 - 2015-05-27 10:03 - 00000000 ___DC C:\Program Files (x86)\Jabra
2015-05-27 09:58 - 2015-06-06 12:04 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\InfoClick
2015-05-27 09:58 - 2015-05-27 09:58 - 00000000 ___DC C:\ProgramData\InfoClick
2015-05-27 09:58 - 2015-05-27 09:58 - 00000000 ___DC C:\Program Files (x86)\CAS-PIA
2015-05-27 09:56 - 2015-05-27 09:58 - 00000000 ___DC C:\Program Files (x86)\CAS-Software
2015-05-27 09:56 - 2015-05-27 09:57 - 00000000 ___DC C:\Users\Picard\AppData\Local\Downloaded Installations
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\WINDOWS\PCHEALTH
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft Synchronization Services
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft Sync Framework
2015-05-27 09:43 - 2015-05-27 09:43 - 00000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-27 09:43 - 2014-08-14 14:12 - 00517632 ____C (www.ipcom.at) C:\WINDOWS\system32\siptapi.tsp
2015-05-27 09:42 - 2015-05-27 09:42 - 00000000 ___DC C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-27 09:40 - 2015-05-27 09:40 - 00000000 ___DC C:\Program Files\Microsoft Office
2015-05-27 09:40 - 2015-05-27 09:40 - 00000000 ___DC C:\Program Files (x86)\Microsoft Analysis Services
2015-05-27 09:39 - 2015-05-27 09:43 - 00000000 ___DC C:\MS Office
2015-05-27 09:39 - 2015-05-27 09:39 - 00000000 _RHDC C:\MSOCache
2015-05-27 08:51 - 2015-05-27 09:03 - 00000000 ___DC C:\Program Files (x86)\Google
2015-05-27 08:51 - 2015-05-27 09:02 - 00000000 ___DC C:\Users\Picard\AppData\Local\Google
2015-05-26 22:07 - 2015-06-05 09:27 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\TeamViewer
2015-05-26 22:07 - 2015-05-20 19:15 - 00035112 ____C (TeamViewer GmbH) C:\WINDOWS\system32\Drivers\teamviewervpn.sys
2015-05-26 22:06 - 2015-06-09 10:39 - 00000000 ___DC C:\Program Files (x86)\TeamViewer
2015-05-26 20:44 - 2015-05-26 20:44 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2015-05-26 20:44 - 2015-05-26 20:44 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2015-05-26 20:43 - 2015-04-09 00:41 - 00158720 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-05-26 20:43 - 2015-04-09 00:07 - 00410336 ____C C:\WINDOWS\system32\ApnDatabase.xml
2015-05-26 20:43 - 2015-04-02 00:42 - 03097600 ____C (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-26 20:43 - 2015-04-02 00:30 - 02483712 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-05-26 20:43 - 2015-03-20 05:49 - 00309760 ____C (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-05-26 20:43 - 2015-03-20 05:08 - 00477184 ____C (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-05-26 20:43 - 2015-03-20 04:37 - 00367104 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-05-26 20:43 - 2015-03-20 04:07 - 01091072 ____C (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-26 20:43 - 2015-03-02 03:43 - 00222208 ____C (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-05-26 20:43 - 2015-03-02 03:21 - 00207872 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-05-26 20:42 - 2015-04-16 08:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-05-26 20:42 - 2015-04-14 00:37 - 00275968 ____C (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-05-26 20:42 - 2015-04-14 00:34 - 00180224 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-05-26 20:42 - 2015-04-10 02:40 - 01249280 ____C (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-05-26 20:42 - 2015-04-10 02:17 - 01018880 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-05-26 20:42 - 2015-04-01 06:21 - 00337408 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-05-26 20:42 - 2015-04-01 06:18 - 00468480 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-05-26 20:42 - 2015-04-01 06:17 - 00248832 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-05-26 20:42 - 2015-04-01 06:08 - 00774144 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-05-26 20:42 - 2015-04-01 05:46 - 03633664 ____C (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-05-26 20:42 - 2015-04-01 05:17 - 02551808 ____C (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-05-26 20:42 - 2015-04-01 05:17 - 00903168 ____C (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-05-26 20:42 - 2015-04-01 04:53 - 00391680 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-05-26 20:42 - 2015-04-01 04:53 - 00272896 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-05-26 20:42 - 2015-04-01 04:45 - 02749952 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-05-26 20:42 - 2015-04-01 04:45 - 00699392 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-05-26 20:42 - 2015-04-01 04:14 - 01920000 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-05-26 20:42 - 2015-04-01 04:12 - 00710144 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-15 16:51 - 2014-08-24 11:19 - 00000000 ___DC C:\Users\Picard
2015-06-15 16:36 - 2015-05-01 20:54 - 00000884 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-15 16:02 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\system32\sru
2015-06-15 15:49 - 2014-08-24 12:14 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5DF3FC2E-3DF6-4C72-8F97-0A77B81A3A5B}
2015-06-15 15:42 - 2013-08-22 16:45 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-06-15 15:41 - 2014-09-08 12:18 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\ClassicShell
2015-06-15 15:41 - 2014-08-24 13:09 - 02580686 ____C C:\Users\Public\CAFADEBUG.log
2015-06-15 08:22 - 2014-07-26 21:55 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2305788995-4209846984-3758418705-1001
2015-06-15 08:04 - 2015-03-31 17:42 - 00000000 ___DC C:\Program Files\Blue Coat K9 Web Protection
2015-06-15 07:57 - 2012-07-26 09:59 - 00000000 ___DC C:\WINDOWS\CbsTemp
2015-06-15 06:37 - 2014-08-24 13:13 - 00000000 ___DC C:\Users\Picard\AppData\Local\CrashDumps
2015-06-15 06:26 - 2015-03-29 10:52 - 00000000 __HDC C:\Shared
2015-06-14 22:22 - 2015-03-31 17:58 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sicherheit
2015-06-14 22:21 - 2015-03-29 20:39 - 00000000 __RDC C:\Quick Launch
2015-06-14 21:24 - 2015-04-03 18:59 - 00000000 ___DC C:\ProgramData\Oracle
2015-06-14 21:21 - 2014-07-26 22:20 - 00000000 ___DC C:\Users\Picard\Documents\Bluetooth Folder
2015-06-14 19:23 - 2015-03-31 17:11 - 00136408 ____C (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-14 17:52 - 2015-03-29 07:48 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2015-06-14 16:53 - 2015-03-31 16:16 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\Free Download Manager
2015-06-14 16:50 - 2015-04-01 17:37 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieBrowserModeList
2015-06-14 16:50 - 2014-08-24 12:14 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieUserList
2015-06-14 16:50 - 2014-08-24 12:14 - 00000000 _SHDC C:\Users\Picard\AppData\Local\EmieSiteList
2015-06-14 16:27 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-14 16:16 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\AppReadiness
2015-06-14 15:12 - 2015-03-31 17:13 - 00000000 ___DC C:\Users\Picard\Documents\Calibre-Bibliothek
2015-06-14 15:05 - 2015-03-28 21:50 - 00000000 ___DC C:\Users\Picard\AppData\Local\Deployment
2015-06-14 14:26 - 2014-03-18 12:03 - 01776918 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-14 14:26 - 2014-03-18 11:25 - 00765582 ____C C:\WINDOWS\system32\perfh007.dat
2015-06-14 14:26 - 2014-03-18 11:25 - 00159366 ____C C:\WINDOWS\system32\perfc007.dat
2015-06-11 11:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-11 09:16 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\PolicyDefinitions
2015-06-10 22:26 - 2015-03-29 11:38 - 00000000 ___DC C:\ProgramData\Microsoft Help
2015-06-10 22:22 - 2014-08-22 17:42 - 00000000 ___DC C:\WINDOWS\system32\MRT
2015-06-10 22:15 - 2014-08-22 17:42 - 140135120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 22:12 - 2012-07-26 07:26 - 00000199 ____C C:\WINDOWS\win.ini
2015-06-09 21:28 - 2015-03-29 11:38 - 00000000 ___DC C:\Users\Picard\AppData\Local\Microsoft Help
2015-06-09 14:47 - 2014-03-18 11:40 - 00000000 ___DC C:\Program Files\Windows Journal
2015-06-08 22:59 - 2015-03-31 17:09 - 00000000 ___DC C:\Program Files\CCleaner
2015-06-08 22:59 - 2015-03-29 07:47 - 00000000 __RDC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2015-06-06 12:15 - 2014-07-26 21:48 - 00000000 ___DC C:\Users\Picard\AppData\Local\VirtualStore
2015-06-05 12:10 - 2015-03-28 17:38 - 00000000 __RDC C:\Program Files (x86)\Skype
2015-06-05 11:16 - 2015-03-29 07:54 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Büro
2015-06-05 09:59 - 2013-08-22 17:36 - 00000000 ___DC C:\WINDOWS\system32\NDF
2015-06-05 08:52 - 2015-04-09 02:45 - 00000000 ___DC C:\Users\Picard\AppData\Roaming\vlc
2015-06-04 08:37 - 2014-09-08 09:00 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 08:35 - 2015-04-08 12:32 - 00000000 ___DC C:\WINDOWS\system32\appraiser
2015-06-04 08:35 - 2015-03-28 19:42 - 00000000 __SDC C:\WINDOWS\system32\CompatTel
2015-06-03 18:18 - 2015-03-28 19:58 - 00792568 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2015-03-28 19:58 - 00178168 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-27 13:12 - 2014-09-08 10:51 - 00000000 ___DC C:\Program Files (x86)\Microsoft Office
2015-05-27 09:41 - 2013-08-22 17:36 - 00000000 ___DC C:\Program Files\Common Files\microsoft shared
2015-05-27 09:40 - 2014-03-18 11:40 - 00000000 ___DC C:\WINDOWS\ShellNew
2015-05-27 09:06 - 2015-03-31 12:12 - 00000000 ___DC C:\Program Files (x86)\WinZip
2015-05-27 04:26 - 2015-03-31 17:10 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-26 20:51 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-05-26 20:21 - 2015-03-29 20:54 - 00000000 ___DC C:\Users\Picard\AppData\Local\clear.fi
2015-05-26 20:21 - 2013-03-12 18:59 - 00000000 ___DC C:\Program Files (x86)\Acer
2015-05-26 20:11 - 2014-08-24 11:32 - 00000000 ___DC C:\Program Files (x86)\MSBuild
2015-05-22 05:54 - 2015-03-28 21:11 - 00003108 ____C C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2305788995-4209846984-3758418705-1001
2015-05-22 05:54 - 2015-03-28 21:11 - 00000000 __RDC C:\Users\Picard\OneDrive
2015-05-20 21:51 - 2015-03-28 19:44 - 00000000 __SDC C:\WINDOWS\SysWOW64\GWX
2015-05-20 21:51 - 2015-03-28 19:44 - 00000000 __SDC C:\WINDOWS\system32\GWX
2015-05-18 07:15 - 2015-05-01 20:54 - 00003772 ____C C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-05-18 07:15 - 2015-03-28 20:37 - 00000000 ___DC C:\Users\Picard\AppData\Local\Adobe
2015-05-16 23:50 - 2015-04-11 19:05 - 00000000 ___DC C:\Users\Picard\Documents\My Kindle Content
==================== Files in the root of some directories =======
2014-07-26 20:45 - 2014-07-26 20:45 - 0000000 ___HC () C:\ProgramData\DP45977C.lfl
2015-05-27 10:05 - 2015-05-27 10:05 - 0000094 ____C () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some files in TEMP:
====================
C:\Users\Picard\AppData\Local\Temp\k9-webprotection-4.4.276.exe
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\clauth1.dll
C:\Windows\SysWOW64\clauth2.dll
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-15 16:37
==================== End of log ============================ --- --- ---
--- --- ---
3. FRST64: Addition.txt
Additional FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Picard at 2015-06-15 16:57:11
Running from C:\Users\Picard\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2305788995-4209846984-3758418705-500 - Administrator - Disabled)
Picard (S-1-5-21-2305788995-4209846984-3758418705-1001 - Administrator - Enabled) => C:\Users\Picard
Gast (S-1-5-21-2305788995-4209846984-3758418705-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.42.43579 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.42.43579 - Alcor Micro Corp.) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon Kindle (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{1B906F85-EA56-5379-F10B-1BA6530240DC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.5 - Atheros Communications Inc.)
Avaya IP Integration (x32 Version: 1.0.9987.0 - GN Netcom A/S) Hidden
Avaya one-X Integration (x32 Version: 1.0.10041.0 - GN Netcom A/S) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
Basic Support (x32 Version: 1.0.9944.0 - GN Netcom A/S) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BIZ 2300 Family (x32 Version: 1.0.9881.0 - GN Netcom A/S) Hidden
BIZ 2400 II (x32 Version: 1.0.9855.0 - GN Netcom A/S) Hidden
BIZ2400_II_CCSetup (x32 Version: 1.0.9722.0 - GN Netcom A/S) Hidden
BIZ2400_LINK280 (x32 Version: 1.0.9672.0 - GN Netcom A/S) Hidden
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadsoft Integration (x32 Version: 1.0.9989.0 - GN Netcom A/S) Hidden
calibre 64bit (HKLM\...\{39CE621D-C455-4054-8824-712AAAE0C60C}) (Version: 2.22.0 - Kovid Goyal)
CallManager (x32 Version: 1.0.9717.0 - GN) Hidden
CAS Info@Click (HKLM-x32\...\InfoClick) (Version: 3.0 - CAS Software AG)
CAS PIA Add-Ins (HKLM-x32\...\{370D68EE-D2B7-42D8-A368-A85A300CDF25}) (Version: 5.0 - CAS Software AG)
CAS Smart Add-on (HKLM-x32\...\{BE3AAA51-EAF6-4BD7-B458-9A3D7306075C}) (Version: 1.0.2 - CAS Software AG)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Cisco IP Communicator Integration (x32 Version: 1.0.9990.0 - GN Netcom A/S) Hidden
Cisco Jabber Integration (x32 Version: 1.0.10028.0 - GN Netcom A/S) Hidden
Cisco UC Integration (x32 Version: 1.0.9992.0 - GN Netcom A/S) Hidden
Cisco WebEx Connect Integration (x32 Version: 1.0.9993.0 - GN Netcom A/S) Hidden
Cisco WebEx Connect Integration (x32 Version: 1.0.9994.0 - GN Netcom A/S) Hidden
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.4.51 - Conexant)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
DFUDriverSetupX64Setup (x32 Version: 1.0.10046.0 - GN Netcom A/S) Hidden
DIAL 550 (x32 Version: 1.0.9655.0 - GN Netcom A/S) Hidden
Djvu2Pdf (HKLM\...\Djvu2Pdf) (Version: - )
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
EVOLVE20_LINKSetup (x32 Version: 1.0.9882.0 - GN Netcom A/S) Hidden
EVOLVE65Setup (x32 Version: 1.0.9673.0 - GN Netcom A/S) Hidden
f.lux (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Flux) (Version: - )
FirmwareUpdater (x32 Version: 1.0.10046.0 - GN) Hidden
Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
FreeFileSync 6.5 (HKLM-x32\...\FreeFileSync) (Version: 6.5 - Zenju)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
GN2000 Family (x32 Version: 1.0.9657.0 - GN Netcom A/S) Hidden
GO 6470 (x32 Version: 1.0.9674.0 - GN Netcom A/S) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HANDSET450Setup (x32 Version: 1.0.9659.0 - GN Netcom A/S) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
IBM Sametime Integration (x32 Version: 1.0.10059.0 - GN Netcom A/S) Hidden
IBM SPSS Amos 20 (HKLM-x32\...\{58C50F5A-B7E2-4149-8911-B14CEC825F57}) (Version: 20.0.0 - IBM Corp)
IBM SPSS Statistics 21 (HKLM-x32\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jabra Direct (HKLM-x32\...\{027afb1d-95e4-46ac-94ae-c126fd8c613c}) (Version: 3.0.10078.0 - GN Netcom A/S)
JabraDirect (x32 Version: 3.0.10078.0 - GN Netcom A/S) Hidden
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
JpcsSdkDeviceService (x32 Version: 1.0.9811.0 - GN Netcom A/S) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LINK 265 (x32 Version: 1.0.9879.0 - GN Netcom A/S) Hidden
LINK 30/32/33/41 Setup (x32 Version: 1.0.9732.0 - GN Netcom A/S) Hidden
LINK 360 (x32 Version: 1.0.9948.0 - GN Netcom A/S) Hidden
LINK180aSetup (x32 Version: 1.0.9660.0 - GN Netcom A/S) Hidden
LINK220_220ASetup (x32 Version: 1.0.9675.0 - GN Netcom A/S) Hidden
LINK230_260Setup (x32 Version: 1.0.9880.0 - GN Netcom A/S) Hidden
LINK350Setup (x32 Version: 1.0.9676.0 - GN Netcom A/S) Hidden
LINK850Setup (x32 Version: 1.0.9666.0 - GN Netcom A/S) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Lync Integration (x32 Version: 1.0.9995.0 - GN Netcom A/S) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Maintenance (x32 Version: 10.0.0.0 - GN Netcom A/S) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
Motion (x32 Version: 1.0.9681.0 - GN Netcom A/S) Hidden
MOTIONOFFICE (x32 Version: 1.0.9677.0 - GN Netcom A/S) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NEC SP 350 Integration (x32 Version: 1.0.9996.0 - GN Netcom A/S) Hidden
NetDrive2 (HKLM-x32\...\NetDrive2) (Version: 2.5.0.0 - Bdrive Inc.)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{276FD4A2-030F-8A24-7DFE-9B1384131BCD}) (Version: 1.00.0000 - Ihr Firmenname)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
Opera Mail 1.0 (HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pdf995 (HKLM-x32\...\Pdf995) (Version: 15.1s - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.312.1 - Tracker Software Products Ltd)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PRO 920 and 930 (x32 Version: 1.0.9734.0 - GN Netcom A/S) Hidden
PRO 94X0 Family (x32 Version: 1.0.9668.0 - GN Netcom A/S) Hidden
PRO925_935Setup (x32 Version: 1.0.9678.0 - GN Netcom A/S) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
SDK Integration (x32 Version: 1.0.8564.0 - GN Netcom A/S) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shoretel Integration (x32 Version: 1.0.10047.0 - GN Netcom A/S) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype Integration (x32 Version: 1.0.9999.0 - GN Netcom A/S) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPEAK 510 Family (x32 Version: 1.0.9679.0 - GN Netcom A/S) Hidden
SPEAK410Setup (x32 Version: 1.0.9636.0 - GN Netcom A/S) Hidden
SPEAK450Setup (x32 Version: 1.0.9637.0 - GN Netcom A/S) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
STEALTH Setup (x32 Version: 1.0.9952.0 - GN Netcom A/S) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Supreme (x32 Version: 1.0.9680.0 - GN Netcom A/S) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
UC VOICE A Family (x32 Version: 1.0.9669.0 - GN Netcom A/S) Hidden
UC Voice Family (x32 Version: 1.0.9670.0 - GN Netcom A/S) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
Winamp (nur entfernen) (HKLM-x32\...\Winamp) (Version: - )
WinHTTrack Website Copier 3.48-21 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WinWget version 0.20 beta (HKLM-x32\...\WinWget_is1) (Version: 0.20 - WinWget Team)
WinZip (HKLM-x32\...\WinZip) (Version: 8.1 (4331) - WinZip Computing, Inc.)
Zoiper (HKLM-x32\...\Zoiper) (Version: 3.60 - Securax LTD)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2305788995-4209846984-3758418705-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Picard\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
14-06-2015 20:02:28 Prüfpunkt von HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2015-06-14 23:31 - 00450771 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {13C16FCC-A0F9-4D65-A4BE-70FAFDE7C858} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {2114BBA4-AD52-43D3-9AC2-C5978DA9C9F9} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {2C1E71A3-6AB7-4BB8-8E48-DCA2ECCAD2F7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-18] (Adobe Systems Incorporated)
Task: {3CE8EB79-3AC9-4B7C-B3DB-0BDB3278EE02} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {3F0DF8EB-0D03-4CEE-8B2B-8DBA7520BA3B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {4700B987-B11B-4187-9952-32E5A7056B14} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {515503D6-640E-47F9-8A3A-0E7E7CE2C6EF} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {557E66B3-3894-407D-BBB1-5041E3616645} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {5988A580-7FE2-4C4C-910C-DB38D88536C8} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {61129729-D897-441B-97A6-98D59861F639} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {635F0967-47B2-4EC0-8ABE-787122F9BFEB} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {6445E2BB-DCC0-4518-83D9-4CE6FE74F1AB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8C87D317-26B4-4675-A93B-ECF9F179F30A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9B21F4D0-BF6C-4FBD-988E-F961C71B255C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {A9D50077-EC97-450F-B62B-153EE4528F04} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AD6F4FB2-9B72-47EF-8C55-846A824909D7} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {AF83580F-0ADE-4F0F-9AAB-BCABC0D67426} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D49D2B68-5781-41E4-B6BB-E4E0513B49C4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {E2DDB078-9CF7-4079-83E4-EB8E57F9E819} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2305788995-4209846984-3758418705-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {E91D4F9F-838E-4B2F-A7F8-D36C003201A1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {E9491759-7664-4A24-A3A6-0B4446B8F165} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-20] (CyberLink)
Task: {ED63E010-0997-4013-8116-2D1226804981} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-31 15:18 - 2014-03-05 11:18 - 00040448 ____C () C:\WINDOWS\System32\pdf995mon64.dll
2015-03-31 15:01 - 2012-06-21 07:25 - 00113152 ____C () C:\WINDOWS\System32\redmon64.dll
2015-05-26 22:12 - 2015-05-20 19:15 - 00020240 ____C () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 ____C () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-29 11:26 - 2008-06-20 00:41 - 00062464 ____C () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-11 18:36 - 2013-01-28 04:49 - 00239184 ____C () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-06-05 02:02 - 2015-06-05 02:02 - 00638008 ____C () C:\Program Files\NetDrive\nd2svc.exe
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2015-06-05 02:03 - 2015-06-05 02:03 - 01103360 ____C () C:\Program Files\NetDrive\libxml2.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00120320 ____C () C:\Program Files\NetDrive\jansson.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00068096 ____C () C:\Program Files\NetDrive\zlib.dll
2015-06-05 02:03 - 2015-06-05 02:03 - 00207360 ____C () C:\Program Files\NetDrive\libevent.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2015-06-14 22:20 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-14 22:20 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-14 22:20 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-14 22:20 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-14 22:20 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2305788995-4209846984-3758418705-1001\Control Panel\Desktop\\Wallpaper -> C:\Shared\Anwendungen\Wallpapers\Kleines_Schiff.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "Jabra Direct"
HKLM\...\StartupApproved\Run32: => "SDTray"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{11329D15-BCA5-4C91-AA6D-0A6FB8085916}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{6455D0A8-DC99-4775-BC4E-EA699611F8F4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{DC869994-02D5-49B5-9A26-46E7D5F713D5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{01AD020D-3E4E-4A14-9154-E990358F8130}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{2D7C30A0-A7A5-408F-B7F4-8DBA9C2709A6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{D833FC70-D583-4138-AECF-1EE924098ED3}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CFBC7B5D-DAEC-448E-8A63-6541C67C6811}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{B0DB795B-2846-48AA-BACF-BCADDB1DF052}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{A6A64E2B-3E6E-450A-9F69-168559B97464}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{BD85B436-C120-42E1-8A68-E34BF682CAAA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{0D740EA6-013F-430B-A2A6-29A9E0B3F9E4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{A0F69C6F-08B3-4CF7-AC10-A430CF10A528}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C8F31CA8-9EE8-4491-9747-47A512ABA240}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{2907AD28-9C38-4014-B1E4-79A93A36C61F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{CF95C412-5B20-42EA-B1DE-80BC27773112}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{0B78C0A5-C366-4523-B856-376030B03B57}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\FileExplorer.exe
FirewallRules: [{CDFF2BA1-22E6-4A2F-8EB8-4BB8CB7F9644}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
FirewallRules: [{F826BDB2-4D85-4ED4-A7A4-FA1367019B31}] => (Allow) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManager.exe
FirewallRules: [{1CED0610-C6AB-4CF2-A8DB-6EF66FC54C4F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC8B11B0-E2B0-4884-BDD8-A945982E448A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{21D8CCDB-0FDE-4FE1-A831-57CEB179F051}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{13FBB834-E7C7-4C9B-B8B0-B0497590723F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3C1062C6-FF05-4E71-9ADC-3CE378AD770B}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{1F888926-BC8D-4301-BDE6-FEA7B42A5B18}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{DE1F7C9E-24D5-4D3F-85F9-2B9C19AE6C34}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{C1A64706-146E-47CB-84D1-B3BEA1F81AD4}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{10CF9880-1926-4AD2-9F0B-42D3CF0D14E0}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{E2AE439A-AF74-467D-A940-DBC780D290E6}] => (Allow) C:\Program Files (x86)\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [TCP Query User{37D73434-1781-4B67-A5A5-7ED74C3D7BF3}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [UDP Query User{77A5B468-1A08-4D04-96D5-C15A70FE458C}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Block) C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [{B158B0F9-359E-49B9-8CAB-281D2AA49E28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E44FD9F2-B490-42B5-997C-90778B894DD8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7C6AC574-51F9-4BEA-802C-3D563D50A8DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F9019FD-7EAD-4204-8D42-C2104BA2BEB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5934C2AE-9EFF-4B37-9E18-C1DE43AE87D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{DC1BAA46-7404-4877-9602-7BCCE972C354}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{FDBF3235-E287-40AF-A46A-EEE729D4D738}C:\program files (x86)\free download manager\fdm.exe] => (Allow) C:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{EC6580CF-4356-44AF-8F44-E8CFAFB3F7BF}] => (Allow) C:\MS Office\Office14\GROOVE.EXE
FirewallRules: [{D7B99E07-E678-4ACD-A080-0D2CBE89683E}] => (Allow) C:\MS Office\Office14\GROOVE.EXE
FirewallRules: [{E2C371F6-0FE7-4B1B-A7E7-D7A48C9EF4DC}] => (Allow) C:\MS Office\Office14\ONENOTE.EXE
FirewallRules: [{4465FEFE-0503-4212-9672-9F564C5188E2}] => (Allow) C:\MS Office\Office14\ONENOTE.EXE
FirewallRules: [{8B28194E-4709-45FE-A3AB-80EA49D57FE0}] => (Allow) C:\MS Office\Office14\outlook.exe
FirewallRules: [TCP Query User{8D375253-646C-4486-903C-CC9F5361E68A}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [UDP Query User{C85F612E-22DF-4FA3-9E05-C4299CC22921}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{8A082332-C8FA-4FC8-B825-6BC7013FD5C7}] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{BF6A31F7-B68F-4830-81A9-336987E04A6E}] => (Allow) C:\program files (x86)\zoiper\zoiper.exe
FirewallRules: [{410E2ABD-9645-44D4-9C53-43C14CCAE903}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3B5EFD74-7430-4846-82E3-28A939FDD673}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3AF02505-3738-4702-9847-05695B07887B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F7B07F1C-DC42-4A32-AC51-6A98FF555189}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E43923AD-A2E2-457B-B0F1-FDD7F611164D}] => (Allow) C:\Program Files\NetDrive\nd2svc.exe
FirewallRules: [{CD6C1497-2AB0-4311-8B6E-C173BB9C450E}] => (Allow) C:\Program Files\NetDrive\nd2svc.exe
FirewallRules: [{CAE65509-114C-4555-AE68-105AF8502B56}] => (Allow) C:\Program Files\NetDrive\NetDrive2.exe
FirewallRules: [{A1043754-F8E0-46B9-B0BD-9BB629B5ABBA}] => (Allow) C:\Program Files\NetDrive\NetDrive2.exe
FirewallRules: [{0678C01B-8267-4BCE-A1ED-B18F48848C0B}] => (Allow) C:\Program Files\NetDrive\nd2cmd.exe
FirewallRules: [{633B4B81-62AF-432E-8A43-4C69A470AB4D}] => (Allow) C:\Program Files\NetDrive\nd2cmd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2015 03:43:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/15/2015 03:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (06/15/2015 03:42:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/15/2015 03:42:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD FUEL Service erreicht.
Error: (06/15/2015 08:15:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ePower Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/15/2015 08:15:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Dritek RF Button Command Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI IScheduleSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NetDrive2_Service_NetDrive2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Mobile Broadband HL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/15/2015 08:15:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (06/15/2015 03:43:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
Error: (06/15/2015 03:39:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
CodeIntegrity Errors:
===================================
Date: 2015-06-15 16:40:11.456
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-15 08:24:23.851
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-15 07:55:38.819
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-15 03:24:49.793
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-11 10:19:01.302
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-09 12:09:24.682
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-09 09:08:56.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-09 09:08:56.630
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-09 09:08:55.586
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2015-06-09 09:08:55.242
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD A8-4555M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 20%
Total physical RAM: 5578.27 MB
Available physical RAM: 4409.32 MB
Total Pagefile: 6474.27 MB
Available Pagefile: 5005.31 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB
==================== Drives ================================
Drive c: (ENTERPRISE) (Fixed) (Total:681.89 GB) (Free:265.29 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: CC577C9F)
Partition: GPT Partition Type.
==================== End of log ============================ --- --- ---
--- --- ---
Wurde alles ohne Fehlermeldungen unter Adminrechten ausgeführt.
Ist die Malware erkennbar?
Danke Dir! |