| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trend Micro Titanium Maximum Security geht nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.02.2014, 16:05
| #1 |
 |  Trend Micro Titanium Maximum Security geht nicht mehr Hallo habe mir nach dem Datenklau extra Trend zugelegt. Da mir gesagt wurde per Mail ich hätte mir was eingefangen. OS: Win 8. Habe dann alles gescannt und es kam nichts bei rum. System lief und läuft auch ohne Probleme. Jetzt merkte ich aber das bei Doppelklick auf Trend Micro es nur kurz aufgeht und dann wieder schliesst. Was kann das sein ?Läuft es schon im Hintergrund einige schrieben auch es sei was infiziertes? Von der Homepage hatte ich ir schon Housecall Launcher runtergeladen und komplettes System gescannt ohne Was gefunden zu haben. Noch ne andere Frage was ist eigentlich mit dem Passwort-Wahnsinn? Gibt es da keine andere Möglichkeit habe soviele da verliert man ja den Überblick? Wie ist das mit dem neuen Perso ist das ok ? kann man den dann für alle PW nutzen ? Danke und lieben Gruß |
|
05.02.2014, 16:08
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trend Micro Titanium Maximum Security geht nicht mehr Hi,
__________________Zitat:
Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.02.2014, 16:33
| #3 |
| | Trend Micro Titanium Maximum Security geht nicht mehr ok habe ja win 8 steht dort aber nicht dabei bei unterstützem OS. Denke das es geht wollte sicherheitshalber nur nochmal nachfragen ?
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by ok_000 (administrator) on OLIVER on 05-02-2014 16:29:57
Running from C:\Users\ok_000\Downloads
Microsoft Windows 8.1 Pro (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Trend Micro Inc.) D:\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x86__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - D:\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - D:\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: TmIEPlugInBHO Class - {959A5673-7971-48e6-AF54-58F745AC4ABC} - D:\Trend Micro\AMSP\module\20013\3.0.1277\1.6.1092\TmopIEPlg.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - D:\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll No File
BHO: Web Check - {E155F23C-9931-47c6-A619-20E6FCA86D75} - C:\Program Files\Web Check\WebCheck.dll (Web Check)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - D:\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - D:\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll No File
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - D:\Trend Micro\AMSP\module\20013\3.0.1277\1.6.1092\TmopIEPlg.dll No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - D:\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - D:\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ok_000\AppData\Roaming\Mozilla\Firefox\Profiles\n2u3jhcu.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FRITZ!Box AddOn - C:\Users\ok_000\AppData\Roaming\Mozilla\Firefox\Profiles\n2u3jhcu.default\Extensions\fb_add_on@avm.de [2014-01-07]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - D:\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\firefoxextension
FF HKLM\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - D:\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\
FF Extension: Trend Micro Osprey Firefox Extension - D:\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ []
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - D:\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - D:\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-01-21]
FF HKLM\...\Firefox\Extensions: [{52b0f3db-f988-4788-b9dc-861d016f4487}] - C:\Program Files\Web Check\WebCheck.xpi
FF Extension: Web Check - C:\Program Files\Web Check\WebCheck.xpi [2013-08-12]
========================== Services (Whitelisted) =================
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2013-12-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-10-31] (Microsoft Corporation)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2014-02-01] (soft Xpansion)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2013-11-14] (Microsoft Corporation)
S2 Amsp; "D:\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
==================== Drivers (Whitelisted) ====================
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [33176 2013-12-15] (Intel Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2013-12-15] (Intel Corporation)
R3 MEI; C:\WINDOWS\system32\DRIVERS\TeeDriver.sys [85464 2013-09-16] (Intel Corporation)
R2 RtNdPt630; C:\WINDOWS\system32\DRIVERS\RtNdPt630.sys [23256 2013-09-26] (Realtek Semiconductor Corp.)
S3 RTTEAMPT; C:\WINDOWS\system32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\WINDOWS\system32\DRIVERS\RtVlan620.sys [27792 2012-09-01] (Realtek Corporation)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [102904 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [288840 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [32272 2013-07-11] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [83352 2013-09-04] (Trend Micro Inc.)
S3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [84768 2013-07-08] (Trend Micro Inc.)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-05 16:29 - 2014-02-05 16:30 - 00010963 _____ () C:\Users\ok_000\Downloads\FRST.txt
2014-02-05 16:29 - 2014-02-05 16:29 - 00000000 ____D () C:\FRST
2014-02-05 16:28 - 2014-02-05 16:28 - 01137152 _____ (Farbar) C:\Users\ok_000\Downloads\FRST.exe
2014-02-05 16:26 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\ok_000\Documents\My Received Files
2014-02-05 16:26 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\MusicNet
2014-02-05 16:23 - 2014-02-05 16:23 - 01431792 _____ (iMesh Inc) C:\Users\ok_000\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 14:26 - 2014-02-05 14:26 - 00288967 _____ () C:\Users\ok_000\AppData\Local\census.cache
2014-02-05 14:26 - 2014-02-05 14:26 - 00100687 _____ () C:\Users\ok_000\AppData\Local\ars.cache
2014-02-05 11:36 - 2014-02-05 11:36 - 02002320 _____ (Trend Micro Inc.) C:\Users\ok_000\Downloads\HousecallLauncher.exe
2014-02-01 22:28 - 2014-02-02 16:31 - 00000000 ____D () C:\ProgramData\Freemium
2014-02-01 22:28 - 2014-02-01 22:28 - 00010464 _____ () C:\WINDOWS\system32\sx_p2d.tlb
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Users\ok_000\Downloads\freepdf
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Program Files\Common Files\soft Xpansion
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Program Files\Common Files\Freemium
2014-02-01 22:27 - 2014-02-01 22:27 - 00000000 ____D () C:\Program Files\Web Check
2014-02-01 22:07 - 2014-02-01 22:14 - 00000000 ____D () C:\Users\ok_000\AppData\Local\DownloadGuide
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-01 22:01 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-02-01 22:01 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-01 22:01 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-02-01 21:59 - 2014-02-01 21:59 - 00666504 _____ () C:\Users\ok_000\Downloads\free-pdf-perfect_1.0_de-DE.exe
2014-01-23 16:07 - 2014-01-23 16:07 - 00001550 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-23 16:07 - 2014-01-23 16:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-23 16:07 - 2014-01-23 16:07 - 00000000 ____D () C:\Program Files\iPod
2014-01-22 14:37 - 2014-01-22 14:37 - 265510263 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-22 14:37 - 2014-01-22 14:37 - 00154712 _____ () C:\WINDOWS\Minidump\012214-17421-01.dmp
2014-01-22 14:37 - 2014-01-22 14:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-21 23:49 - 2014-01-21 23:49 - 00000000 __SHD () C:\TMRescueDisk
2014-01-21 23:44 - 2014-01-21 23:44 - 00001050 _____ () C:\Users\ok_000\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-01-21 23:44 - 2014-01-21 23:44 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-01-21 23:44 - 2014-01-21 23:44 - 00000000 ____D () C:\Users\ok_000\AppData\Local\Trend Micro
2014-01-21 23:44 - 2013-09-04 07:23 - 00102904 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2014-01-21 23:44 - 2013-09-04 07:20 - 00083352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2014-01-21 23:44 - 2013-09-04 07:12 - 00288840 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-01-21 23:44 - 2013-07-11 03:39 - 00032272 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2014-01-21 23:44 - 2013-07-08 04:16 - 00084768 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2014-01-21 23:44 - 2013-07-01 14:08 - 00040736 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC32.sys
2014-01-21 23:44 - 2013-06-13 07:35 - 00085280 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2014-01-21 23:44 - 2013-05-22 16:37 - 00282272 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2014-01-21 23:43 - 2014-01-22 00:31 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-01-21 23:43 - 2014-01-21 23:43 - 00000045 _____ () C:\WINDOWS\system32\SupportTool.exe.bat
2014-01-21 23:38 - 2014-02-05 11:41 - 00000036 _____ () C:\Users\ok_000\AppData\Local\housecall.guid.cache
2014-01-21 23:27 - 2014-01-21 23:37 - 90359472 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-01-21 23:25 - 2014-01-21 23:26 - 06631328 _____ (Trend Micro Inc.) C:\Users\ok_000\Downloads\Titanium_Maximum_Security_2014.exe
2014-01-15 02:49 - 2013-12-09 00:43 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 02:49 - 2013-11-27 15:09 - 02872688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 02:49 - 2013-11-27 11:46 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 02:49 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 02:49 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 02:49 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 02:49 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-10 14:28 - 2014-01-10 14:28 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-01-10 14:28 - 2014-01-10 14:28 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Canon
2014-01-07 15:17 - 2014-01-07 15:17 - 00002053 _____ () C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
2014-01-07 15:17 - 2014-01-07 15:17 - 00000000 ____D () C:\Program Files\Canon
2014-01-07 15:13 - 2014-01-07 15:17 - 49904760 _____ () C:\Users\ok_000\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2014-01-07 15:13 - 2014-01-07 15:13 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-01-07 15:11 - 2014-01-07 15:12 - 21286032 _____ () C:\Users\ok_000\Downloads\mp68-win-mp550-1_05-ea24.exe
2014-01-07 15:07 - 2014-01-07 15:07 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2014-01-07 15:07 - 2014-01-07 15:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-07 15:07 - 2010-04-24 05:00 - 00272384 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM9Z.DLL
2014-01-07 15:07 - 2009-04-03 16:00 - 01310720 _____ (CANON INC.) C:\WINDOWS\system32\CNC550C.dll
2014-01-07 15:07 - 2009-04-03 15:59 - 00110592 _____ (CANON INC.) C:\WINDOWS\system32\CNC550I.dll
2014-01-07 15:07 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC550U.dll
2014-01-07 15:07 - 2009-03-19 14:38 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNC550L.dll
2014-01-07 15:07 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
2014-01-06 19:21 - 2014-01-06 19:24 - 00000000 ____D () C:\Users\ok_000\Desktop\Fußball
2014-01-06 19:00 - 2014-02-05 14:45 - 00088064 _____ () C:\Users\ok_000\Desktop\Stunden.xls
2014-01-06 19:00 - 2014-02-01 22:28 - 00033280 ___SH () C:\Users\ok_000\Desktop\Thumbs.db
2014-01-06 19:00 - 2014-01-14 10:23 - 00000000 ____D () C:\Users\ok_000\Desktop\VfR
2014-01-06 19:00 - 2014-01-06 19:00 - 00000000 ____D () C:\Users\ok_000\Desktop\SEB
2014-01-06 19:00 - 2013-11-08 01:03 - 00315392 _____ () C:\Users\ok_000\Desktop\Golfpark.ppt
2014-01-06 19:00 - 2013-09-10 14:47 - 00027648 _____ () C:\Users\ok_000\Desktop\PW.xls
2014-01-06 18:59 - 2014-01-06 18:59 - 00000000 ____D () C:\Users\ok_000\Desktop\Privat
2014-01-06 18:59 - 2014-01-06 18:59 - 00000000 ____D () C:\Users\ok_000\Desktop\Lindgren-Projektwoche
2014-01-06 18:59 - 2014-01-06 18:59 - 00000000 ____D () C:\Users\ok_000\Desktop\Klasse
2014-01-06 18:59 - 2014-01-06 18:59 - 00000000 ____D () C:\Users\ok_000\Desktop\Jubiläum
2014-01-06 18:58 - 2014-01-13 02:43 - 00000000 ____D () C:\Users\ok_000\Desktop\Bewerbung
2014-01-06 18:58 - 2014-01-06 19:04 - 00000000 ____D () C:\Users\ok_000\Desktop\Förderverein
2014-01-06 18:58 - 2014-01-06 18:58 - 00000000 ____D () C:\Users\ok_000\Desktop\Bilder Endres
==================== One Month Modified Files and Folders =======
2014-02-05 16:30 - 2014-02-05 16:29 - 00010963 _____ () C:\Users\ok_000\Downloads\FRST.txt
2014-02-05 16:29 - 2014-02-05 16:29 - 00000000 ____D () C:\FRST
2014-02-05 16:28 - 2014-02-05 16:28 - 01137152 _____ (Farbar) C:\Users\ok_000\Downloads\FRST.exe
2014-02-05 16:26 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\ok_000\Documents\My Received Files
2014-02-05 16:26 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\MusicNet
2014-02-05 16:23 - 2014-02-05 16:23 - 01431792 _____ (iMesh Inc) C:\Users\ok_000\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 16:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-05 14:45 - 2014-01-06 19:00 - 00088064 _____ () C:\Users\ok_000\Desktop\Stunden.xls
2014-02-05 14:26 - 2014-02-05 14:26 - 00288967 _____ () C:\Users\ok_000\AppData\Local\census.cache
2014-02-05 14:26 - 2014-02-05 14:26 - 00100687 _____ () C:\Users\ok_000\AppData\Local\ars.cache
2014-02-05 13:07 - 2013-12-31 22:01 - 01813790 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-05 11:53 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-05 11:41 - 2014-01-21 23:38 - 00000036 _____ () C:\Users\ok_000\AppData\Local\housecall.guid.cache
2014-02-05 11:36 - 2014-02-05 11:36 - 02002320 _____ (Trend Micro Inc.) C:\Users\ok_000\Downloads\HousecallLauncher.exe
2014-02-05 11:30 - 2013-12-31 23:04 - 00000000 __RDO () C:\Users\ok_000\SkyDrive
2014-02-05 11:29 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-05 11:28 - 2013-08-22 07:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-04 14:38 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-02 16:31 - 2014-02-01 22:28 - 00000000 ____D () C:\ProgramData\Freemium
2014-02-02 16:31 - 2013-11-14 00:00 - 00030478 _____ () C:\WINDOWS\PFRO.log
2014-02-01 23:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-01 22:28 - 2014-02-01 22:28 - 00010464 _____ () C:\WINDOWS\system32\sx_p2d.tlb
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Users\ok_000\Downloads\freepdf
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Program Files\Common Files\soft Xpansion
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Program Files\Common Files\Freemium
2014-02-01 22:28 - 2014-01-06 19:00 - 00033280 ___SH () C:\Users\ok_000\Desktop\Thumbs.db
2014-02-01 22:27 - 2014-02-01 22:27 - 00000000 ____D () C:\Program Files\Web Check
2014-02-01 22:14 - 2014-02-01 22:07 - 00000000 ____D () C:\Users\ok_000\AppData\Local\DownloadGuide
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-01 22:04 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-02-01 21:59 - 2014-02-01 21:59 - 00666504 _____ () C:\Users\ok_000\Downloads\free-pdf-perfect_1.0_de-DE.exe
2014-01-30 21:47 - 2013-08-22 09:18 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 09:18 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-23 16:07 - 2014-01-23 16:07 - 00001550 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-23 16:07 - 2014-01-23 16:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-23 16:07 - 2014-01-23 16:07 - 00000000 ____D () C:\Program Files\iPod
2014-01-23 16:07 - 2014-01-02 12:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-23 16:05 - 2014-01-02 12:40 - 00000000 ____D () C:\ProgramData\Apple
2014-01-22 23:39 - 2013-12-31 21:55 - 00000000 ____D () C:\Users\ok_000
2014-01-22 14:37 - 2014-01-22 14:37 - 265510263 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-22 14:37 - 2014-01-22 14:37 - 00154712 _____ () C:\WINDOWS\Minidump\012214-17421-01.dmp
2014-01-22 14:37 - 2014-01-22 14:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-22 14:32 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-22 00:31 - 2014-01-21 23:43 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-01-21 23:49 - 2014-01-21 23:49 - 00000000 __SHD () C:\TMRescueDisk
2014-01-21 23:44 - 2014-01-21 23:44 - 00001050 _____ () C:\Users\ok_000\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-01-21 23:44 - 2014-01-21 23:44 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-01-21 23:44 - 2014-01-21 23:44 - 00000000 ____D () C:\Users\ok_000\AppData\Local\Trend Micro
2014-01-21 23:44 - 2012-07-26 07:53 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-21 23:43 - 2014-01-21 23:43 - 00000045 _____ () C:\WINDOWS\system32\SupportTool.exe.bat
2014-01-21 23:37 - 2014-01-21 23:27 - 90359472 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-01-21 23:26 - 2014-01-21 23:25 - 06631328 _____ (Trend Micro Inc.) C:\Users\ok_000\Downloads\Titanium_Maximum_Security_2014.exe
2014-01-21 21:18 - 2014-01-02 17:10 - 00000000 ____D () C:\Users\ok_000\AppData\Local\Adobe
2014-01-19 11:40 - 2013-12-31 23:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-19 08:37 - 2013-12-31 01:05 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-16 17:23 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-15 12:54 - 2013-12-31 01:00 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 12:54 - 2013-12-31 01:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-14 10:23 - 2014-01-06 19:00 - 00000000 ____D () C:\Users\ok_000\Desktop\VfR
2014-01-13 02:43 - 2014-01-06 18:58 - 00000000 ____D () C:\Users\ok_000\Desktop\Bewerbung
2014-01-10 14:28 - 2014-01-10 14:28 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-01-10 14:28 - 2014-01-10 14:28 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Canon
2014-01-08 12:36 - 2014-01-01 16:34 - 00000000 ____D () C:\Users\ok_000\AppData\Local\PackageStaging
2014-01-07 15:17 - 2014-01-07 15:17 - 00002053 _____ () C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
2014-01-07 15:17 - 2014-01-07 15:17 - 00000000 ____D () C:\Program Files\Canon
2014-01-07 15:17 - 2014-01-07 15:13 - 49904760 _____ () C:\Users\ok_000\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2014-01-07 15:13 - 2014-01-07 15:13 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-01-07 15:12 - 2014-01-07 15:11 - 21286032 _____ () C:\Users\ok_000\Downloads\mp68-win-mp550-1_05-ea24.exe
2014-01-07 15:07 - 2014-01-07 15:07 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2014-01-07 15:07 - 2014-01-07 15:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-07 15:07 - 2013-11-14 09:09 - 01686150 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-07 15:07 - 2013-08-22 09:17 - 00000000 __RSD () C:\WINDOWS\Media
2014-01-07 15:07 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\twain_32
2014-01-07 15:06 - 2013-08-22 08:23 - 00292440 _____ () C:\WINDOWS\setupact.log
2014-01-06 19:24 - 2014-01-06 19:21 - 00000000 ____D () C:\Users\ok_000\Desktop\Fußball
2014-01-06 19:04 - 2014-01-06 18:58 - 00000000 ____D () C:\Users\ok_000\Desktop\Förderverein
2014-01-06 19:04 - 2014-01-02 12:41 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Apple Computer
2014-01-06 19:00 - 2014-01-06 19:00 - 00000000 ____D () C:\Users\ok_000\Desktop\SEB
2014-01-06 18:59 - 2014-01-06 18:59 - 00000000 ____D () C:\Users\ok_000\Desktop\Privat
2014-01-06 18:59 - 2014-01-06 18:59 - 00000000 ____D () C:\Users\ok_000\Desktop\Lindgren-Projektwoche
2014-01-06 18:59 - 2014-01-06 18:59 - 00000000 ____D () C:\Users\ok_000\Desktop\Klasse
2014-01-06 18:59 - 2014-01-06 18:59 - 00000000 ____D () C:\Users\ok_000\Desktop\Jubiläum
2014-01-06 18:58 - 2014-01-06 18:58 - 00000000 ____D () C:\Users\ok_000\Desktop\Bilder Endres
Some content of TEMP:
====================
C:\Users\ok_000\AppData\Local\Temp\OfficeSetup.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2013-11-14 09:11] - [2013-11-14 09:11] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\wininit.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-28 14:04
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by ok_000 at 2014-02-05 16:30:15
Running from C:\Users\ok_000\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Trend Micro Titanium Maximum Security (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Titanium Maximum Security (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Apple Application Support (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 3.0 (Version: - )
Canon MP550 series MP Drivers (Version: - Canon Inc.)
iCloud (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Management Engine Components (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (Version: 10.18.10.3379 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.4.62 - Apple Inc.)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Platform (Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (Version: 8.21.909.2013 - Realtek)
Realtek Ethernet Diagnostic Utility (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Trend Micro Titanium (Version: 7.0 - Trend Micro Inc.) Hidden
Trend Micro Titanium Maximum Security (Version: 7.0 - Trend Micro Inc.)
VIA Plattform-Geräte-Manager (Version: 1.42 - VIA Technologies, Inc.)
Web Check (Version: - )
==================== Restore Points =========================
19-01-2014 10:41:42 Windows Update
26-01-2014 14:28:13 Geplanter Prüfpunkt
01-02-2014 20:59:31 Windows Modules Installer
01-02-2014 21:27:43 Free Pdf Perfect Prereq
01-02-2014 21:48:04 Free Pdf Perfect Prereq
05-02-2014 10:51:40 Windows Update
==================== Hosts content: ==========================
2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {00BC77BF-3352-4FE8-9617-4F1B27BEC19A} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {0A9C128F-3CA1-4C71-B200-42D9702BCAFB} - System32\Tasks\Titanium BTC => D:\Trend Micro\Titanium\plugin\TMDC\TMDC.exe [2013-08-27] (Trend Micro Inc.)
Task: {17233BE9-87E9-40B0-B003-AE9D2B92CBBE} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {1B2B704C-ED08-4F0D-8EAC-96C08A7A4A02} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {2BE65564-89D1-4396-A5CC-D7D9283FC4A1} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {2FBC0D5B-7D99-4F9D-BC64-16CDB892121F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-15] (Microsoft Corporation)
Task: {392EB017-207C-42BF-A061-F3BE721F456C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {4B7EF56A-8A42-4BD2-BB5C-7C389AC54A37} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5700ACE8-D0AF-4BA7-98B6-1033521A877A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {6E84A59B-1863-4B21-8BD8-C9B20FD15484} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7C7CF1DA-F461-4850-96B2-ADCA8A67E59C} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {8B5819AE-7B44-478B-A3D3-8846AF160A8F} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {8CECADCB-8BA5-4289-9636-5960C703B9AF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for OLIVER-ok_000 Oliver => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-15] (Microsoft Corporation)
Task: {92ED6570-4654-4BFA-9A6C-1084C6939C16} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {997C8BBD-710B-4E66-B5BC-CC09575A58D2} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {A5D45ED3-F524-4574-8F39-527F3729D1E2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {C0D0F7C4-419F-41B3-90A2-FE79270B828A} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {CF5A1DDC-D14D-4D59-AD49-A19A645B087B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCF55BED-B1DF-4ABF-8D85-6542C7007799} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E4C8774A-2818-45A4-8A6D-11DDF6348886} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E608C76F-DF69-4901-B371-BC0002464436} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
==================== Loaded Modules (whitelisted) =============
2013-12-31 23:42 - 2014-01-01 00:10 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-01-15 12:51 - 2014-01-15 12:51 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-31 01:36 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-21 23:37 - 2013-07-23 16:28 - 00049152 _____ () D:\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll
2014-01-21 23:37 - 2013-07-23 16:28 - 00039424 _____ () D:\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll
2014-01-21 20:59 - 2014-01-21 20:59 - 16287624 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll
2013-12-31 23:40 - 2013-12-31 23:40 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-01-15 12:37 - 2014-01-15 12:37 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2014-01-15 12:40 - 2014-01-15 12:48 - 01027240 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-01-15 12:51 - 2014-01-15 12:54 - 00321704 _____ () C:\Program Files\Microsoft Office 15\root\office15\msfad.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\ok_000\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2014 11:52:01 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/01/2014 10:48:08 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/01/2014 10:27:43 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/01/2014 09:59:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (01/26/2014 03:28:17 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (01/22/2014 00:07:20 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (01/19/2014 11:41:55 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (01/16/2014 05:23:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_StiSvc, Version: 6.3.9600.16384, Zeitstempel: 0x52157be5
Name des fehlerhaften Moduls: CNC550C.dll, Version: 1.0.2.0, Zeitstempel: 0x49d5b3f7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003720
ID des fehlerhaften Prozesses: 0x6ec
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_StiSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_StiSvc1
Pfad des fehlerhaften Moduls: svchost.exe_StiSvc2
Berichtskennung: svchost.exe_StiSvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_StiSvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_StiSvc5
Error: (01/16/2014 05:22:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_StiSvc, Version: 6.3.9600.16384, Zeitstempel: 0x52157be5
Name des fehlerhaften Moduls: CNC550C.dll, Version: 1.0.2.0, Zeitstempel: 0x49d5b3f7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003720
ID des fehlerhaften Prozesses: 0x6fc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_StiSvc0
Pfad der fehlerhaften Anwendung: svchost.exe_StiSvc1
Pfad des fehlerhaften Moduls: svchost.exe_StiSvc2
Berichtskennung: svchost.exe_StiSvc3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_StiSvc4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_StiSvc5
Error: (01/15/2014 00:48:44 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
System errors:
=============
Error: (02/05/2014 11:32:06 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/05/2014 10:00:00 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/04/2014 02:30:32 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/04/2014 04:57:41 AM) (Source: DCOM) (User: OLIVER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/04/2014 04:57:41 AM) (Source: DCOM) (User: OLIVER)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (02/03/2014 00:32:15 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/02/2014 04:36:35 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/02/2014 04:31:01 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT-AUTORITÄT)
Description: 32212256844720942153516268
Error: (02/02/2014 04:31:25 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 02.02.2014 um 00:34:59 unerwartet heruntergefahren.
Error: (02/01/2014 10:42:03 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
Error: (02/05/2014 11:52:01 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (02/01/2014 10:48:08 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (02/01/2014 10:27:43 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (02/01/2014 09:59:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (01/26/2014 03:28:17 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (01/22/2014 00:07:20 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
Error: (01/19/2014 11:41:55 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (01/16/2014 05:23:40 PM) (Source: Application Error)(User: )
Description: svchost.exe_StiSvc6.3.9600.1638452157be5CNC550C.dll1.0.2.049d5b3f7c0000005000037206ec01cf12d74f58ccddC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CNC550C.dll8ef4d345-7eca-11e3-afac-94de80ca5e73
Error: (01/16/2014 05:22:19 PM) (Source: Application Error)(User: )
Description: svchost.exe_StiSvc6.3.9600.1638452157be5CNC550C.dll1.0.2.049d5b3f7c0000005000037206fc01cf12d71e7352efC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\CNC550C.dll5e9bcfcd-7eca-11e3-afab-94de80ca5e73
Error: (01/15/2014 00:48:44 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 2967.54 MB
Available physical RAM: 1108.79 MB
Total Pagefile: 6039.54 MB
Available Pagefile: 3976.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1855.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:136.37 GB) (Free:67.33 GB) NTFS
Drive d: () (Fixed) (Total:195.31 GB) (Free:192.95 GB) NTFS
Drive e: () (Fixed) (Total:133.73 GB) (Free:133.57 GB) NTFS
Drive f: (Gigabyte) (CDROM) (Total:3.51 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 2D2D2D2C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=136 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=329 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
06.02.2014, 01:47
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro Titanium Maximum Security geht nicht mehrZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.02.2014, 08:03
| #5 |
| | Trend Micro Titanium Maximum Security geht nicht mehr ja ok ist doch gelaufen und nun ? |
|
06.02.2014, 11:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro Titanium Maximum Security geht nicht mehr Was denn jetzt, warum thematisierst du das denn wenn es kein Problem ist. Ich kann ja schlecht wissen was du in der Zwischenzeit machst oder glaubst ich bin  Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Trend Micro Titanium Maximum Security geht nicht mehr |
|
06.02.2014, 13:02
| #7 |
| | Trend Micro Titanium Maximum Security geht nicht mehr ne weil du nur geschriebn hattest das es bei win 8 auch geht. ich dir aber schon die dateien gepostet hatte. dachte ich du hast es nicht gesehen? Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
Database version: v2014.02.06.04
Windows 8 x86 NTFS
Internet Explorer 11.0.9600.16476
ok_000 :: OLIVER [administrator]
06.02.2014 12:45:39
mbar-log-2014-02-06 (12-45-39).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 221049
Time elapsed: 11 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\ok_000\AppData\Local\DownloadGuide\plus-hd-3-8.exe (Heuristics.Shuriken) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
06.02.2014, 13:46
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro Titanium Maximum Security geht nicht mehr Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2014, 14:14
| #9 |
| | Trend Micro Titanium Maximum Security geht nicht mehr schritt 3 haben wir doch schon gemacht nochmal dann machen ? hier adwcleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 06/02/2014 um 14:08:51
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (32 bits)
# Benutzername : ok_000 - OLIVER
# Gestartet von : C:\Users\ok_000\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\ok_000\AppData\Local\DownloadGuide
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\heoldelcflnigdllmlopiefhkkobendj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKCU\Software\Imesh
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16384
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\ok_000\AppData\Roaming\Mozilla\Firefox\Profiles\n2u3jhcu.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1500 octets] - [06/02/2014 14:01:27]
AdwCleaner[S0].txt - [1423 octets] - [06/02/2014 14:08:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1483 octets] ##########
hier jrt:JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8.1 Pro x86
Ran by ok_000 on 06.02.2014 at 14:19:01,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\ok_000\AppData\Roaming\mozilla\firefox\profiles\n2u3jhcu.default\minidumps [8 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.02.2014 at 14:20:21,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- --- --- FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014
Ran by ok_000 (administrator) on OLIVER on 06-02-2014 14:59:45
Running from C:\Users\ok_000\Downloads
Microsoft Windows 8.1 Pro (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) D:\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Apple Inc.) D:\Programme\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x86__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - D:\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [143792 2013-10-09] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] - D:\Programme\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - D:\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: TmIEPlugInBHO Class - {959A5673-7971-48e6-AF54-58F745AC4ABC} - D:\Trend Micro\AMSP\module\20013\3.0.1277\1.6.1092\TmopIEPlg.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - D:\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll No File
BHO: Web Check - {E155F23C-9931-47c6-A619-20E6FCA86D75} - C:\Program Files\Web Check\WebCheck.dll (Web Check)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - D:\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - D:\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\TmBpIe32.dll No File
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - D:\Trend Micro\AMSP\module\20013\3.0.1277\1.6.1092\TmopIEPlg.dll No File
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - D:\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - D:\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ok_000\AppData\Roaming\Mozilla\Firefox\Profiles\n2u3jhcu.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FRITZ!Box AddOn - C:\Users\ok_000\AppData\Roaming\Mozilla\Firefox\Profiles\n2u3jhcu.default\Extensions\fb_add_on@avm.de [2014-01-07]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - D:\Trend Micro\AMSP\module\20002\8.0.1135\8.0.1135\firefoxextension
FF HKLM\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - D:\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\
FF Extension: Trend Micro Osprey Firefox Extension - D:\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ []
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - D:\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - D:\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2014-01-21]
FF HKLM\...\Firefox\Extensions: [{52b0f3db-f988-4788-b9dc-861d016f4487}] - C:\Program Files\Web Check\WebCheck.xpi
FF Extension: Web Check - C:\Program Files\Web Check\WebCheck.xpi [2013-08-12]
========================== Services (Whitelisted) =================
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [279000 2013-12-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [595968 2013-08-27] (Intel(R) Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [642520 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-10-31] (Microsoft Corporation)
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2014-02-01] (soft Xpansion)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [278264 2013-08-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22240 2013-08-22] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2013-11-14] (Microsoft Corporation)
S2 Amsp; "D:\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
==================== Drivers (Whitelisted) ====================
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2013-08-22] (Microsoft Corporation)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [33176 2013-12-15] (Intel Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2013-12-15] (Intel Corporation)
R3 MEI; C:\WINDOWS\system32\DRIVERS\TeeDriver.sys [85464 2013-09-16] (Intel Corporation)
R1 MpKsl02cebce1; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88061186-BBD2-4935-A6BD-C6828C94FE95}\MpKsl02cebce1.sys [40392 2014-02-06] (Microsoft Corporation)
R2 RtNdPt630; C:\WINDOWS\system32\DRIVERS\RtNdPt630.sys [23256 2013-09-26] (Realtek Semiconductor Corp.)
S3 RTTEAMPT; C:\WINDOWS\system32\DRIVERS\RtTeam620.sys [49808 2012-07-03] (Realtek Corporation)
S3 RTVLANPT; C:\WINDOWS\system32\DRIVERS\RtVlan620.sys [27792 2012-09-01] (Realtek Corporation)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [102904 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [288840 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
S3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [85280 2013-06-13] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [32272 2013-07-11] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [83352 2013-09-04] (Trend Micro Inc.)
S3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [282272 2013-05-22] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [84768 2013-07-08] (Trend Micro Inc.)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [93024 2013-08-22] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [187392 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-06 14:57 - 2014-02-06 14:57 - 00000000 ____D () C:\Users\ok_000\Downloads\FRST-OlderVersion
2014-02-06 14:20 - 2014-02-06 14:20 - 00000751 _____ () C:\Users\ok_000\Desktop\JRT.txt
2014-02-06 14:19 - 2014-02-06 14:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-06 14:18 - 2014-02-06 14:18 - 01037530 _____ (Thisisu) C:\Users\ok_000\Downloads\JRT.exe
2014-02-06 14:00 - 2014-02-06 14:08 - 00000000 ____D () C:\AdwCleaner
2014-02-06 14:00 - 2014-02-06 14:00 - 01166132 _____ () C:\Users\ok_000\Downloads\adwcleaner.exe
2014-02-06 12:45 - 2014-02-06 12:45 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-06 12:45 - 2014-02-06 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 12:43 - 2014-02-06 12:43 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-06 12:40 - 2014-02-06 12:41 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ok_000\Downloads\mbar-1.07.0.1009.exe
2014-02-05 16:30 - 2014-02-05 16:30 - 00018705 _____ () C:\Users\ok_000\Downloads\Addition.txt
2014-02-05 16:29 - 2014-02-06 14:59 - 00011146 _____ () C:\Users\ok_000\Downloads\FRST.txt
2014-02-05 16:29 - 2014-02-06 14:57 - 00000000 ____D () C:\FRST
2014-02-05 16:28 - 2014-02-06 14:57 - 01139200 _____ (Farbar) C:\Users\ok_000\Downloads\FRST.exe
2014-02-05 16:26 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\ok_000\Documents\My Received Files
2014-02-05 16:26 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\MusicNet
2014-02-05 16:23 - 2014-02-05 16:23 - 01431792 _____ (iMesh Inc) C:\Users\ok_000\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 14:26 - 2014-02-05 14:26 - 00288967 _____ () C:\Users\ok_000\AppData\Local\census.cache
2014-02-05 14:26 - 2014-02-05 14:26 - 00100687 _____ () C:\Users\ok_000\AppData\Local\ars.cache
2014-02-05 11:36 - 2014-02-05 11:36 - 02002320 _____ (Trend Micro Inc.) C:\Users\ok_000\Downloads\HousecallLauncher.exe
2014-02-01 22:28 - 2014-02-02 16:31 - 00000000 ____D () C:\ProgramData\Freemium
2014-02-01 22:28 - 2014-02-01 22:28 - 00010464 _____ () C:\WINDOWS\system32\sx_p2d.tlb
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Users\ok_000\Downloads\freepdf
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Program Files\Common Files\soft Xpansion
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Program Files\Common Files\Freemium
2014-02-01 22:27 - 2014-02-01 22:27 - 00000000 ____D () C:\Program Files\Web Check
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-01 22:01 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-02-01 22:01 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-01 22:01 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-02-01 21:59 - 2014-02-01 21:59 - 00666504 _____ () C:\Users\ok_000\Downloads\free-pdf-perfect_1.0_de-DE.exe
2014-01-23 16:07 - 2014-01-23 16:07 - 00001550 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-23 16:07 - 2014-01-23 16:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-23 16:07 - 2014-01-23 16:07 - 00000000 ____D () C:\Program Files\iPod
2014-01-22 14:37 - 2014-01-22 14:37 - 265510263 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-22 14:37 - 2014-01-22 14:37 - 00154712 _____ () C:\WINDOWS\Minidump\012214-17421-01.dmp
2014-01-22 14:37 - 2014-01-22 14:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-21 23:49 - 2014-01-21 23:49 - 00000000 __SHD () C:\TMRescueDisk
2014-01-21 23:44 - 2014-01-21 23:44 - 00001050 _____ () C:\Users\ok_000\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-01-21 23:44 - 2014-01-21 23:44 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-01-21 23:44 - 2014-01-21 23:44 - 00000000 ____D () C:\Users\ok_000\AppData\Local\Trend Micro
2014-01-21 23:44 - 2013-09-04 07:23 - 00102904 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmactmon.sys
2014-01-21 23:44 - 2013-09-04 07:20 - 00083352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmevtmgr.sys
2014-01-21 23:44 - 2013-09-04 07:12 - 00288840 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-01-21 23:44 - 2013-07-11 03:39 - 00032272 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmel.sys
2014-01-21 23:44 - 2013-07-08 04:16 - 00084768 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmusa.sys
2014-01-21 23:44 - 2013-07-01 14:08 - 00040736 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\TMEBC32.sys
2014-01-21 23:44 - 2013-06-13 07:35 - 00085280 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmeevw.sys
2014-01-21 23:44 - 2013-05-22 16:37 - 00282272 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmnciesc.sys
2014-01-21 23:43 - 2014-01-22 00:31 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-01-21 23:43 - 2014-01-21 23:43 - 00000045 _____ () C:\WINDOWS\system32\SupportTool.exe.bat
2014-01-21 23:38 - 2014-02-05 11:41 - 00000036 _____ () C:\Users\ok_000\AppData\Local\housecall.guid.cache
2014-01-21 23:27 - 2014-01-21 23:37 - 90359472 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-01-21 23:25 - 2014-01-21 23:26 - 06631328 _____ (Trend Micro Inc.) C:\Users\ok_000\Downloads\Titanium_Maximum_Security_2014.exe
2014-01-15 02:49 - 2013-12-09 00:43 - 00609792 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 02:49 - 2013-11-27 15:09 - 02872688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 02:49 - 2013-11-27 11:46 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 02:49 - 2013-11-27 10:54 - 00103936 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 02:49 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 02:49 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 02:49 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-10 14:28 - 2014-01-10 14:28 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-01-10 14:28 - 2014-01-10 14:28 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Canon
2014-01-07 15:17 - 2014-01-07 15:17 - 00002053 _____ () C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
2014-01-07 15:17 - 2014-01-07 15:17 - 00000000 ____D () C:\Program Files\Canon
2014-01-07 15:13 - 2014-01-07 15:17 - 49904760 _____ () C:\Users\ok_000\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2014-01-07 15:13 - 2014-01-07 15:13 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-01-07 15:11 - 2014-01-07 15:12 - 21286032 _____ () C:\Users\ok_000\Downloads\mp68-win-mp550-1_05-ea24.exe
2014-01-07 15:07 - 2014-01-07 15:07 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2014-01-07 15:07 - 2014-01-07 15:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-07 15:07 - 2010-04-24 05:00 - 00272384 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM9Z.DLL
2014-01-07 15:07 - 2009-04-03 16:00 - 01310720 _____ (CANON INC.) C:\WINDOWS\system32\CNC550C.dll
2014-01-07 15:07 - 2009-04-03 15:59 - 00110592 _____ (CANON INC.) C:\WINDOWS\system32\CNC550I.dll
2014-01-07 15:07 - 2009-04-03 15:57 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC550U.dll
2014-01-07 15:07 - 2009-03-19 14:38 - 00303104 _____ (CANON INC.) C:\WINDOWS\system32\CNC550L.dll
2014-01-07 15:07 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA.dll
==================== One Month Modified Files and Folders =======
2014-02-06 14:59 - 2014-02-05 16:29 - 00011146 _____ () C:\Users\ok_000\Downloads\FRST.txt
2014-02-06 14:59 - 2014-02-05 16:29 - 00000000 ____D () C:\FRST
2014-02-06 14:57 - 2014-02-06 14:57 - 00000000 ____D () C:\Users\ok_000\Downloads\FRST-OlderVersion
2014-02-06 14:57 - 2014-02-05 16:28 - 01139200 _____ (Farbar) C:\Users\ok_000\Downloads\FRST.exe
2014-02-06 14:34 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-06 14:28 - 2013-12-31 22:01 - 01892910 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-06 14:20 - 2014-02-06 14:20 - 00000751 _____ () C:\Users\ok_000\Desktop\JRT.txt
2014-02-06 14:19 - 2014-02-06 14:19 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-06 14:18 - 2014-02-06 14:18 - 01037530 _____ (Thisisu) C:\Users\ok_000\Downloads\JRT.exe
2014-02-06 14:10 - 2013-12-31 23:04 - 00000000 __RDO () C:\Users\ok_000\SkyDrive
2014-02-06 14:10 - 2013-08-22 08:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-06 14:09 - 2013-08-22 07:13 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-06 14:08 - 2014-02-06 14:00 - 00000000 ____D () C:\AdwCleaner
2014-02-06 14:00 - 2014-02-06 14:00 - 01166132 _____ () C:\Users\ok_000\Downloads\adwcleaner.exe
2014-02-06 14:00 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-06 12:58 - 2013-11-14 00:00 - 00030842 _____ () C:\WINDOWS\PFRO.log
2014-02-06 12:45 - 2014-02-06 12:45 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-02-06 12:45 - 2014-02-06 12:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-06 12:43 - 2014-02-06 12:43 - 00075480 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-02-06 12:41 - 2014-02-06 12:40 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ok_000\Downloads\mbar-1.07.0.1009.exe
2014-02-05 16:30 - 2014-02-05 16:30 - 00018705 _____ () C:\Users\ok_000\Downloads\Addition.txt
2014-02-05 16:26 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\ok_000\Documents\My Received Files
2014-02-05 16:26 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\MusicNet
2014-02-05 16:23 - 2014-02-05 16:23 - 01431792 _____ (iMesh Inc) C:\Users\ok_000\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 14:45 - 2014-01-06 19:00 - 00088064 _____ () C:\Users\ok_000\Desktop\Stunden.xls
2014-02-05 14:26 - 2014-02-05 14:26 - 00288967 _____ () C:\Users\ok_000\AppData\Local\census.cache
2014-02-05 14:26 - 2014-02-05 14:26 - 00100687 _____ () C:\Users\ok_000\AppData\Local\ars.cache
2014-02-05 11:41 - 2014-01-21 23:38 - 00000036 _____ () C:\Users\ok_000\AppData\Local\housecall.guid.cache
2014-02-05 11:36 - 2014-02-05 11:36 - 02002320 _____ (Trend Micro Inc.) C:\Users\ok_000\Downloads\HousecallLauncher.exe
2014-02-04 14:38 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-02 16:31 - 2014-02-01 22:28 - 00000000 ____D () C:\ProgramData\Freemium
2014-02-01 23:12 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-01 22:28 - 2014-02-01 22:28 - 00010464 _____ () C:\WINDOWS\system32\sx_p2d.tlb
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Users\ok_000\Downloads\freepdf
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Program Files\Common Files\soft Xpansion
2014-02-01 22:28 - 2014-02-01 22:28 - 00000000 ____D () C:\Program Files\Common Files\Freemium
2014-02-01 22:28 - 2014-01-06 19:00 - 00033280 ___SH () C:\Users\ok_000\Desktop\Thumbs.db
2014-02-01 22:27 - 2014-02-01 22:27 - 00000000 ____D () C:\Program Files\Web Check
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-01 22:04 - 2014-02-01 22:04 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-01 22:04 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\system32\de-DE
2014-02-01 21:59 - 2014-02-01 21:59 - 00666504 _____ () C:\Users\ok_000\Downloads\free-pdf-perfect_1.0_de-DE.exe
2014-01-30 21:47 - 2013-08-22 09:18 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-01-30 21:47 - 2013-08-22 09:18 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-01-23 16:07 - 2014-01-23 16:07 - 00001550 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-23 16:07 - 2014-01-23 16:07 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-23 16:07 - 2014-01-23 16:07 - 00000000 ____D () C:\Program Files\iPod
2014-01-23 16:07 - 2014-01-02 12:40 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-01-23 16:05 - 2014-01-02 12:40 - 00000000 ____D () C:\ProgramData\Apple
2014-01-22 23:39 - 2013-12-31 21:55 - 00000000 ____D () C:\Users\ok_000
2014-01-22 14:37 - 2014-01-22 14:37 - 265510263 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-22 14:37 - 2014-01-22 14:37 - 00154712 _____ () C:\WINDOWS\Minidump\012214-17421-01.dmp
2014-01-22 14:37 - 2014-01-22 14:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-22 14:32 - 2013-08-22 07:13 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-01-22 00:31 - 2014-01-21 23:43 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-01-21 23:49 - 2014-01-21 23:49 - 00000000 __SHD () C:\TMRescueDisk
2014-01-21 23:44 - 2014-01-21 23:44 - 00001050 _____ () C:\Users\ok_000\Desktop\Trend Micro Titanium Maximum Security.lnk
2014-01-21 23:44 - 2014-01-21 23:44 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
2014-01-21 23:44 - 2014-01-21 23:44 - 00000000 ____D () C:\Users\ok_000\AppData\Local\Trend Micro
2014-01-21 23:44 - 2012-07-26 07:53 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-01-21 23:43 - 2014-01-21 23:43 - 00000045 _____ () C:\WINDOWS\system32\SupportTool.exe.bat
2014-01-21 23:37 - 2014-01-21 23:27 - 90359472 _____ (Trend Micro Inc.) C:\Users\Public\Desktop\Trend_Micro.exe
2014-01-21 23:26 - 2014-01-21 23:25 - 06631328 _____ (Trend Micro Inc.) C:\Users\ok_000\Downloads\Titanium_Maximum_Security_2014.exe
2014-01-21 21:18 - 2014-01-02 17:10 - 00000000 ____D () C:\Users\ok_000\AppData\Local\Adobe
2014-01-19 11:40 - 2013-12-31 23:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-19 08:37 - 2013-12-31 01:05 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-16 17:23 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-15 12:54 - 2013-12-31 01:00 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 12:54 - 2013-12-31 01:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-14 10:23 - 2014-01-06 19:00 - 00000000 ____D () C:\Users\ok_000\Desktop\VfR
2014-01-13 02:43 - 2014-01-06 18:58 - 00000000 ____D () C:\Users\ok_000\Desktop\Bewerbung
2014-01-10 14:28 - 2014-01-10 14:28 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-01-10 14:28 - 2014-01-10 14:28 - 00000000 ____D () C:\Users\ok_000\AppData\Roaming\Canon
2014-01-08 12:36 - 2014-01-01 16:34 - 00000000 ____D () C:\Users\ok_000\AppData\Local\PackageStaging
2014-01-07 15:17 - 2014-01-07 15:17 - 00002053 _____ () C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
2014-01-07 15:17 - 2014-01-07 15:17 - 00000000 ____D () C:\Program Files\Canon
2014-01-07 15:17 - 2014-01-07 15:13 - 49904760 _____ () C:\Users\ok_000\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2014-01-07 15:13 - 2014-01-07 15:13 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-01-07 15:12 - 2014-01-07 15:11 - 21286032 _____ () C:\Users\ok_000\Downloads\mp68-win-mp550-1_05-ea24.exe
2014-01-07 15:07 - 2014-01-07 15:07 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2014-01-07 15:07 - 2014-01-07 15:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-01-07 15:07 - 2013-11-14 09:09 - 01686150 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-07 15:07 - 2013-08-22 09:17 - 00000000 __RSD () C:\WINDOWS\Media
2014-01-07 15:07 - 2013-08-22 09:17 - 00000000 ____D () C:\WINDOWS\twain_32
2014-01-07 15:06 - 2013-08-22 08:23 - 00292440 _____ () C:\WINDOWS\setupact.log
Some content of TEMP:
====================
C:\Users\ok_000\AppData\Local\Temp\OfficeSetup.exe
C:\Users\ok_000\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2013-11-14 09:11] - [2013-11-14 09:11] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\wininit.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-06 08:07
==================== End Of Log ============================
Geändert von pako1 (06.02.2014 um 15:04 Uhr) |
|
06.02.2014, 15:14
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro Titanium Maximum Security geht nicht mehr Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2014, 16:05
| #11 |
| | Trend Micro Titanium Maximum Security geht nicht mehr Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.06.05 Windows 8 x86 NTFS Internet Explorer 11.0.9600.16476 ok_000 :: OLIVER [Administrator] 06.02.2014 15:58:08 mbam-log-2014-02-06 (15-58-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217597 Laufzeit: 5 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\ok_000\Downloads\iMeshSetup-r1487-w-bf.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
06.02.2014, 16:21
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro Titanium Maximum Security geht nicht mehr Was ist mit ESET? Log bitte in CODE-Tags
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2014, 19:03
| #13 |
| | Trend Micro Titanium Maximum Security geht nicht mehr eset scannt noch ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=68d5359c0532f0449d1d8845675a8605 # engine=16967 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-06 04:35:12 # local_time=2014-02-06 05:35:12 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=5893 16776573 100 94 10522 14564001 0 0 # scanned=126645 # found=1 # cleaned=0 # scan_time=4752 sh=3C261308BBA4A58D1D5BB7D5E675C4D9E754E590 ft=1 fh=0012dbe19458ff32 vn="a variant of Win32/AdWare.AddLyrics.AB application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ok_000\AppData\Local\DownloadGuide\best-markit_2040-5390.exe.vir" |
|
07.02.2014, 00:17
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trend Micro Titanium Maximum Security geht nicht mehr TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2014, 02:36
| #15 |
| | Trend Micro Titanium Maximum Security geht nicht mehr also system läuft ohne probleme (war vorher aber auch so). einzig was immer noch nicht geht ist halt trend micro maximum. nochmal neu installieren oder gibt es ein anderes problem warum ich es nicht öffnen kann? und dann nochmal zu deiner frage mit den cookies etc. habe die pw eh nie gespeichert sondern jedesmal eingegeben. aber mir geht das ganze auf den keks mit 30 verschiedenen pw zu ändern und auf zu schreiben. Soll ich da mit keypass2 machen ? oder mit dem neuen personalausweis? |
|
| Themen zu Trend Micro Titanium Maximum Security geht nicht mehr |
| andere, datenklau, doppelklick, frage, gefunde, geht nicht mehr, gescannt, hintergrund, homepage, infiziertes, liebe, lieben, mail, micro, möglichkeit, neue, neuen, nicht mehr, nichts, nutze, nutzen, security, system, trend, win |
Linear-Darstellung
