|
Plagegeister aller Art und deren Bekämpfung: Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.04.2014, 17:06 | #1 |
| Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliert Hallo Trojaner-Board, Hier mein Problem: Ich habe bei meinem alten Germanwings Account das Passwort vergessen und ein neues angefordert. Daraufhin hat mir Germanwings eine Email zugestellt. Ich habe die Email mit Thunderbird abgerufen. Darin wurde allerdings kein temporaeres Passwort angezeigt, sondern nur "***** Das Passwort ist zu Ihrem Schutz nicht sichtbar". Als ich die gleiche(?) Email ueber mein Smartphone gelessen habe, war der Text ganz anders und das temporaere Passwort wurde angezeigt. Laut Absender, Replyadresse und Absendezeit sollte dies aber die gleiche Email sein. Thunderbird und Smartphone sind an meinen Email-Provider (web.de) per IMAP angebunden. Hier die Logs: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:48 on 23/04/2014 ([USRNAME]) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-23 17:24:22 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 ST1000LM024_HN-M101MBB rev.2BA30001 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\[USRNAME]\AppData\Local\Temp\fxldrpob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000130c00 15 bytes [00, 8E, 0B, 02, 80, 32, 6E, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000130c10 11 bytes [00, 41, FC, FF, C0, 7D, F9, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\wininit.exe[656] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[888] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[576] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[1108] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1320] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[1676] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1700] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1180] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2264] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2308] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[2664] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2144] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[3708] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[4512] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\System32\WinLogon.exe[6288] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd058528c0 7 bytes JMP 00007ffe02dc02d0 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd058543d8 7 bytes JMP 00007ffe02dc0308 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd05901f20 7 bytes JMP 00007ffe02dc0378 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd059040b4 7 bytes JMP 00007ffe02dc03b0 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd05904510 7 bytes JMP 00007ffe02dc0340 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffd05904af0 7 bytes JMP 00007ffe02dc0260 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd0592cea0 7 bytes JMP 00007ffe02dc0228 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd0592cf10 7 bytes JMP 00007ffe02dc0298 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd02e22300 7 bytes JMP 00007ffe02dc00d8 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd02e25770 5 bytes JMP 00007ffe02dc0180 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd02e25860 5 bytes JMP 00007ffe02dc0148 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd02e25a30 5 bytes JMP 00007ffe02dc0110 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd04d3b6f4 10 bytes JMP 00007ffe02dc0490 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd04d445d8 5 bytes JMP 00007ffe02dc0458 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd04d44750 9 bytes JMP 00007ffe02dc03e8 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd04d54fc0 5 bytes JMP 00007ffe02dc0420 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd05091500 8 bytes JMP 00007ffe02dc01b8 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd05091750 8 bytes JMP 00007ffe02dc01f0 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ffd00d57c28 5 bytes JMP 00007ffe00d40110 .text C:\WINDOWS\System32\dwm.exe[6228] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ffd00d64b84 5 bytes JMP 00007ffe00d400d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5924] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\nvvsvc.exe[6788] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\nvvsvc.exe[6788] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0369169a 4 bytes [69, 03, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[6788] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd036916a2 4 bytes [69, 03, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[6788] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0369181a 4 bytes [69, 03, FD, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[6788] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd03691832 4 bytes [69, 03, FD, 7F] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6600] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6796] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\taskhostex.exe[1040] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\Explorer.EXE[4164] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4764] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[4960] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[1064] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Windows\System32\hkcmd.exe[4288] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Windows\System32\igfxpers.exe[5468] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[5776] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6372] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6920] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Windows\System32\rundll32.exe[6900] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[6464] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Dell\QuickSet\quickset.exe[6464] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0369169a 4 bytes [69, 03, FD, 7F] .text C:\Program Files\Dell\QuickSet\quickset.exe[6464] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd036916a2 4 bytes [69, 03, FD, 7F] .text C:\Program Files\Dell\QuickSet\quickset.exe[6464] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0369181a 4 bytes [69, 03, FD, 7F] .text C:\Program Files\Dell\QuickSet\quickset.exe[6464] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd03691832 4 bytes [69, 03, FD, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6648] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6648] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0369169a 4 bytes [69, 03, FD, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6648] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd036916a2 4 bytes [69, 03, FD, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6648] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0369181a 4 bytes [69, 03, FD, 7F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6648] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd03691832 4 bytes [69, 03, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[908] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[908] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd0369169a 4 bytes [69, 03, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[908] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd036916a2 4 bytes [69, 03, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[908] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd0369181a 4 bytes [69, 03, FD, 7F] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[908] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd03691832 4 bytes [69, 03, FD, 7F] .text C:\WINDOWS\system32\DllHost.exe[2804] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[3656] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4332] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\WINDOWS\system32\AUDIODG.EXE[4032] C:\WINDOWS\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[7024] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd0586553d 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [4440:6512] fffff96000845b90 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Vor dem Scan bereits, dass auf C:\WINDOWS\system32\config\system nicht zugegriffen werden kann (durch anderen Prozess geblockt). Die gleiche Warnung kam beim Scan noch einmal. Zusätzlich die gleiche Warnung fuer C:\Users\[USRNAME]\ntuser.dat. Meine Antivirensoftware (Avast) war von Anfang an drauf, ist aktuell und hat keinerlei Warnungen gegeben. Ich habe vorgestern noch Spybot installiert. Dort wurde "nur" ein Cookie-Tracker gefunden. Hier der Fixit Log: Code:
ATTFilter --- Report generated: 2014-04-21 20:39 --- DoubleClick: Verfolgender Cookie (Internet Explorer: [USRNAME]) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-01-26 TeaTimer.exe (1.6.4.26) 2014-04-21 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 advcheck.dll (1.6.2.15) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2014-03-05 Includes\Adware-000.sbi (*) 2014-01-08 Includes\Adware-001.sbi (*) 2014-04-15 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-01-08 Includes\Dialer-000.sbi (*) 2014-01-08 Includes\Dialer-001.sbi (*) 2014-01-08 Includes\Dialer-C.sbi (*) 2014-01-08 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2014-01-09 Includes\Fraud-000.sbi (*) 2014-01-09 Includes\Fraud-001.sbi (*) 2014-03-31 Includes\Fraud-002.sbi (*) 2014-01-09 Includes\Fraud-003.sbi (*) 2013-04-11 Includes\HeavyDuty.sbi (*) 2014-01-08 Includes\Hijackers-000.sbi (*) 2014-01-08 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-08 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-01-08 Includes\Keyloggers-000.sbi (*) 2014-03-19 Includes\Keyloggers-C.sbi (*) 2014-01-08 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2014-03-03 Includes\Malware-000.sbi (*) 2014-01-09 Includes\Malware-001.sbi (*) 2014-03-03 Includes\Malware-002.sbi (*) 2014-02-05 Includes\Malware-003.sbi (*) 2014-01-28 Includes\Malware-004.sbi (*) 2014-04-15 Includes\Malware-005.sbi (*) 2014-02-26 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2014-04-15 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2014-01-13 Includes\MalwareC.sbi (*) 2014-01-15 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2014-04-08 Includes\PUPS-C.sbi (*) 2014-01-13 Includes\PUPS.sbi (*) 2014-01-13 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-08 Includes\Security.sbi (*) 2014-01-13 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2014-01-28 Includes\Spyware-000.sbi (*) 2014-01-08 Includes\Spyware-001.sbi (*) 2014-01-08 Includes\Spyware-C.sbi (*) 2014-01-13 Includes\Spyware.sbi (*) 2014-01-08 Includes\SpywareC.sbi (*) 2012-11-19 Includes\Tracks.uti 2014-01-15 Includes\Trojans-000.sbi (*) 2014-02-26 Includes\Trojans-001.sbi (*) 2014-01-15 Includes\Trojans-002.sbi (*) 2014-01-28 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-03-19 Includes\Trojans-005.sbi (*) 2014-03-14 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-02-19 Includes\Trojans-008.sbi (*) 2014-01-15 Includes\Trojans-009.sbi (*) 2014-04-15 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-03-14 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-09 Includes\TrojansC-02.sbi (*) 2014-01-09 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-09 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll Mit besten Grüßen, M4tt0 |
23.04.2014, 18:49 | #2 |
/// the machine /// TB-Ausbilder | Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliert Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
23.04.2014, 19:02 | #3 |
| Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliert OK, mach ich. Danke, dass Du Dir mein Problem anschaust!
__________________FRST Log FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014 Ran by [USRNAME] (administrator) on R2D2 on 23-04-2014 16:50:28 Running from C:\Users\[USRNAME]\Desktop Windows 8.1 Pro (Update 1) (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (CANON INC.) C:\WINDOWS\system32\CNAB4RPD.EXE (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Dell) C:\Users\[USRNAME]\AppData\Local\Apps\2.0\4Y8BPRKN.5TP\XL4NCOCT.GQB\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Dell Products, LP) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-05] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-04-23] (Dell Inc.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-06] (Synaptics Incorporated) HKLM-x32\...\Run: [MetroTileShortcut] => "C:\Program Files\McAfeeAntiTheft\2.1.170.2\McATUIHost.exe" /IMAT_SHORTCUTS HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-05] (AVAST Software) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-949463278-63079330-1184419995-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [22629024 2014-03-03] (Microsoft Corporation) HKU\S-1-5-21-949463278-63079330-1184419995-1001\...\Run: [DellSystemDetect] => C:\Users\[USRNAME]\AppData\Local\Apps\2.0\4Y8BPRKN.5TP\XL4NCOCT.GQB\dell..tion_0f612f649c4a10af_0005.0006_f9e15713f5aac8ac\DellSystemDetect.exe [258160 2014-04-10] (Dell) HKU\S-1-5-21-949463278-63079330-1184419995-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-949463278-63079330-1184419995-1004\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB SearchScopes: HKLM - DefaultScope {A464ECC7-8D60-45FB-BB05-F7E7C10D90FD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB SearchScopes: HKLM - {A464ECC7-8D60-45FB-BB05-F7E7C10D90FD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB SearchScopes: HKLM-x32 - DefaultScope {A464ECC7-8D60-45FB-BB05-F7E7C10D90FD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB SearchScopes: HKLM-x32 - {A464ECC7-8D60-45FB-BB05-F7E7C10D90FD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB SearchScopes: HKCU - DefaultScope {A464ECC7-8D60-45FB-BB05-F7E7C10D90FD} URL = SearchScopes: HKCU - {A464ECC7-8D60-45FB-BB05-F7E7C10D90FD} URL = BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\[USRNAME]\AppData\Roaming\Mozilla\Firefox\Profiles\k6aofoyb.Martin FF Homepage: hxxp://www.tagesschau.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ActiveGS - C:\Users\[USRNAME]\AppData\Roaming\Mozilla\Firefox\Profiles\k6aofoyb.Martin\Extensions\activegs@freetoolsassociation.com [2014-03-07] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-27] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software) R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-11-11] (Intel Corporation) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [149496 2014-01-14] (Dell Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG) R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-06-01] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-26] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [197096 2013-05-10] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-06-01] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [1142768 2014-02-19] (Paramount Software UK Ltd) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [728328 2014-03-31] (DEVGURU Co., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-05] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-05] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-05] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-05] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-05] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-05] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-05] () S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [115656 2013-06-03] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21920 2013-05-10] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-05-10] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-05-10] () R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-18] (Microsoft Corporation) R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-05-10] () S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2014-03-18] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3648480 2013-10-08] (Intel Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-02-11] (CACE Technologies) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-03-18] (Microsoft Corporation) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-09-28] (Realsil Semiconductor Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-18] (Microsoft Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-06] (Synaptics Incorporated) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-03-18] (Microsoft Corporation) R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [91360 2013-04-11] (STMicroelectronics) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-04-10] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-23 16:50 - 2014-04-23 16:50 - 00020755 _____ () C:\Users\[USRNAME]\Desktop\FRST.txt 2014-04-23 16:50 - 2014-04-23 16:50 - 00000000 ____D () C:\FRST 2014-04-23 16:49 - 2014-04-23 16:49 - 02061312 _____ (Farbar) C:\Users\[USRNAME]\Desktop\FRST64.exe 2014-04-23 16:48 - 2014-04-23 16:48 - 00000474 _____ () C:\Users\[USRNAME]\Desktop\defogger_disable.log 2014-04-23 16:48 - 2014-04-23 16:48 - 00000000 _____ () C:\Users\[USRNAME]\defogger_reenable 2014-04-23 16:47 - 2014-04-23 16:47 - 00050477 _____ () C:\Users\[USRNAME]\Desktop\Defogger.exe 2014-04-21 21:00 - 2013-08-22 15:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140421-210023.backup 2014-04-21 16:58 - 2014-04-21 21:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-21 16:58 - 2014-04-21 20:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2014-04-21 16:56 - 2014-04-21 16:57 - 16409960 _____ (Safer Networking Limited ) C:\Users\[USRNAME]\Downloads\spybotsd162.exe 2014-04-20 14:55 - 2014-04-20 14:55 - 02545000 _____ (Dominik Reichl ) C:\Users\[USRNAME]\Downloads\KeePass-2.26-Setup.exe 2014-04-19 22:23 - 2014-04-19 22:24 - 325017215 _____ () C:\Users\[USRNAME]\Downloads\Whited00r71-iPhone3G-Unlocker.zip 2014-04-19 18:01 - 2014-04-19 18:04 - 338579762 _____ () C:\Users\[USRNAME]\Downloads\iPhone1,2_4.2.1_8C148_Restore.ipsw 2014-04-19 17:50 - 2014-04-19 21:28 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\redsn0w 2014-04-19 13:30 - 2014-04-19 13:34 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\Apple Computer 2014-04-19 13:30 - 2014-04-19 13:30 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Apple Computer 2014-04-19 13:29 - 2014-04-19 22:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-19 13:29 - 2014-04-19 13:29 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-04-19 13:28 - 2014-04-19 22:44 - 00000000 ____D () C:\ProgramData\Apple 2014-04-19 13:28 - 2014-04-19 13:28 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Apple 2014-04-19 13:25 - 2014-04-19 13:27 - 148885840 _____ (Apple Inc.) C:\Users\[USRNAME]\Downloads\iTunes64Setup.exe 2014-04-19 11:16 - 2014-04-19 11:16 - 00000022 _____ () C:\WINDOWS\S.dirmngr 2014-04-19 11:14 - 2014-04-09 14:00 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-04-19 11:14 - 2014-04-09 05:32 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-04-19 11:14 - 2014-04-09 05:31 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-04-19 11:14 - 2014-04-09 05:23 - 01705984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-04-19 11:14 - 2014-04-09 05:21 - 03408896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-04-19 11:08 - 2014-04-19 11:08 - 16002688 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\[USRNAME]\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.42.0.exe 2014-04-19 11:08 - 2014-04-19 11:08 - 00000000 ____D () C:\ProgramData\Samsung 2014-04-16 16:29 - 2014-04-16 17:41 - 00001950 _____ () C:\Users\Public\Desktop\Colin McRae Rally 2005.lnk 2014-04-15 14:36 - 2014-04-15 14:36 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Intel_Corporation 2014-04-14 13:25 - 2014-04-14 13:25 - 00000000 __SHD () C:\Users\[USRNAME]\AppData\Local\EmieUserList 2014-04-14 13:25 - 2014-04-14 13:25 - 00000000 __SHD () C:\Users\[USRNAME]\AppData\Local\EmieSiteList 2014-04-14 13:16 - 2014-04-20 13:37 - 00000000 ____D () C:\Users\[USRNAME]\Desktop\Stammzellspende 2014-04-14 12:31 - 2014-04-14 12:31 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-04-12 21:40 - 2014-04-12 21:40 - 00000000 ____D () C:\Users\[USRNAME]\Documents\Meine empfangenen Dateien 2014-04-12 20:39 - 2014-04-12 20:39 - 10689696 _____ (Irfan Skiljan) C:\Users\[USRNAME]\Downloads\irfanview_plugins_437_setup.exe 2014-04-11 22:32 - 2014-04-21 21:59 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\KeePass 2014-04-11 21:55 - 2014-04-21 21:50 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2 2014-04-11 21:54 - 2014-04-11 21:54 - 02537151 _____ (Dominik Reichl ) C:\Users\[USRNAME]\Downloads\keepass-2.25-setup.exe 2014-04-11 15:30 - 2014-04-11 15:30 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Brother 2014-04-11 11:22 - 2014-04-11 11:22 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\12166 2014-04-11 11:09 - 2014-04-11 11:09 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\NVIDIA 2014-04-11 10:40 - 2014-04-11 11:09 - 00000000 ____D () C:\Users\[USRNAME]\Documents\DVDFab9 2014-04-11 10:40 - 2014-04-11 10:40 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\DVDFab9 2014-04-11 10:40 - 2014-04-11 10:40 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 2014-04-11 10:39 - 2014-04-11 10:39 - 45424848 _____ (Fengtao Software Inc. ) C:\Users\[USRNAME]\Downloads\DVDFab9138.exe 2014-04-11 10:03 - 2014-04-11 10:37 - 00000000 ____D () C:\Burn 2014-04-11 09:59 - 2014-04-11 10:02 - 00000000 ____D () C:\Users\[USRNAME]\.MakeMKV 2014-04-11 09:55 - 2014-04-11 09:55 - 10054035 _____ (GuinpinSoft inc) C:\Users\[USRNAME]\Downloads\Setup_MakeMKV_v1.8.9.exe 2014-04-10 19:29 - 2014-04-10 19:29 - 00000303 _____ () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk 2014-04-10 19:28 - 2014-04-10 19:28 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\ControlCenter4 2014-04-10 19:05 - 2014-04-10 19:05 - 00000000 ____D () C:\ProgramData\ControlCenter4 2014-04-10 19:05 - 2014-04-10 19:05 - 00000000 ____D () C:\Program Files (x86)\Browny02 2014-04-10 19:05 - 2014-04-10 19:05 - 00000000 ____D () C:\Brother 2014-04-10 19:04 - 2014-04-10 19:05 - 00000066 _____ () C:\WINDOWS\Brfaxrx.ini 2014-04-10 19:04 - 2014-04-10 19:04 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\InstallShield 2014-04-10 19:04 - 2012-09-10 16:31 - 00245760 ____N (brother) C:\WINDOWS\SysWOW64\NSSearch.dll 2014-04-10 19:04 - 2012-07-09 17:19 - 00005120 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2S.dll 2014-04-10 19:04 - 2010-03-15 19:45 - 00073728 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2.dll 2014-04-10 19:04 - 2010-02-05 04:42 - 00180224 _____ (Brother Industries, Ltd.) C:\WINDOWS\SysWOW64\BROSNMP.DLL 2014-04-10 19:04 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\WINDOWS\SysWOW64\BrDctF2L.dll 2014-04-10 19:04 - 2003-11-28 18:57 - 00000000 _____ () C:\WINDOWS\brdfxspd.dat 2014-04-10 19:03 - 2014-04-10 19:03 - 00000000 ____D () C:\Users\[USRNAME]\Downloads\install 2014-04-10 19:02 - 2014-04-10 19:03 - 126514424 _____ (A.I.SOFT,INC.) C:\Users\[USRNAME]\Downloads\MFC-7360N-inst-C1-EU.EXE 2014-04-10 18:19 - 2014-04-10 18:19 - 32417600 _____ (Intel(R) Corporation) C:\Users\[USRNAME]\Downloads\Wireless_16.5.3_De164.exe 2014-04-10 17:58 - 2014-04-10 17:58 - 00000000 ___RD () C:\WINDOWS\BrowserChoice 2014-04-10 17:51 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-04-10 17:51 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-04-10 17:51 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-04-10 17:42 - 2014-04-10 17:42 - 00001448 _____ () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-10 17:42 - 2014-04-10 17:42 - 00000020 ___SH () C:\Users\[USRNAME]\ntuser.ini 2014-04-10 14:59 - 2014-04-10 17:43 - 00000000 ___DC () C:\WINDOWS\Panther 2014-04-10 14:59 - 2014-04-10 14:59 - 00000000 __SHD () C:\Recovery 2014-04-10 14:57 - 2014-04-10 14:57 - 21232792 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 18679216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 16875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 13286400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 12732416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 11791360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 08653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 06641152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 04268544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02519384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01466864 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01200296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01129472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2014-04-10 14:57 - 2014-04-10 14:57 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00958464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2014-04-10 14:57 - 2014-04-10 14:57 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00492256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-04-10 14:57 - 2014-04-10 14:57 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00463264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-04-10 14:57 - 2014-04-10 14:57 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2014-04-10 14:57 - 2014-04-10 14:57 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00406512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00388408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-04-10 14:57 - 2014-04-10 14:57 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2014-04-10 14:57 - 2014-04-10 14:57 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00244888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDScDrv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2014-04-10 14:56 - 2014-04-10 14:56 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\Program Files\MSBuild 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-04-10 14:48 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2014-04-10 14:48 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2014-04-10 14:48 - 2013-08-03 06:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2014-04-10 14:48 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2014-04-10 14:48 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2014-04-10 14:48 - 2013-08-03 06:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-04-10 14:29 - 2014-04-10 14:29 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2014-04-10 14:26 - 2014-04-10 14:26 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-04-10 14:19 - 2014-04-10 14:19 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-04-10 14:19 - 2014-04-10 14:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2014-04-10 14:12 - 2014-04-23 16:48 - 00000000 ____D () C:\Users\[USRNAME] 2014-04-10 14:12 - 2014-04-10 14:31 - 00032388 _____ () C:\WINDOWS\diagwrn.xml 2014-04-10 14:12 - 2014-04-10 14:31 - 00032388 _____ () C:\WINDOWS\diagerr.xml 2014-04-10 14:12 - 2014-04-10 14:20 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 14:12 - 2014-04-10 14:20 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-10 14:12 - 2014-04-10 14:13 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-10 14:12 - 2014-04-10 14:13 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 14:12 - 2014-04-10 14:13 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Vorlagen 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Startmenü 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Netzwerkumgebung 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Lokale Einstellungen 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Eigene Dateien 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Druckumgebung 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Documents\Eigene Musik 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Documents\Eigene Bilder 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\AppData\Local\Verlauf 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\AppData\Local\Anwendungsdaten 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Anwendungsdaten 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten 2014-04-10 14:12 - 2014-03-18 12:12 - 00000369 _____ () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-04-10 14:12 - 2014-03-18 12:12 - 00000369 _____ () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-04-10 14:12 - 2014-03-18 12:12 - 00000369 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-04-10 14:12 - 2014-03-18 12:12 - 00000369 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-04-10 14:12 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-10 14:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-10 14:12 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-10 14:04 - 2014-04-23 16:37 - 01632752 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-10 14:04 - 2014-04-10 14:16 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-10 14:04 - 2014-04-10 14:16 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-10 14:04 - 2014-04-10 14:04 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf 2014-04-10 14:04 - 2014-04-10 14:04 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf 2014-04-10 14:04 - 2014-04-10 14:04 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2014-04-10 14:04 - 2014-04-10 14:04 - 00000000 ____D () C:\WINDOWS\system32\NV 2014-04-10 14:04 - 2013-10-23 10:20 - 06669600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2014-04-10 14:04 - 2013-10-23 10:20 - 03489568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2014-04-10 14:04 - 2013-10-23 10:20 - 03426956 _____ () C:\WINDOWS\system32\nvcoproc.bin 2014-04-10 14:04 - 2013-10-23 10:20 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2014-04-10 14:04 - 2013-10-23 10:20 - 01064224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2014-04-10 14:04 - 2013-10-23 10:20 - 00922912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2014-04-10 14:04 - 2013-10-23 10:20 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2014-04-10 14:04 - 2013-10-23 10:20 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2014-04-10 14:04 - 2013-10-23 10:20 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2014-04-10 14:03 - 2014-04-10 14:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-10 14:03 - 2014-04-10 14:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-04-10 14:03 - 2014-04-10 14:03 - 00849522 _____ () C:\WINDOWS\system32\Drivers\rtwavesskdy.dat 2014-04-10 14:03 - 2014-04-10 14:03 - 00458970 _____ () C:\WINDOWS\system32\Drivers\rtwavesmapro.dat 2014-04-10 14:03 - 2014-04-10 14:03 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2014-04-10 14:03 - 2014-04-10 14:03 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs 2014-04-10 14:02 - 2014-04-10 18:20 - 00024236 _____ () C:\WINDOWS\DPINST.LOG 2014-04-10 14:02 - 2014-04-10 14:15 - 00000000 ____D () C:\Program Files\Intel 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ST_Accel_01011.Wdf 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\Synaptics 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\STMicroelectronics 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\Realtek 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\DIFX 2014-04-10 14:02 - 2014-01-25 02:23 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2014-04-10 14:02 - 2014-01-25 02:23 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2014-04-10 14:02 - 2012-07-13 16:31 - 00022168 _____ (ST Microelectronics) C:\WINDOWS\system32\Drivers\stdcfltn.sys 2014-04-10 13:34 - 2014-04-10 14:31 - 00006559 _____ () C:\WINDOWS\comsetup.log 2014-04-10 12:45 - 2014-04-19 11:56 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2014-04-10 12:45 - 2014-04-10 12:45 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2014-04-10 12:39 - 2014-04-10 12:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_INETMON_01011.Wdf 2014-04-10 12:39 - 2013-05-10 19:37 - 00029088 _____ () C:\WINDOWS\system32\Drivers\INETMON.sys 2014-04-10 12:34 - 2014-04-10 12:35 - 28719200 _____ () C:\Users\[USRNAME]\Downloads\App_ISCT_W84_X05_Setup-67C4P_ZPE.exe 2014-04-10 10:51 - 2014-04-10 14:20 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2014-04-10 10:51 - 2014-04-10 10:51 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Apps\2.0 2014-04-10 10:50 - 2014-04-10 10:50 - 00417872 _____ () C:\Users\[USRNAME]\Downloads\DellSystemDetect.exe 2014-04-07 16:42 - 2014-04-10 18:54 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\gnupg 2014-04-07 16:42 - 2014-04-07 16:42 - 00000000 ____D () C:\ProgramData\GNU 2014-04-07 16:42 - 2014-04-07 16:42 - 00000000 ____D () C:\Program Files (x86)\GNU 2014-04-07 16:41 - 2014-04-07 16:41 - 29689992 _____ (g10 Code GmbH) C:\Users\[USRNAME]\Downloads\gpg4win-2.2.1.exe 2014-04-05 22:18 - 2014-04-05 22:18 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-01 13:41 - 2014-04-01 13:41 - 00001936 _____ () C:\Users\Public\Desktop\Colin McRae Rally 3.lnk 2014-04-01 13:38 - 2014-04-01 13:40 - 00000000 ____D () C:\Install 2014-03-29 16:03 - 2014-03-29 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-25 22:35 - 2014-03-29 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2014-04-23 16:50 - 2014-04-23 16:50 - 00020755 _____ () C:\Users\[USRNAME]\Desktop\FRST.txt 2014-04-23 16:50 - 2014-04-23 16:50 - 00000000 ____D () C:\FRST 2014-04-23 16:49 - 2014-04-23 16:49 - 02061312 _____ (Farbar) C:\Users\[USRNAME]\Desktop\FRST64.exe 2014-04-23 16:48 - 2014-04-23 16:48 - 00000474 _____ () C:\Users\[USRNAME]\Desktop\defogger_disable.log 2014-04-23 16:48 - 2014-04-23 16:48 - 00000000 _____ () C:\Users\[USRNAME]\defogger_reenable 2014-04-23 16:48 - 2014-04-10 14:12 - 00000000 ____D () C:\Users\[USRNAME] 2014-04-23 16:47 - 2014-04-23 16:47 - 00050477 _____ () C:\Users\[USRNAME]\Desktop\Defogger.exe 2014-04-23 16:37 - 2014-04-10 14:04 - 01632752 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-23 16:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-04-23 16:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-04-21 23:49 - 2014-02-02 20:52 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\uTorrent 2014-04-21 23:33 - 2014-01-27 22:18 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\ClassicShell 2014-04-21 23:01 - 2014-01-28 20:38 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-04-21 21:59 - 2014-04-11 22:32 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\KeePass 2014-04-21 21:50 - 2014-04-11 21:55 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2 2014-04-21 21:00 - 2014-04-21 16:58 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-21 20:44 - 2014-04-21 16:58 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2014-04-21 17:10 - 2014-01-27 21:34 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-949463278-63079330-1184419995-1001 2014-04-21 16:57 - 2014-04-21 16:56 - 16409960 _____ (Safer Networking Limited ) C:\Users\[USRNAME]\Downloads\spybotsd162.exe 2014-04-20 14:55 - 2014-04-20 14:55 - 02545000 _____ (Dominik Reichl ) C:\Users\[USRNAME]\Downloads\KeePass-2.26-Setup.exe 2014-04-20 13:37 - 2014-04-14 13:16 - 00000000 ____D () C:\Users\[USRNAME]\Desktop\Stammzellspende 2014-04-19 22:44 - 2014-04-19 13:28 - 00000000 ____D () C:\ProgramData\Apple 2014-04-19 22:43 - 2014-04-19 13:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-19 22:43 - 2014-01-27 21:36 - 00000000 ____D () C:\WINDOWS\system32\appmgmt 2014-04-19 22:24 - 2014-04-19 22:23 - 325017215 _____ () C:\Users\[USRNAME]\Downloads\Whited00r71-iPhone3G-Unlocker.zip 2014-04-19 21:28 - 2014-04-19 17:50 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\redsn0w 2014-04-19 21:27 - 2013-08-22 16:46 - 00342880 _____ () C:\WINDOWS\setupact.log 2014-04-19 18:04 - 2014-04-19 18:01 - 338579762 _____ () C:\Users\[USRNAME]\Downloads\iPhone1,2_4.2.1_8C148_Restore.ipsw 2014-04-19 13:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-04-19 13:34 - 2014-04-19 13:30 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\Apple Computer 2014-04-19 13:30 - 2014-04-19 13:30 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Apple Computer 2014-04-19 13:29 - 2014-04-19 13:29 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-04-19 13:28 - 2014-04-19 13:28 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Apple 2014-04-19 13:27 - 2014-04-19 13:25 - 148885840 _____ (Apple Inc.) C:\Users\[USRNAME]\Downloads\iTunes64Setup.exe 2014-04-19 11:59 - 2014-03-18 12:04 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-19 11:59 - 2014-03-18 11:25 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-04-19 11:59 - 2014-03-18 11:25 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-04-19 11:56 - 2014-04-10 12:45 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2014-04-19 11:16 - 2014-04-19 11:16 - 00000022 _____ () C:\WINDOWS\S.dirmngr 2014-04-19 11:16 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-19 11:16 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-04-19 11:09 - 2014-04-19 11:09 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-04-19 11:08 - 2014-04-19 11:08 - 16002688 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\[USRNAME]\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.42.0.exe 2014-04-19 11:08 - 2014-04-19 11:08 - 00000000 ____D () C:\ProgramData\Samsung 2014-04-16 17:41 - 2014-04-16 16:29 - 00001950 _____ () C:\Users\Public\Desktop\Colin McRae Rally 2005.lnk 2014-04-16 16:29 - 2014-03-23 15:37 - 00000000 ____D () C:\Program Files (x86)\Codemasters 2014-04-16 16:29 - 2014-01-17 06:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-16 13:39 - 2014-02-02 21:12 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\vlc 2014-04-15 14:36 - 2014-04-15 14:36 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Intel_Corporation 2014-04-14 13:25 - 2014-04-14 13:25 - 00000000 __SHD () C:\Users\[USRNAME]\AppData\Local\EmieUserList 2014-04-14 13:25 - 2014-04-14 13:25 - 00000000 __SHD () C:\Users\[USRNAME]\AppData\Local\EmieSiteList 2014-04-14 13:17 - 2014-01-28 22:59 - 00243712 ___SH () C:\Users\[USRNAME]\Desktop\Thumbs.db 2014-04-14 13:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-04-14 12:31 - 2014-04-14 12:31 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-04-14 12:30 - 2014-01-28 23:28 - 00872960 ___SH () C:\Users\[USRNAME]\Documents\Thumbs.db 2014-04-12 21:40 - 2014-04-12 21:40 - 00000000 ____D () C:\Users\[USRNAME]\Documents\Meine empfangenen Dateien 2014-04-12 20:39 - 2014-04-12 20:39 - 10689696 _____ (Irfan Skiljan) C:\Users\[USRNAME]\Downloads\irfanview_plugins_437_setup.exe 2014-04-11 21:54 - 2014-04-11 21:54 - 02537151 _____ (Dominik Reichl ) C:\Users\[USRNAME]\Downloads\keepass-2.25-setup.exe 2014-04-11 15:30 - 2014-04-11 15:30 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Brother 2014-04-11 11:22 - 2014-04-11 11:22 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\12166 2014-04-11 11:09 - 2014-04-11 11:09 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\NVIDIA 2014-04-11 11:09 - 2014-04-11 10:40 - 00000000 ____D () C:\Users\[USRNAME]\Documents\DVDFab9 2014-04-11 10:40 - 2014-04-11 10:40 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\DVDFab9 2014-04-11 10:40 - 2014-04-11 10:40 - 00000000 ____D () C:\Program Files (x86)\DVDFab 9 2014-04-11 10:39 - 2014-04-11 10:39 - 45424848 _____ (Fengtao Software Inc. ) C:\Users\[USRNAME]\Downloads\DVDFab9138.exe 2014-04-11 10:37 - 2014-04-11 10:03 - 00000000 ____D () C:\Burn 2014-04-11 10:02 - 2014-04-11 09:59 - 00000000 ____D () C:\Users\[USRNAME]\.MakeMKV 2014-04-11 09:55 - 2014-04-11 09:55 - 10054035 _____ (GuinpinSoft inc) C:\Users\[USRNAME]\Downloads\Setup_MakeMKV_v1.8.9.exe 2014-04-10 20:37 - 2014-01-27 21:26 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Packages 2014-04-10 19:29 - 2014-04-10 19:29 - 00000303 _____ () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heimnetzgruppe.lnk 2014-04-10 19:28 - 2014-04-10 19:28 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\ControlCenter4 2014-04-10 19:05 - 2014-04-10 19:05 - 00000000 ____D () C:\ProgramData\ControlCenter4 2014-04-10 19:05 - 2014-04-10 19:05 - 00000000 ____D () C:\Program Files (x86)\Browny02 2014-04-10 19:05 - 2014-04-10 19:05 - 00000000 ____D () C:\Brother 2014-04-10 19:05 - 2014-04-10 19:04 - 00000066 _____ () C:\WINDOWS\Brfaxrx.ini 2014-04-10 19:05 - 2014-03-03 22:50 - 00000245 _____ () C:\WINDOWS\Brpfx04a.ini 2014-04-10 19:05 - 2014-03-03 22:50 - 00000064 _____ () C:\WINDOWS\brpcfx.ini 2014-04-10 19:05 - 2014-03-03 22:49 - 00000000 ____D () C:\Program Files (x86)\ControlCenter4 2014-04-10 19:05 - 2014-03-03 22:48 - 00000000 ____D () C:\Program Files (x86)\Brother 2014-04-10 19:04 - 2014-04-10 19:04 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\InstallShield 2014-04-10 19:03 - 2014-04-10 19:03 - 00000000 ____D () C:\Users\[USRNAME]\Downloads\install 2014-04-10 19:03 - 2014-04-10 19:02 - 126514424 _____ (A.I.SOFT,INC.) C:\Users\[USRNAME]\Downloads\MFC-7360N-inst-C1-EU.EXE 2014-04-10 18:54 - 2014-04-07 16:42 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\gnupg 2014-04-10 18:20 - 2014-04-10 14:02 - 00024236 _____ () C:\WINDOWS\DPINST.LOG 2014-04-10 18:19 - 2014-04-10 18:19 - 32417600 _____ (Intel(R) Corporation) C:\Users\[USRNAME]\Downloads\Wireless_16.5.3_De164.exe 2014-04-10 18:14 - 2014-01-17 06:20 - 00000000 ____D () C:\ProgramData\PCDr 2014-04-10 17:59 - 2014-03-18 03:51 - 00001536 _____ () C:\WINDOWS\PFRO.log 2014-04-10 17:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 17:59 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 17:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-10 17:59 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-10 17:58 - 2014-04-10 17:58 - 00000000 ___RD () C:\WINDOWS\BrowserChoice 2014-04-10 17:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2014-04-10 17:43 - 2014-04-10 14:59 - 00000000 ___DC () C:\WINDOWS\Panther 2014-04-10 17:43 - 2014-01-27 21:28 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-10 17:43 - 2014-01-27 21:28 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-10 17:42 - 2014-04-10 17:42 - 00001448 _____ () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-10 17:42 - 2014-04-10 17:42 - 00000020 ___SH () C:\Users\[USRNAME]\ntuser.ini 2014-04-10 14:59 - 2014-04-10 14:59 - 00000000 __SHD () C:\Recovery 2014-04-10 14:58 - 2013-08-22 17:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2014-04-10 14:58 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-04-10 14:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2014-04-10 14:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-04-10 14:57 - 2014-04-10 14:57 - 21232792 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 18679216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 16875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 13286400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 12732416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 11791360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 08653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 06641152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 04268544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02519384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01466864 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01200296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01129472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2014-04-10 14:57 - 2014-04-10 14:57 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00958464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2014-04-10 14:57 - 2014-04-10 14:57 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00492256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2014-04-10 14:57 - 2014-04-10 14:57 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00463264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-04-10 14:57 - 2014-04-10 14:57 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2014-04-10 14:57 - 2014-04-10 14:57 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00406512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00388408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-04-10 14:57 - 2014-04-10 14:57 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2014-04-10 14:57 - 2014-04-10 14:57 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00244888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDScDrv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00111616 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe 2014-04-10 14:57 - 2014-04-10 14:57 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00033280 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2014-04-10 14:57 - 2014-04-10 14:57 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2014-04-10 14:57 - 2014-04-10 14:57 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2014-04-10 14:56 - 2014-04-10 14:56 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\Program Files\Reference Assemblies 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\Program Files\MSBuild 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2014-04-10 14:49 - 2014-04-10 14:49 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Startmenü 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2014-04-10 14:32 - 2014-04-10 14:32 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2014-04-10 14:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration 2014-04-10 14:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT 2014-04-10 14:32 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default 2014-04-10 14:31 - 2014-04-10 14:12 - 00032388 _____ () C:\WINDOWS\diagwrn.xml 2014-04-10 14:31 - 2014-04-10 14:12 - 00032388 _____ () C:\WINDOWS\diagerr.xml 2014-04-10 14:31 - 2014-04-10 13:34 - 00006559 _____ () C:\WINDOWS\comsetup.log 2014-04-10 14:29 - 2014-04-10 14:29 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2014-04-10 14:27 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media 2014-04-10 14:27 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-04-10 14:26 - 2014-04-10 14:26 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini 2014-04-10 14:26 - 2014-01-17 06:04 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2014-04-10 14:21 - 2013-08-22 16:44 - 00483008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-10 14:20 - 2014-04-10 14:12 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 14:20 - 2014-04-10 14:12 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-10 14:20 - 2014-04-10 10:51 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2014-04-10 14:20 - 2014-03-18 11:40 - 00000000 ____D () C:\WINDOWS\ShellNew 2014-04-10 14:20 - 2014-01-29 00:07 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Networking 2014-04-10 14:20 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2014-04-10 14:20 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-04-10 14:19 - 2014-04-10 14:19 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2014-04-10 14:19 - 2014-04-10 14:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2014-04-10 14:19 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2014-04-10 14:19 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2014-04-10 14:19 - 2014-03-18 11:25 - 00000000 ____D () C:\WINDOWS\system32\WCN 2014-04-10 14:19 - 2014-02-22 19:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe 2014-04-10 14:19 - 2014-01-17 06:04 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda 2014-04-10 14:19 - 2013-08-22 17:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log 2014-04-10 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2014-04-10 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2014-04-10 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed 2014-04-10 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2014-04-10 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2014-04-10 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2014-04-10 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2014-04-10 14:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2014-04-10 14:19 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2014-04-10 14:19 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-04-10 14:19 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated 2014-04-10 14:18 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2014-04-10 14:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\IME 2014-04-10 14:18 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help 2014-04-10 14:16 - 2014-04-10 14:04 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-04-10 14:16 - 2014-04-10 14:04 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-10 14:16 - 2014-04-10 14:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-04-10 14:16 - 2014-01-27 21:26 - 00000000 ____D () C:\ProgramData\PRICache 2014-04-10 14:16 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2014-04-10 14:15 - 2014-04-10 14:03 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-04-10 14:15 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\Intel 2014-04-10 14:15 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2014-04-10 14:15 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-04-10 14:13 - 2014-04-10 14:13 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2014-04-10 14:13 - 2014-04-10 14:12 - 00000000 ___RD () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-10 14:13 - 2014-04-10 14:12 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 14:13 - 2014-04-10 14:12 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-10 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Vorlagen 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Startmenü 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Netzwerkumgebung 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Lokale Einstellungen 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Eigene Dateien 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Druckumgebung 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Documents\Eigene Musik 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Documents\Eigene Bilder 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\AppData\Local\Verlauf 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\AppData\Local\Anwendungsdaten 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\[USRNAME]\Anwendungsdaten 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten 2014-04-10 14:12 - 2014-04-10 14:12 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten 2014-04-10 14:04 - 2014-04-10 14:04 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf 2014-04-10 14:04 - 2014-04-10 14:04 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf 2014-04-10 14:04 - 2014-04-10 14:04 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2014-04-10 14:04 - 2014-04-10 14:04 - 00000000 ____D () C:\WINDOWS\system32\NV 2014-04-10 14:04 - 2013-08-22 16:46 - 00000084 _____ () C:\WINDOWS\setuperr.log 2014-04-10 14:03 - 2014-04-10 14:03 - 00849522 _____ () C:\WINDOWS\system32\Drivers\rtwavesskdy.dat 2014-04-10 14:03 - 2014-04-10 14:03 - 00458970 _____ () C:\WINDOWS\system32\Drivers\rtwavesmapro.dat 2014-04-10 14:03 - 2014-04-10 14:03 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2014-04-10 14:03 - 2014-04-10 14:03 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_ST_Accel_01011.Wdf 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\Synaptics 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\STMicroelectronics 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\Realtek 2014-04-10 14:02 - 2014-04-10 14:02 - 00000000 ____D () C:\Program Files\DIFX 2014-04-10 13:41 - 2014-01-17 05:35 - 01513572 _____ () C:\WINDOWS\WindowsUpdate (1).log 2014-04-10 13:10 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-04-10 12:45 - 2014-04-10 12:45 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2014-04-10 12:45 - 2014-01-17 06:03 - 00000000 ____D () C:\ProgramData\Intel 2014-04-10 12:45 - 2014-01-17 06:01 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-04-10 12:43 - 2014-01-28 20:38 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Adobe 2014-04-10 12:42 - 2014-01-28 20:38 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-04-10 12:39 - 2014-04-10 12:39 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_INETMON_01011.Wdf 2014-04-10 12:35 - 2014-04-10 12:34 - 28719200 _____ () C:\Users\[USRNAME]\Downloads\App_ISCT_W84_X05_Setup-67C4P_ZPE.exe 2014-04-10 12:35 - 2014-01-17 13:13 - 00000000 ____D () C:\DELL 2014-04-10 11:36 - 2014-01-27 21:46 - 00003444 _____ () C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask 2014-04-10 10:51 - 2014-04-10 10:51 - 00000000 ____D () C:\Users\[USRNAME]\AppData\Local\Apps\2.0 2014-04-10 10:50 - 2014-04-10 10:50 - 00417872 _____ () C:\Users\[USRNAME]\Downloads\DellSystemDetect.exe 2014-04-10 10:39 - 2014-01-28 21:16 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-10 09:57 - 2014-01-27 22:04 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-10 09:54 - 2014-01-27 22:04 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-09 14:00 - 2014-04-19 11:14 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-04-09 05:32 - 2014-04-19 11:14 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-04-09 05:31 - 2014-04-19 11:14 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-04-09 05:23 - 2014-04-19 11:14 - 01705984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-04-09 05:21 - 2014-04-19 11:14 - 03408896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-04-07 16:42 - 2014-04-07 16:42 - 00000000 ____D () C:\ProgramData\GNU 2014-04-07 16:42 - 2014-04-07 16:42 - 00000000 ____D () C:\Program Files (x86)\GNU 2014-04-07 16:41 - 2014-04-07 16:41 - 29689992 _____ (g10 Code GmbH) C:\Users\[USRNAME]\Downloads\gpg4win-2.2.1.exe 2014-04-05 22:18 - 2014-04-05 22:18 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2014-04-05 22:18 - 2014-01-27 21:45 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2014-04-05 22:18 - 2014-01-27 21:45 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2014-04-05 22:18 - 2014-01-27 21:45 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2014-04-05 22:18 - 2014-01-27 21:45 - 00208928 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2014-04-05 22:18 - 2014-01-27 21:45 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2014-04-05 22:18 - 2014-01-27 21:45 - 00084816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2014-04-05 22:18 - 2014-01-27 21:45 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2014-04-05 22:18 - 2014-01-27 21:45 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2014-04-05 22:18 - 2014-01-27 21:45 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2014-04-01 13:41 - 2014-04-01 13:41 - 00001936 _____ () C:\Users\Public\Desktop\Colin McRae Rally 3.lnk 2014-04-01 13:40 - 2014-04-01 13:38 - 00000000 ____D () C:\Install 2014-03-31 23:23 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:23 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-30 18:45 - 2014-01-27 21:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 23:28 - 2014-03-22 12:54 - 00000000 ____D () C:\For Noah 2014-03-29 16:03 - 2014-03-29 16:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 15:12 - 2014-03-25 22:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-03-26 10:47 - 2014-01-28 22:59 - 00000519 _____ () C:\Users\[USRNAME]\Desktop\Schnetter Wimbach.txt ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 14:00 ==================== End Of Log ============================ Addition kommt sofort... |
23.04.2014, 19:03 | #4 |
| Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliertCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014 Ran by [USRNAME] at 2014-04-23 16:51:12 Running from C:\Users\[USRNAME]\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software) AXIS CAPT Print Monitor 2.20 (HKLM\...\{7048796B-78EB-45a0-82AF-E8031F4AAE68}) (Version: - ) Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) Canon LBP2900 (HKLM\...\Canon LBP2900) (Version: - ) Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft) Colin McRae Rally 2 (HKLM-x32\...\{19B72AA9-985A-11D4-9C8A-00D0B75D1498}) (Version: - ) Colin McRae Rally 2005 (HKLM-x32\...\{CC67770B-581D-4E96-B72A-A7907CE18725}) (Version: 1.00.000 - ) Colin McRae Rally 3 (HKLM-x32\...\{D26D1A53-D8A2-4004-BC98-0642B4EEAAB2}) (Version: 1.00.000 - ) Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F68634D8-574F-42B2-B6D0-9B447EA9581E}) (Version: - Microsoft) Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated) Dell Update (HKLM-x32\...\{1D817B4D-A183-48C0-8463-FCC39459367B}) (Version: 1.0.1014.0 - Dell Inc.) devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.1.0 - devolo AG) DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden DVDFab 9.1.3.8 (08/04/2014) (HKLM-x32\...\DVDFab 9_is1) (Version: - Fengtao Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation) Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation) Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project) inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation) Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1306-148929CC1385}) (Version: 3.1.1306.0354 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{7443339C-F9E6-48BF-B22B-3DEF7D73E1C7}) (Version: 4.2.20.2297 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.2.6465 - Paramount Software (UK) Ltd.) Hidden Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Personal Backup 5.5 (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev) PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version: - FINEDREAM INVEST LTD) <==== ATTENTION Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.12 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21242 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.42.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Speccy (HKLM\...\Speccy) (Version: 1.24 - Piriform) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0040 - ST Microelectronics) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{237834D6-FA98-44E1-8739-ABD56DDADC59}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{8D84B988-2A7A-4DB6-A7A5-08DA7B3DE9EE}) (Version: - Microsoft) Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6D170CB5-8D22-4D1B-A811-B899FE588946}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6D170CB5-8D22-4D1B-A811-B899FE588946}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{DAEE93F9-D258-45E4-AFD3-12AC5ED04693}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{FE06DACB-AE2C-4DB7-B95D-97A320E59F45}) (Version: - Microsoft) Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FE06DACB-AE2C-4DB7-B95D-97A320E59F45}) (Version: - Microsoft) Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft) Update for Microsoft Word 2013 (KB2863909) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F9FAC8C0-20D9-4DC7-9A56-13B02BD4B724}) (Version: - Microsoft) VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl) ==================== Restore Points ========================= 10-04-2014 15:57:33 Windows Update 16-04-2014 14:29:13 Installiert Colin McRae Rally 2005 19-04-2014 11:28:32 Installed iTunes ==================== Hosts content: ========================== 2013-08-22 15:25 - 2014-04-21 21:00 - 00450712 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100links.com 127.0.0.1 100inks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fp.info 127.0.0.1 www.123fp.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0BC32B2D-93F4-45F4-B338-9BC59A6EB744} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {1F2D7BAE-62D4-4467-A97F-CD9E86C0B564} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {5A12FF92-47F6-4821-8994-3BA951E02EAE} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {6783B02E-DD71-4B86-A575-A223A597D54C} - System32\Tasks\PileFile reminder => C:\Users\[USRNAME]\AppData\Local\Temp\Toolkit 1.4.1 activatorDownload_97B\Toolkit_1.4.1_activator_Downloader.exe <==== ATTENTION Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {823195A7-BC99-48AC-95CB-DCF239D523C5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9D21172B-C893-40F8-9D8B-074EE4FABE63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A72F42AC-8001-444E-B085-E3628B2950A2} - System32\Tasks\Personal Backup Regular Backup Dell Inspiron 7537 => C:\Program Files (x86)\Personal Backup 5\Persbackup.exe [2014-01-31] (Dr. J. Rathlev, D-24222 Schwentinental) Task: {A9B946C6-71F6-4504-A414-449D3B0347DF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {B9581729-F6B1-4275-8C1C-268275AF4E60} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {C4554E06-AEEA-46EC-9901-D80C6029E9E4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {C9B5B63A-552F-4001-830E-4ED48818ED98} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DBDB2B77-AD00-454E-8790-670C204607B9} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.) Task: {DCE3D606-9E17-4E65-B72D-0EF3F4603DE5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {DEF703BD-BC0D-4760-ADDA-5B131FF9ACE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F120F970-68A1-423F-B516-6CD44ADCE2B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-10] (Adobe Systems Incorporated) Task: {F7981C58-0D26-4D7A-8BE2-3F41CF867294} - System32\Tasks\PileFile logon => C:\Users\[USRNAME]\AppData\Local\Temp\Toolkit 1.4.1 activatorDownload_97B\Toolkit_1.4.1_activator_Downloader.exe <==== ATTENTION Task: {FC6A8F9E-8444-48CC-90C5-F75FDE3B8788} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-05] (AVAST Software) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\Personal Backup Regular Backup Dell Inspiron 7537.job => C:\Program Files (x86)\Personal Backup 5\Persbackup.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe 2013-05-10 20:11 - 2013-05-10 20:11 - 00197096 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-05-10 20:11 - 2013-05-10 20:11 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-05-10 20:11 - 2013-05-10 20:11 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2014-03-03 22:49 - 2005-04-22 06:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll 2013-12-18 15:42 - 2013-12-18 15:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2014-04-10 14:04 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-04-19 11:12 - 2014-04-19 11:12 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041900\algo.dll 2014-04-21 17:10 - 2014-04-21 17:10 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14042100\algo.dll 2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll 2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll 2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll 2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll 2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll 2014-04-10 19:04 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2013-11-12 11:04 - 2013-11-12 11:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2014-01-17 06:01 - 2013-06-01 14:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-01-27 21:45 - 2014-01-27 21:45 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-12-18 15:42 - 2013-12-18 15:42 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2014-03-25 22:35 - 2014-03-25 22:35 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2014-03-25 22:35 - 2014-03-25 22:35 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2014-03-25 22:35 - 2014-03-25 22:35 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2014-03-29 16:03 - 2014-03-29 16:03 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/21/2014 09:10:43 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (04/16/2014 04:29:17 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (04/11/2014 11:22:47 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: DVDFab.exe, Version: 9.1.3.8, Zeitstempel: 0x533b9720 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xdad66f6a ID des fehlerhaften Prozesses: 0xd20 Startzeit der fehlerhaften Anwendung: 0xDVDFab.exe0 Pfad der fehlerhaften Anwendung: DVDFab.exe1 Pfad des fehlerhaften Moduls: DVDFab.exe2 Berichtskennung: DVDFab.exe3 Vollständiger Name des fehlerhaften Pakets: DVDFab.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DVDFab.exe5 Error: (04/11/2014 11:06:30 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: DVDFab.exe, Version: 9.1.3.8, Zeitstempel: 0x533b9720 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xdad66f6a ID des fehlerhaften Prozesses: 0x103c Startzeit der fehlerhaften Anwendung: 0xDVDFab.exe0 Pfad der fehlerhaften Anwendung: DVDFab.exe1 Pfad des fehlerhaften Moduls: DVDFab.exe2 Berichtskennung: DVDFab.exe3 Vollständiger Name des fehlerhaften Pakets: DVDFab.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DVDFab.exe5 Error: (04/11/2014 10:44:08 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: DVDFab.exe, Version: 9.1.3.8, Zeitstempel: 0x533b9720 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xdad66f6a ID des fehlerhaften Prozesses: 0xf68 Startzeit der fehlerhaften Anwendung: 0xDVDFab.exe0 Pfad der fehlerhaften Anwendung: DVDFab.exe1 Pfad des fehlerhaften Moduls: DVDFab.exe2 Berichtskennung: DVDFab.exe3 Vollständiger Name des fehlerhaften Pakets: DVDFab.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DVDFab.exe5 Error: (04/11/2014 10:40:37 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: DVDFab.exe, Version: 9.1.3.8, Zeitstempel: 0x533b9720 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xdad66f6a ID des fehlerhaften Prozesses: 0xd94 Startzeit der fehlerhaften Anwendung: 0xDVDFab.exe0 Pfad der fehlerhaften Anwendung: DVDFab.exe1 Pfad des fehlerhaften Moduls: DVDFab.exe2 Berichtskennung: DVDFab.exe3 Vollständiger Name des fehlerhaften Pakets: DVDFab.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DVDFab.exe5 Error: (04/10/2014 02:31:44 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) Description: Vom Ereignisanbieter "IntelWLANEventProvider" wurde versucht, die Abfrage "select * from CIntelQosEvent" zu registrieren, deren Zielklasse "CIntelQosEvent" im Namespace "//./ROOT/default" nicht vorhanden ist. Die Abfrage wird ignoriert. Error: (04/10/2014 02:31:44 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) Description: Vom Ereignisanbieter "IntelWLANEventProvider" wurde versucht, die Abfrage "select * from CIntelDot1xEvent" zu registrieren, deren Zielklasse "CIntelDot1xEvent" im Namespace "//./ROOT/default" nicht vorhanden ist. Die Abfrage wird ignoriert. Error: (04/10/2014 02:31:44 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) Description: Vom Ereignisanbieter "IntelWLANEventProvider" wurde versucht, die Abfrage "select * from CIntelWLANEvent" zu registrieren, deren Zielklasse "CIntelWLANEvent" im Namespace "//./ROOT/default" nicht vorhanden ist. Die Abfrage wird ignoriert. Error: (04/10/2014 02:31:44 PM) (Source: Microsoft-Windows-WMI) (User: NT-AUTORITÄT) Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from CIntelQosEvent" zu registrieren, deren Zielklasse "CIntelQosEvent" im Namespace "//./ROOT/default" nicht vorhanden ist. Die Abfrage wird ignoriert. System errors: ============= Error: (04/21/2014 09:11:25 PM) (Source: DCOM) (User: R2D2) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/21/2014 09:10:54 PM) (Source: DCOM) (User: R2D2) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/21/2014 08:26:33 PM) (Source: DCOM) (User: R2D2) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/21/2014 08:26:03 PM) (Source: DCOM) (User: R2D2) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/20/2014 03:32:34 PM) (Source: DCOM) (User: R2D2) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/20/2014 03:32:04 PM) (Source: DCOM) (User: R2D2) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/20/2014 02:55:07 PM) (Source: DCOM) (User: R2D2) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/20/2014 02:54:37 PM) (Source: DCOM) (User: R2D2) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/19/2014 02:47:45 PM) (Source: DCOM) (User: R2D2) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/19/2014 02:47:15 PM) (Source: DCOM) (User: R2D2) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions: ========================= Error: (04/21/2014 09:10:43 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8 Error: (04/16/2014 04:29:17 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert Error: (04/11/2014 11:22:47 AM) (Source: Application Error)(User: ) Description: DVDFab.exe9.1.3.8533b9720unknown0.0.0.000000000c0000005dad66f6ad2001cf556799ece599C:\Program Files (x86)\DVDFab 9\DVDFab.exeunknownd7d50b2f-c15a-11e3-be86-fcf8ae80d062 Error: (04/11/2014 11:06:30 AM) (Source: Application Error)(User: ) Description: DVDFab.exe9.1.3.8533b9720unknown0.0.0.000000000c0000005dad66f6a103c01cf55655293ae0fC:\Program Files (x86)\DVDFab 9\DVDFab.exeunknown916a40eb-c158-11e3-be86-fcf8ae80d062 Error: (04/11/2014 10:44:08 AM) (Source: Application Error)(User: ) Description: DVDFab.exe9.1.3.8533b9720unknown0.0.0.000000000c0000005dad66f6af6801cf55623147df5bC:\Program Files (x86)\DVDFab 9\DVDFab.exeunknown71e5d533-c155-11e3-be85-fcf8ae80d062 Error: (04/11/2014 10:40:37 AM) (Source: Application Error)(User: ) Description: DVDFab.exe9.1.3.8533b9720unknown0.0.0.000000000c0000005dad66f6ad9401cf5561b4897365C:\Program Files (x86)\DVDFab 9\DVDFab.exeunknownf42aaee8-c154-11e3-be84-fcf8ae80d062 Error: (04/10/2014 02:31:44 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT) Description: IntelWLANEventProviderselect * from CIntelQosEventCIntelQosEvent//./ROOT/default Error: (04/10/2014 02:31:44 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT) Description: IntelWLANEventProviderselect * from CIntelDot1xEventCIntelDot1xEvent//./ROOT/default Error: (04/10/2014 02:31:44 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT) Description: IntelWLANEventProviderselect * from CIntelWLANEventCIntelWLANEvent//./ROOT/default Error: (04/10/2014 02:31:44 PM) (Source: Microsoft-Windows-WMI)(User: NT-AUTORITÄT) Description: select * from CIntelQosEventCIntelQosEvent//./ROOT/default ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 8090.57 MB Available physical RAM: 5847.3 MB Total Pagefile: 9370.57 MB Available Pagefile: 6961.95 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:917.72 GB) (Free:820.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 186B9C78) Partition: GPT Partition Type. ==================== End Of Log ============================ M4tt0 |
24.04.2014, 11:54 | #5 |
/// the machine /// TB-Ausbilder | Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliert Hm, Rechner ist sauber. Spontan keine wirkliche Idee was das gewesen sein soll.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.04.2014, 18:37 | #6 |
| Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliert Hallo schrauber, na das sind ja erstmal gute Nachrichten! Dafuer schonmal ein dickes Dankeschoen. Folgendes habe ich zwischenzeitlich noch probiert: Ich hatte bei Thunderbird Zertifikat-Probleme. Die habe ich geloest. Das Email Problem besteht nachwievor. Und das Verrückte ist, dass ich die Mail wenn ich ueber mein Android Mobile per IMAP oder ueber das web.de Web-Interface direkt zugreife "korrekt" lesen kann. Nur beim IMAP Abruf ueber Thunderbird kommt die "falsche Version" an. Habe mir mal parallel die Quelltexte der Emails angeschaut (bei Thunderbird und ueber das Webinterface), aber in den Headern und im ersten Teil der Email keine Unterschiede feststellen koennen. Dann habe ich die IP Adresse hinter dem Received server gecheckt, um zu schauen ob da ein "man-in-the-middle" ist (vielleicht sehr naiv), aber die verweist anscheinend korrekt auf "mx1.germanwings.com". Die Whois Ripe Eintraege sehen ebenfalls sauber aus (Verweise auf Telekom AG, etc). Einen Unterschied zwischen den Quelltexten gibt es aber insofern, dass der Tunderbird Quelltext laenger ist, beginnend mit den Eintraegen... Code:
ATTFilter X-Antivirus: avast! (VPS 140424-0, 24.04.2014), Inbound message X-Antivirus-Status: Clean ----boundary_12146_55c2cfbe-b091-4c4c-b743-c3e0b9572868 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 U2VociBnZWVocnRlKHIpDQogICAgICAgSGVyciBNYXJ0aW4gV2FsdGVyLg0KDQoNCiAgICAg ICAgSWhyZSBSZWdpc3RyaWVydW5nc2RhdGVuIHd1cmRlbiBlcmZvbGdyZWljaCBha3R1YWxp c2llcnQuDQogICAgICAgIFVudGVuIHdpcmQgbnVuIElociBNaXRnbGllZHNwcm9maWwgYW5n Etc. pp Code:
ATTFilter ----boundary_12146_55c2cfbe-b091-4c4c-b743-c3e0b9572868 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj4NCiAg PGhlYWQ+DQogICAgPE1FVEEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0 ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTE2Ij4NCiAgICA8dGl0bGU+DQogICAgICAgICAgR2Vy Etc. pp Code:
ATTFilter ----boundary_12146_55c2cfbe-b091-4c4c-b743-c3e0b9572868-- Auch wuesste ich nicht, warum Thunderbird dann die richtigen "Kriterien" nicht erfüllen sollte (SSL/TSL ist aktiviert, die Avast Zertifikate sind nun korrekt als Zertifizierungsstelle importiert, alle Ausnahmeregeln geloescht)... Hmmm... Erneut vielen Dank fuer Deine Hilfe und beste Grüße, M4tt0 Hallo schrauber, ich glaube ich habe das Problem gefunden. Hier fuer Dich und vielleicht auch andere, die das gleiche Problem haben. Per Internet Searches habe ich naemlich nichts dazu gefunden... Wie in meinem letzten Post beschrieben, besteht der Thunderbird Quelltext aus mehreren boundary Bloecken. Diese Bloecke (siehe auch MIME) entsprechen verschiedenen Anzeige-Formaten (sind nach Content-Type spezifiziert, z.B. plain text, html, etc.). Ich bin dann bei Thunderbird schlichtweg auf "Ansicht" -> "Nachrichteninhalt" gegangen. Dort hat man 3 Optionen: "Original HTML", "Vereinfachtes HTML" und "Reiner Text". Bei mir war KEINE der Optionen aktiviert. Wenn ich auf "Reiner Text" gehe, wird die "falsche" Email angezeigt (ist wohl auch Anzeigen-Default), bei beiden HTML Optionen allerdings die "richtige", die ich auch ueber das Web-Interface und mein Android-Handy gesehen habe. Sprich, die Email ist tatsaechlich die gleiche, aber scheint im Quelltext schlicht inkonsistent aufgebaut zu sein. Also ein Problem bei Germanwings. Kann mich irren, aber das sieht für mich jetzt nicht mehr nach Sicherheitslücke aus, was sich mit Deiner Log Analyse decken würde. Macht das Sinn für Dich? Beste Grüße, M4tt0 |
25.04.2014, 18:40 | #7 |
/// the machine /// TB-Ausbilder | Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliert Klingt plausibel
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8.1 mit Thunderbird (IMAP): Möglicherweise Emails manipuliert |
.dll, autostart, avast, dllhost.exe, email, email hack, explorer.exe, file, harddisk, internet, internet explorer, microsoft, nicht sichtbar, nvidia, passwort, problem, prozess, realtek, rundll, rundll32.exe, scan, schutz, smartphone, software, svchost.exe, system, system32, thunderbird, windows, windows 8.1, winlogon.exe |