|
Log-Analyse und Auswertung: Windows 8.1 Lenovo Laptop und sein EigenlebenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.04.2014, 20:49 | #1 |
| Windows 8.1 Lenovo Laptop und sein Eigenleben Hallo Trojaner-Board, seit ca. 3 Wochen macht mir mein relativ neuer Laptop sorgen. Ich habe bemerkt, wenn ich längere Zeit nicht am Rechner bin (egal ob offen oder zugeklappt) Öffnen sich der Reihe nach die Dateien auf meinem Desktop. Ich benutze eine Funk tastatur und Maus - dachte daher, dass es daher kommt. Heute hat er eine Word datei geöffnet, die nicht auf dem Desktop liegt. Dann habe ich ihn beobachtet und siehe da: Die nächste Datei. Und die Systemleiste wurde von unten an die Seite verschoben. Außerdem bekomme ich manchmal, wenn ich den Rechner aufklappe einen Bluescreen mit der Meldung: EFI Network 0 for IPv4 boot failed. ich habe etwas über dieses problem gelesen, das neue lenovos beim hochfahren haben sollen. mein rechner hat aber weder ruhemodus noch standy aktiviert. er bringt den bluescreen, auch wenn der rechner nicht zugeklappt wird. der neustart dauert dann ewig, als wärs mein 386 von früher. (mit desktop bildaufbau etc.) Benutze antivir mit passwort und höchster priorität, malwarebytes findet auch nix. Hier die logfiles eurer anleitung nach: Achso, Gmer bricht nach ca. 2 Minuten ab. Auch im abgesichterten Modus. [QUOTE] defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:20 on 25/04/2014 (Manfred) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 01 Ran by Manfred (administrator) on MANFRED2 on 25-04-2014 20:21:09 Running from C:\Users\Manfred\Downloads\scan Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe () C:\Program Files\ShrewSoft\VPN Client\iked.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe () C:\Megatech\MProtect\MPSERV.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\WINDOWS\System32\alg.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManager64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Windows\SysWOW64\UMonit64.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\ff.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM\...\Run: [UMonit64] => C:\WINDOWS\SysWOW64\UMonit64.exe [40960 2013-04-09] () HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-12-01] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-01] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.) HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-28] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-985481003-2855859536-316065226-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-985481003-2855859536-316065226-1002\...\MountPoints2: {ee1ff127-a38a-11e3-be81-00c2c612f4ca} - "F:\setup.exe" AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-11-01] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-11-01] (NVIDIA Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com SearchScopes: HKLM - DefaultScope {35C504FE-189D-4414-8AF5-31CE364E16CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB SearchScopes: HKLM - {35C504FE-189D-4414-8AF5-31CE364E16CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB SearchScopes: HKLM-x32 - DefaultScope {35C504FE-189D-4414-8AF5-31CE364E16CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB SearchScopes: HKLM-x32 - {35C504FE-189D-4414-8AF5-31CE364E16CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB SearchScopes: HKCU - DefaultScope {35C504FE-189D-4414-8AF5-31CE364E16CB} URL = SearchScopes: HKCU - {35C504FE-189D-4414-8AF5-31CE364E16CB} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{B69759E6-13EA-4C03-B40A-0329E7B46251}: [NameServer]141.60.110.103,141.60.120.105 FireFox: ======== FF ProfilePath: C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016\Extensions\staged [2014-04-25] FF Extension: Flashblock - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-03-26] FF Extension: WOT - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-29] FF Extension: DownloadHelper - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: Exif Viewer - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-03-29] FF Extension: NoScript - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-23] FF Extension: Adblock Plus - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-26] FF Extension: Adblock Edge - C:\Users\Manfred\AppData\Roaming\Mozilla\Firefox\Profiles\fuwi1mpa.default-1395530244016\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-26] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-28] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-28] (Avira Operations GmbH & Co. KG) R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel) R2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] () S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 Megatech-Software-Protection; C:\Megatech\MProtect\MPSERV.EXE [36864 2007-12-12] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-03-28] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-03-28] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2014-03-28] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) S2 CSDriver; C:\WINDOWS\SysWOW64\Drivers\CSDriver.Sys [6027 2002-09-24] (Windows (R) 2000 DDK provider) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-04] (Disc Soft Ltd) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-01] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-22] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-01] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows (R) Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-25 20:21 - 2014-04-25 20:21 - 00000000 ____D () C:\FRST 2014-04-25 20:19 - 2014-04-25 20:19 - 00000168 _____ () C:\Users\Manfred\defogger_reenable 2014-04-25 20:16 - 2014-04-25 20:21 - 00000000 ____D () C:\Users\Manfred\Downloads\scan 2014-04-25 08:13 - 2014-04-25 10:51 - 00000000 ____D () C:\Users\Manfred\Desktop\Manfred HOJ2 2014-04-24 23:09 - 2014-04-24 23:09 - 00001290 _____ () C:\Users\Manfred\Desktop\Prüfung Meister - Verknüpfung.lnk 2014-04-24 16:53 - 2014-04-24 16:53 - 00000000 ____D () C:\Program Files\FileOpen 2014-04-24 16:53 - 2014-04-24 16:53 - 00000000 ____D () C:\Program Files (x86)\FileOpen 2014-04-23 15:15 - 2014-04-23 15:15 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-23 15:15 - 2014-04-23 15:15 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-23 15:05 - 2014-04-23 15:05 - 00003172 _____ () C:\WINDOWS\System32\Tasks\{95F2D096-A407-4C8E-A49B-B9B5F98E6F64} 2014-04-21 21:56 - 2014-04-21 21:56 - 00004224 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-21 21:56 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-04-21 21:56 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-04-21 21:56 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-04-21 21:56 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-04-21 21:39 - 2014-04-21 21:40 - 02707456 _____ () C:\Users\Manfred\Downloads\FileOpenInstaller64(2).msi 2014-04-21 21:34 - 2014-04-21 21:34 - 02707456 _____ () C:\Users\Manfred\Downloads\FileOpenInstaller64(1).msi 2014-04-21 20:38 - 2014-04-21 22:07 - 00002277 _____ () C:\Users\Public\Desktop\Treppensoftware- Programme ND.lnk 2014-04-21 20:37 - 2004-11-28 08:43 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSRDO20.DLL 2014-04-21 20:37 - 2004-11-28 08:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdocurs.dll 2014-04-21 20:37 - 2004-11-28 08:43 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RDO20DE.DLL 2014-04-21 20:37 - 2004-11-28 08:42 - 00041316 _____ () C:\WINDOWS\SysWOW64\odbcinst.hlp 2014-04-21 20:37 - 2004-11-28 08:42 - 00026224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC16GT.DLL 2014-04-21 20:37 - 2004-11-28 08:42 - 00007952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbccp32.cpl 2014-04-21 20:37 - 2004-11-28 08:42 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ODBC32GT.DLL 2014-04-21 20:37 - 2004-11-28 08:42 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS32GT.DLL 2014-04-21 20:37 - 2004-11-28 08:42 - 00004656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DS16GT.DLL 2014-04-21 20:37 - 2004-11-28 08:42 - 00000421 _____ () C:\WINDOWS\SysWOW64\odbcinst.cnt 2014-04-21 20:37 - 2004-11-28 08:34 - 01238288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjt4jlt.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 01050896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00415504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00368912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBAR332.DLL 2014-04-21 20:37 - 2004-11-28 08:34 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexch35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbse35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00252688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00250128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspdox35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00174871 _____ () C:\WINDOWS\SysWOW64\ODBCJET.HLP 2014-04-21 20:37 - 2004-11-28 08:34 - 00168720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00166672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSJINT35.DLL 2014-04-21 20:37 - 2004-11-28 08:34 - 00044304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrpfs35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JETCOMP.exe 2014-04-21 20:37 - 2004-11-28 08:34 - 00024848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter35.dll 2014-04-21 20:37 - 2004-11-28 08:34 - 00007827 _____ () C:\WINDOWS\SysWOW64\ODBCJET.CNT 2014-04-21 20:37 - 2004-04-19 14:29 - 00339968 _____ (MARX Software Security) C:\WINDOWS\SysWOW64\MPIWIN32.DLL 2014-04-21 20:30 - 2014-04-21 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compass Software 2014-04-21 20:07 - 2014-04-21 20:07 - 00001444 _____ () C:\Users\Manfred\Downloads\STG06278 2014-04-21 19:57 - 2014-04-21 19:57 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2014-04-21 19:57 - 2014-04-21 19:57 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2014-04-21 19:57 - 2014-04-21 19:57 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2014-04-21 19:57 - 2014-04-21 19:57 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2014-04-16 20:55 - 2014-04-16 20:58 - 32099072 _____ () C:\Users\Manfred\Downloads\ServicePack_Nussreiner-20.13.08.21.exe 2014-04-16 20:55 - 2014-04-16 20:56 - 12149248 _____ () C:\Users\Manfred\Downloads\SP_18_1_26_2_14.exe 2014-04-16 20:54 - 2014-04-16 20:59 - 98135552 _____ () C:\Users\Manfred\Downloads\Abb18_0.exe 2014-04-16 16:31 - 2014-04-16 16:51 - 00000156 _____ () C:\Users\Manfred\Desktop\160414_Manfred__PrjData.sbl 2014-04-16 11:06 - 2014-04-25 09:40 - 00000053 _____ () C:\WINDOWS\dach.INI 2014-04-16 10:38 - 2014-04-16 16:51 - 01237890 _____ () C:\Users\Manfred\Desktop\160414_Manfred_.PRT 2014-04-16 10:38 - 2014-04-16 09:41 - 00000470 _____ () C:\Users\Manfred\Desktop\502329_14_NUSSA.MPF 2014-04-16 08:54 - 2014-04-16 09:14 - 01591409 _____ () C:\Users\Manfred\Desktop\Holzbau cad übung.3d 2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Manfred\AppData\Local\pcvisit Software AG 2014-04-16 08:41 - 2014-04-16 08:46 - 00000000 ____D () C:\Users\Manfred\Desktop\502329_13_NUSSA_Manfred 2014-04-16 08:40 - 2014-04-16 08:40 - 00000333 _____ () C:\Users\Manfred\Downloads\502329_13_NUSSA_Manfred(1).zip 2014-04-16 08:32 - 2012-08-02 13:19 - 00050688 _____ () C:\WINDOWS\system32\MPDLL.DLL 2014-04-14 12:41 - 2014-04-14 13:33 - 00000683 _____ () C:\Users\Manfred\Desktop\Neues Textdokument.txt 2014-04-09 21:47 - 2014-04-09 21:50 - 22913908 _____ () C:\Users\Manfred\Downloads\torbrowser-install-3.5.4_en-US.exe 2014-04-09 15:09 - 2014-04-09 15:09 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf 2014-04-09 13:33 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-04-09 13:33 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-04-09 13:33 - 2014-03-10 12:35 - 02008408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2014-04-09 13:33 - 2014-03-10 12:35 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2014-04-09 13:33 - 2014-03-06 11:19 - 01287576 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2014-04-09 13:33 - 2014-03-06 11:02 - 01109424 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-04-09 13:33 - 2014-03-06 08:17 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-04-09 13:33 - 2014-03-06 08:10 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2014-04-09 13:32 - 2014-04-09 13:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-04-09 13:32 - 2014-04-09 13:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-04-09 13:06 - 2014-04-09 13:06 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-04-09 13:01 - 2014-04-09 13:01 - 00001972 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-04-09 13:01 - 2014-04-09 13:01 - 00001922 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-04-09 13:01 - 2014-04-09 13:01 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Canneverbe Limited 2014-04-09 13:01 - 2014-04-09 13:01 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-04-09 13:00 - 2014-04-09 13:00 - 05290664 _____ (Canneverbe Limited ) C:\Users\Manfred\Downloads\cdbxp_setup_4.5.3.4643.exe 2014-04-09 10:30 - 2014-04-09 10:30 - 00000000 ____D () C:\SAVE EXACT 2014-04-09 10:13 - 2014-04-09 10:14 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\EAC 2014-04-09 10:13 - 2014-04-09 10:14 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\AccurateRip 2014-04-09 10:13 - 2014-04-09 10:13 - 00001093 _____ () C:\Users\Public\Desktop\Exact Audio Copy.lnk 2014-04-09 10:13 - 2014-04-09 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy 2014-04-09 10:13 - 2014-04-09 10:13 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy 2014-04-09 10:11 - 2014-04-09 10:11 - 04422611 _____ () C:\Users\Manfred\Downloads\eac-1.0beta3.exe 2014-04-09 10:05 - 2014-04-09 10:06 - 31524272 _____ (DVDVideoSoft Ltd. ) C:\Users\Manfred\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228.exe 2014-04-03 12:27 - 2014-04-23 19:18 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-03 12:26 - 2014-04-08 20:40 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-03 12:26 - 2014-04-08 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-03 12:26 - 2014-04-08 20:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-03 12:26 - 2014-04-03 12:26 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-03 12:26 - 2014-04-03 12:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-03 12:26 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-03 12:26 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-03 12:26 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-03 11:57 - 2014-04-03 11:57 - 13084896 _____ (Microsoft Corporation) C:\Users\Manfred\Downloads\Silverlight_x64.exe 2014-04-02 21:54 - 2014-04-02 21:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-04-02 12:28 - 2014-04-02 12:46 - 00013919 _____ () C:\Users\Manfred\Documents\nebenkostenabrechung.xlsx 2014-04-02 01:05 - 2014-04-02 01:05 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Apps\2.0 2014-04-01 23:43 - 2014-04-01 23:43 - 15912395 _____ () C:\Users\Manfred\Downloads\FreenetInstaller-1459.exe 2014-03-31 11:36 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2014-03-31 11:36 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2014-03-30 18:06 - 2014-03-30 18:06 - 00000000 ___RD () C:\Users\Manfred\AppData\Roaming\Brother 2014-03-29 23:39 - 2014-03-29 23:39 - 00082047 _____ () C:\Users\Manfred\Downloads\dasessen.swf 2014-03-29 21:34 - 2014-03-29 21:34 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-29 03:58 - 2014-03-29 03:58 - 00116616 _____ () C:\Users\Manfred\Downloads\wifite_r68.py 2014-03-29 03:57 - 2014-03-29 03:57 - 00033176 _____ () C:\Users\Manfred\Downloads\wifite-2.0r85.tar.gz 2014-03-28 01:23 - 2014-03-28 01:23 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Avira 2014-03-28 01:12 - 2014-03-28 01:14 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2014-03-28 01:12 - 2014-03-28 01:14 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-03-28 01:12 - 2014-03-28 01:14 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-03-28 01:12 - 2014-03-28 01:12 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-03-28 01:12 - 2014-03-28 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-03-28 01:12 - 2014-03-28 01:12 - 00000000 ____D () C:\ProgramData\Avira 2014-03-28 01:12 - 2014-03-28 01:12 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-28 01:12 - 2013-09-30 12:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2014-03-28 01:05 - 2014-03-28 01:09 - 122946048 _____ () C:\Users\Manfred\Downloads\avira14_free_antivirus_de.exe 2014-03-28 01:04 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== One Month Modified Files and Folders ======= 2014-04-25 20:21 - 2014-04-25 20:21 - 00000000 ____D () C:\FRST 2014-04-25 20:21 - 2014-04-25 20:16 - 00000000 ____D () C:\Users\Manfred\Downloads\scan 2014-04-25 20:19 - 2014-04-25 20:19 - 00000168 _____ () C:\Users\Manfred\defogger_reenable 2014-04-25 20:19 - 2014-03-01 15:06 - 00000000 ____D () C:\Users\Manfred 2014-04-25 20:07 - 2014-03-01 14:02 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-25 20:02 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-04-25 20:02 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-04-25 20:02 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-04-25 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-04-25 19:38 - 2014-03-01 14:59 - 01256904 _____ () C:\WINDOWS\WindowsUpdate.log 2014-04-25 16:26 - 2014-03-04 12:21 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\XnView 2014-04-25 16:20 - 2014-03-04 12:20 - 00000000 ____D () C:\Users\Manfred\Desktop\bilder Treppe 2014-04-25 14:44 - 2014-03-01 14:02 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-25 10:51 - 2014-04-25 08:13 - 00000000 ____D () C:\Users\Manfred\Desktop\Manfred 2014-04-25 10:51 - 2013-08-22 16:46 - 00302220 _____ () C:\WINDOWS\setupact.log 2014-04-25 09:40 - 2014-04-16 11:06 - 00000053 _____ () C:\WINDOWS\dach.INI 2014-04-24 23:09 - 2014-04-24 23:09 - 00001290 _____ () C:\Users\Manfred\Desktop\Prüfung Meister - Verknüpfung.lnk 2014-04-24 16:53 - 2014-04-24 16:53 - 00000000 ____D () C:\Program Files\FileOpen 2014-04-24 16:53 - 2014-04-24 16:53 - 00000000 ____D () C:\Program Files (x86)\FileOpen 2014-04-24 16:00 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-04-23 23:03 - 2014-02-25 19:38 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-985481003-2855859536-316065226-1002 2014-04-23 21:37 - 2014-02-25 20:33 - 00000000 ____D () C:\Program Files (x86)\cadwork.dir 2014-04-23 19:18 - 2014-04-03 12:27 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-04-23 18:32 - 2013-11-14 00:18 - 00056628 _____ () C:\WINDOWS\PFRO.log 2014-04-23 15:16 - 2014-03-04 12:42 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe 2014-04-23 15:15 - 2014-04-23 15:15 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-04-23 15:15 - 2014-04-23 15:15 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-23 15:15 - 2014-03-04 12:42 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-23 15:05 - 2014-04-23 15:05 - 00003172 _____ () C:\WINDOWS\System32\Tasks\{95F2D096-A407-4C8E-A49B-B9B5F98E6F64} 2014-04-22 14:03 - 2014-03-04 22:30 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Microsoft Help 2014-04-21 23:36 - 2014-02-25 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cadwork 2014-04-21 23:23 - 2014-02-25 21:20 - 00001095 _____ () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\cadwork.lnk 2014-04-21 23:21 - 2014-02-25 20:33 - 00000000 ____D () C:\Users\Public\Documents\cadwork 2014-04-21 22:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-04-21 22:07 - 2014-04-21 20:38 - 00002277 _____ () C:\Users\Public\Desktop\Treppensoftware- Programme ND.lnk 2014-04-21 21:56 - 2014-04-21 21:56 - 00004224 _____ () C:\WINDOWS\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-21 21:56 - 2014-03-24 14:50 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-21 21:40 - 2014-04-21 21:39 - 02707456 _____ () C:\Users\Manfred\Downloads\FileOpenInstaller64(2).msi 2014-04-21 21:34 - 2014-04-21 21:34 - 02707456 _____ () C:\Users\Manfred\Downloads\FileOpenInstaller64(1).msi 2014-04-21 20:38 - 2014-04-21 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compass Software 2014-04-21 20:30 - 2013-12-01 07:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-21 20:07 - 2014-04-21 20:07 - 00001444 _____ () C:\Users\Manfred\Downloads\STG06278 2014-04-21 19:57 - 2014-04-21 19:57 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2014-04-21 19:57 - 2014-04-21 19:57 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2014-04-21 19:57 - 2014-04-21 19:57 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2014-04-21 19:57 - 2014-04-21 19:57 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2014-04-21 19:57 - 2014-04-21 19:57 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2014-04-20 21:53 - 2014-02-26 16:06 - 00000000 ____D () C:\Megatech 2014-04-16 20:59 - 2014-04-16 20:54 - 98135552 _____ () C:\Users\Manfred\Downloads\Abb18_0.exe 2014-04-16 20:58 - 2014-04-16 20:55 - 32099072 _____ () C:\Users\Manfred\Downloads\ServicePack_Nussreiner-20.13.08.21.exe 2014-04-16 20:56 - 2014-04-16 20:55 - 12149248 _____ () C:\Users\Manfred\Downloads\SP_18_1_26_2_14.exe 2014-04-16 16:51 - 2014-04-16 16:31 - 00000156 _____ () C:\Users\Manfred\Desktop\160414_Manfred__PrjData.sbl 2014-04-16 16:51 - 2014-04-16 10:38 - 01237890 _____ () C:\Users\Manfred\Desktop\160414_Manfred_.PRT 2014-04-16 09:46 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-04-16 09:41 - 2014-04-16 10:38 - 00000470 _____ () C:\Users\Manfred\Desktop\502329_14_NUSSA.MPF 2014-04-16 09:14 - 2014-04-16 08:54 - 01591409 _____ () C:\Users\Manfred\Desktop\Holzbau cad übung.3d 2014-04-16 08:55 - 2014-03-04 10:59 - 00000000 ____D () C:\Users\Manfred\Desktop\backups 2014-04-16 08:46 - 2014-04-16 08:41 - 00000000 ____D () C:\Users\Manfred\Desktop\502329_13_NUSSA_Manfred 2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Manfred\AppData\Local\pcvisit Software AG 2014-04-16 08:40 - 2014-04-16 08:40 - 00000333 _____ () C:\Users\Manfred\Downloads\502329_13_NUSSA_Manfred(1).zip 2014-04-14 20:13 - 2014-04-21 21:56 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-21 21:56 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-21 21:56 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-21 21:56 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2014-04-14 13:33 - 2014-04-14 12:41 - 00000683 _____ () C:\Users\Manfred\Desktop\Neues Textdokument.txt 2014-04-10 08:45 - 2013-08-22 16:44 - 00413296 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2014-04-10 08:44 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform 2014-04-10 08:44 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2014-04-10 08:44 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2014-04-10 08:44 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\uk-UA 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\tr-TR 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\th-TH 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sl-SI 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sk-SK 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\ro-RO 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\lv-LV 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\lt-LT 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\hr-HR 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\he-IL 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\et-EE 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\bg-BG 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\ar-SA 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager 2014-04-10 08:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera 2014-04-10 08:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2014-04-10 08:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2014-04-10 08:43 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2014-04-10 08:17 - 2014-03-01 14:59 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-04-10 08:17 - 2013-08-22 16:46 - 00000618 _____ () C:\WINDOWS\setuperr.log 2014-04-10 00:59 - 2014-03-23 15:10 - 00000000 ____D () C:\Users\Manfred\Desktop\Laufrouten 2014-04-09 21:53 - 2014-02-25 20:13 - 00000000 ____D () C:\Users\Manfred\Desktop\Tor Browser 2014-04-09 21:50 - 2014-04-09 21:47 - 22913908 _____ () C:\Users\Manfred\Downloads\torbrowser-install-3.5.4_en-US.exe 2014-04-09 15:10 - 2014-03-01 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-04-09 15:09 - 2014-04-09 15:09 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf 2014-04-09 15:09 - 2014-03-01 10:21 - 90655440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-04-09 13:32 - 2014-04-09 13:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-04-09 13:32 - 2014-04-09 13:32 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-04-09 13:06 - 2014-04-09 13:06 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-04-09 13:01 - 2014-04-09 13:01 - 00001972 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-04-09 13:01 - 2014-04-09 13:01 - 00001922 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-04-09 13:01 - 2014-04-09 13:01 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Canneverbe Limited 2014-04-09 13:01 - 2014-04-09 13:01 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-04-09 13:00 - 2014-04-09 13:00 - 05290664 _____ (Canneverbe Limited ) C:\Users\Manfred\Downloads\cdbxp_setup_4.5.3.4643.exe 2014-04-09 10:45 - 2014-03-01 12:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\vlc 2014-04-09 10:30 - 2014-04-09 10:30 - 00000000 ____D () C:\SAVE EXACT 2014-04-09 10:14 - 2014-04-09 10:13 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\EAC 2014-04-09 10:14 - 2014-04-09 10:13 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\AccurateRip 2014-04-09 10:13 - 2014-04-09 10:13 - 00001093 _____ () C:\Users\Public\Desktop\Exact Audio Copy.lnk 2014-04-09 10:13 - 2014-04-09 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy 2014-04-09 10:13 - 2014-04-09 10:13 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy 2014-04-09 10:11 - 2014-04-09 10:11 - 04422611 _____ () C:\Users\Manfred\Downloads\eac-1.0beta3.exe 2014-04-09 10:06 - 2014-04-09 10:05 - 31524272 _____ (DVDVideoSoft Ltd. ) C:\Users\Manfred\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228.exe 2014-04-09 09:50 - 2014-02-26 15:59 - 00000432 _____ () C:\WINDOWS\BRWMARK.INI 2014-04-08 20:40 - 2014-04-03 12:26 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-08 20:40 - 2014-04-03 12:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-04-08 20:40 - 2014-04-03 12:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-08 00:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\System 2014-04-08 00:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Resources 2014-04-03 22:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-04-03 12:26 - 2014-04-03 12:26 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-03 12:26 - 2014-04-03 12:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-03 11:57 - 2014-04-03 11:57 - 13084896 _____ (Microsoft Corporation) C:\Users\Manfred\Downloads\Silverlight_x64.exe 2014-04-03 10:29 - 2014-02-26 08:54 - 00007620 _____ () C:\Users\Manfred\AppData\Local\Resmon.ResmonCfg 2014-04-03 09:51 - 2014-04-03 12:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-03 12:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-03 12:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-04-02 21:54 - 2014-04-02 21:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-04-02 18:44 - 2014-02-25 19:32 - 00000000 ___RD () C:\Users\Manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-02 12:46 - 2014-04-02 12:28 - 00013919 _____ () C:\Users\Manfred\Documents\nebenkostenabrechung.xlsx 2014-04-02 01:05 - 2014-04-02 01:05 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Apps\2.0 2014-04-02 00:53 - 2014-02-25 19:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-01 23:43 - 2014-04-01 23:43 - 15912395 _____ () C:\Users\Manfred\Downloads\FreenetInstaller-1459.exe 2014-03-31 23:23 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:23 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-31 03:16 - 2014-04-09 13:33 - 23134208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-03-31 01:57 - 2014-04-09 13:33 - 17073152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-03-30 18:06 - 2014-03-30 18:06 - 00000000 ___RD () C:\Users\Manfred\AppData\Roaming\Brother 2014-03-29 23:39 - 2014-03-29 23:39 - 00082047 _____ () C:\Users\Manfred\Downloads\dasessen.swf 2014-03-29 21:34 - 2014-03-29 21:34 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-29 03:58 - 2014-03-29 03:58 - 00116616 _____ () C:\Users\Manfred\Downloads\wifite_r68.py 2014-03-29 03:57 - 2014-03-29 03:57 - 00033176 _____ () C:\Users\Manfred\Downloads\wifite-2.0r85.tar.gz 2014-03-29 03:00 - 2014-03-15 02:53 - 00000000 ____D () C:\Users\Manfred\dwhelper 2014-03-28 01:23 - 2014-03-28 01:23 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Avira 2014-03-28 01:17 - 2014-02-25 19:52 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-28 01:14 - 2014-03-28 01:12 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2014-03-28 01:14 - 2014-03-28 01:12 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2014-03-28 01:14 - 2014-03-28 01:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2014-03-28 01:12 - 2014-03-28 01:12 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-03-28 01:12 - 2014-03-28 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-03-28 01:12 - 2014-03-28 01:12 - 00000000 ____D () C:\ProgramData\Avira 2014-03-28 01:12 - 2014-03-28 01:12 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-28 01:09 - 2014-03-28 01:05 - 122946048 _____ () C:\Users\Manfred\Downloads\avira14_free_antivirus_de.exe 2014-03-28 01:05 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-03-28 01:03 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP Some content of TEMP: ==================== C:\Users\Manfred\AppData\Local\Temp\avgnt.exe C:\Users\Manfred\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Manfred\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Manfred\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe C:\Users\Manfred\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Manfred\AppData\Local\Temp\mirc732.exe C:\Users\Manfred\AppData\Local\Temp\uninstall.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-22 09:25 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-04-2014 01 Ran by Manfred at 2014-04-25 20:21:33 Running from C:\Users\Manfred\Downloads\scan Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Alcatel onetouch Manager (HKLM-x32\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden Brother MFC-9320CW (HKLM-x32\...\{FC4E02A9-6C12-4F69-85F6-BFA164105F1F}) (Version: 1.00 - Brother) Brother MFL-Pro Suite MFC-9320CW (HKLM-x32\...\{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}) (Version: 3.0.3.0 - Brother Industries, Ltd.) cadwork (HKLM-x32\...\cadwork) (Version: 19.280.0 - Cadwork Informatik) cadwork (x32 Version: 19.280.0 - Cadwork Informatik) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Definition update for Microsoft Office 2010 (KB982726) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B3AADEEC-7004-4B74-93C2-C3136EA92D76}) (Version: - Microsoft) eDocPrintPro v3.17.0 (HKLM\...\{EE92BF61-A3C6-451B-9EA5-34A8C0895B67}) (Version: 3.17.0 - MAY-Computer) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo) Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff) FileOpen Client (x64) B928 (HKLM\...\{3ED9A79B-1419-4C5F-BA88-EFD6F180EBE5}) (Version: 3.0.95.928 - FileOpen Systems, Inc.) Frilo.System.Next (HKLM-x32\...\{FB83BA58-9E3D-4EDB-B15C-4BB2254E67A2}) (Version: 3.9.11 - Friedrich + Lochner GmbH) FriloBase (HKLM-x32\...\{4DBEF603-5CE5-4629-8B79-FAA95CC46915}) (Version: 1.0.0 - Friedrich + Lochner GmbH) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden gs_x64 (HKLM\...\{2E415339-7210-4A3B-84EA-E50FE7565F0D}) (Version: 9.00 - MAY-Computer) Hundegger CAMBIUM 1 (HKLM-x32\...\{96ABFB36-CD65-4F15-907F-7D90E3213007}) (Version: 1.11.22.37426 - Hans Hundegger Maschinenbau GmbH) Hundegger K2 9 (HKLM-x32\...\{D901B54B-287A-43D0-9DDE-96DFA7A768DD}) (Version: 9.2.1.6797 - Hans Hundegger Maschinenbau GmbH) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation) Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation) Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel(R) Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden Intel(R) WiDi (HKLM\...\{90621A56-901E-417D-A8CB-E8E3A6793C29}) (Version: 4.1.19.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{aaf3655f-6961-4be2-aa4e-6de4dc1dc8f4}) (Version: 16.1.5 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.19.2 - ELAN Microelectronic Corp.) Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) MegaCAD 2013 3D Nussreiner 2 ServicePack-20.13.08.21 (HKLM-x32\...\MegaCAD 2013 3D Nussreiner 2 ServicePack-20.13.08.21) (Version: - ) MegaCAD 3D 2013 (HKLM-x32\...\MegaCAD 3D 2013) (Version: - Megatech Software GmbH) Megatech Lizenzserver (HKLM-x32\...\Megatech Lizenzserver) (Version: 2.0.0.0 - Megatech Software GmbH) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: - ) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Optimus Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.201.0 - Tracker Software Products Ltd) Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - ) Staircase- Software Programs ND (HKLM-x32\...\{91F52CB7-F113-11D3-B5BA-0000E86AF06F}) (Version: 10.6.0 - Compass Software GmbH) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc) Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo) Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) XChat 2 (remove only) (HKLM-x32\...\xchat) (Version: - ) XnView 2.00 (HKLM-x32\...\XnView_is1) (Version: 2.00 - Gougelet Pierre-e) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Restore Points ========================= 24-04-2014 08:29:43 Removed FileOpen Client (x64) B928 24-04-2014 08:30:32 Installed FileOpen Client (x64) B928 ==================== Hosts content: ========================== 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {80F6558E-4332-4A74-BBAF-8083BA0F8946} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9EF68C89-28EB-4D22-9CA8-3413F6EAC4CB} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo) Task: {A5BACCA4-2968-4CD5-8EF5-9858D0FF2B46} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation) Task: {AF93630B-97BA-490E-A202-CE587D20E63E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.) Task: {C71900C1-C22A-4C6C-B837-A7568078DC0C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-04-09] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F09A0D8B-4DEC-4C89-A444-B6C31F10102C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-01] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-07-01 10:21 - 2013-07-01 10:21 - 01127736 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe 2013-07-01 01:16 - 2013-07-01 01:16 - 00628224 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll 2013-07-01 01:16 - 2013-07-01 01:16 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll 2013-07-01 01:15 - 2013-07-01 01:15 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll 2013-07-01 01:17 - 2013-07-01 01:17 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll 2013-07-01 01:17 - 2013-07-01 01:17 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll 2013-07-01 01:17 - 2013-07-01 01:17 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll 2013-07-01 01:16 - 2013-07-01 01:16 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll 2013-07-01 01:16 - 2013-07-01 01:16 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll 2013-07-01 01:15 - 2013-07-01 01:15 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll 2013-07-01 10:21 - 2013-07-01 10:21 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe 2014-04-16 08:32 - 2007-12-12 10:29 - 00036864 _____ () C:\Megatech\MProtect\MPSERV.EXE 2014-03-04 12:50 - 2005-04-22 14:36 - 00143360 ____N () C:\WINDOWS\system32\BrSNMP64.dll 2014-03-01 08:58 - 2013-11-01 05:43 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2013-12-01 07:36 - 2013-04-09 08:39 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe 2014-03-04 12:50 - 2012-09-25 12:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe 2014-03-28 01:12 - 2013-09-30 12:01 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-12-01 07:25 - 2013-05-15 20:08 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-03-04 12:50 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-02-25 19:38 - 2014-03-29 21:34 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Manfred\Desktop\160414_Manfred_.PRT:DocumentSummaryInformation AlternateDataStreams: C:\Users\Manfred\Desktop\160414_Manfred_.PRT:SebiesnrMkudrfcoIaamtykdDa AlternateDataStreams: C:\Users\Manfred\Desktop\160414_Manfred_.PRT:SummaryInformation AlternateDataStreams: C:\Users\Manfred\Desktop\160414_Manfred_.PRT:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} AlternateDataStreams: C:\Users\Manfred\Desktop\eckig Manfred.PRT:DocumentSummaryInformation AlternateDataStreams: C:\Users\Manfred\Desktop\eckig Manfred.PRT:SebiesnrMkudrfcoIaamtykdDa AlternateDataStreams: C:\Users\Manfred\Desktop\eckig Manfred.PRT:SummaryInformation AlternateDataStreams: C:\Users\Manfred\Desktop\eckig Manfred.PRT:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AppReadiness => 3 MSCONFIG\Services: Browser => 3 MSCONFIG\Services: FileOpenManager => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 ==================== Faulty Device Manager Devices ============= Name: Shrew Soft Virtual Adapter Description: Shrew Soft Virtual Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Shrew Soft Service: vnet Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (04/25/2014 04:26:03 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: xnview.exe, Version: 2.0.0.0, Zeitstempel: 0x5163de15 Name des fehlerhaften Moduls: CADImage.DLL, Version: 8.2.0.1, Zeitstempel: 0x500900b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000047db ID des fehlerhaften Prozesses: 0x980 Startzeit der fehlerhaften Anwendung: 0xxnview.exe0 Pfad der fehlerhaften Anwendung: xnview.exe1 Pfad des fehlerhaften Moduls: xnview.exe2 Berichtskennung: xnview.exe3 Vollständiger Name des fehlerhaften Pakets: xnview.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: xnview.exe5 Error: (04/25/2014 02:56:06 PM) (Source: Microsoft-Windows-Defrag) (User: ) Description: Das Volume "Windows8_OS (C:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (04/25/2014 10:57:47 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/25/2014 10:57:47 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/25/2014 10:57:46 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/25/2014 10:57:46 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/25/2014 10:57:08 AM) (Source: Microsoft-Windows-Defrag) (User: ) Description: Das Volume "Windows8_OS (C:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (04/25/2014 10:56:43 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/25/2014 10:56:43 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/25/2014 10:56:42 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (04/25/2014 07:55:18 PM) (Source: DCOM) (User: Manfred2) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (04/25/2014 07:54:48 PM) (Source: DCOM) (User: Manfred2) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (04/25/2014 10:00:01 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (04/25/2014 00:53:48 AM) (Source: Service Control Manager) (User: ) Description: Vom folgenden Dienst wurde wiederholt nicht auf Dienststeuerungsanforderungen reagiert: ShrewSoft IKE Daemon Erkundigen Sie sich beim Diensthersteller oder beim Systemadministrator danach, ob der Dienst deaktiviert werden sollte, bis das Problem gefunden wurde. Der Computer muss unter Umständen im abgesicherten Modus gestartet werden, um den Dienst deaktivieren zu können. Error: (04/24/2014 10:38:13 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iked erreicht. Error: (04/24/2014 10:37:43 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iked erreicht. Error: (04/24/2014 09:04:03 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iked erreicht. Error: (04/24/2014 07:31:32 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iked erreicht. Error: (04/24/2014 05:46:32 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iked erreicht. Error: (04/24/2014 05:46:02 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iked erreicht. Microsoft Office Sessions: ========================= Error: (04/25/2014 04:26:03 PM) (Source: Application Error)(User: ) Description: xnview.exe2.0.0.05163de15CADImage.DLL8.2.0.1500900b8c0000005000047db98001cf60924918f596C:\Program Files (x86)\XnView\xnview.exeC:\Program Files (x86)\XnView\Plugins\CADImage.DLL878b6542-cc85-11e3-bea4-00c2c612f4ca Error: (04/25/2014 02:56:06 PM) (Source: Microsoft-Windows-Defrag)(User: ) Description: Windows8_OS (C:)Falscher Parameter. (0x80070057) Error: (04/25/2014 10:57:47 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\cadwork.dir\EXE_19\pclib\LxSDK\bin\TKQMesD.dll Error: (04/25/2014 10:57:47 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\cadwork.dir\EXE_19\pclib\LxSDK\bin\TKEMesD.dll Error: (04/25/2014 10:57:46 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\cadwork.dir\EXE_19\lexocad\dlls\TKEMesD.dll Error: (04/25/2014 10:57:46 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\cadwork.dir\EXE_19\lexocad\dlls\TKQMesD.dll Error: (04/25/2014 10:57:08 AM) (Source: Microsoft-Windows-Defrag)(User: ) Description: Windows8_OS (C:)Falscher Parameter. (0x80070057) Error: (04/25/2014 10:56:43 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\cadwork.dir\EXE_19\pclib\LxSDK\bin\TKQMesD.dll Error: (04/25/2014 10:56:43 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\cadwork.dir\EXE_19\pclib\LxSDK\bin\TKEMesD.dll Error: (04/25/2014 10:56:42 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"c:\program files (x86)\cadwork.dir\EXE_19\lexocad\dlls\TKEMesD.dll CodeIntegrity Errors: =================================== Date: 2014-03-26 18:07:49.740 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-26 18:07:42.223 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-12 21:53:18.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-12 21:53:17.849 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 8104.27 MB Available physical RAM: 5757.05 MB Total Pagefile: 9384.27 MB Available Pagefile: 6867.78 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:890.97 GB) (Free:638.87 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.4 GB) NTFS Drive f: (CADWORK4096) (Removable) (Total:3.72 GB) (Free:0.56 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 6877AA51) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 04030201) Partition 1: (Not Active) - (Size=4 GB) - (Type=0C) ==================== End Of Log ============================ GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-25 20:30:25 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000LM014-1EJ164 rev.LVD3 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\Manfred\AppData\Local\Temp\pwrdypob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000157e00 15 bytes [00, FA, 0E, 02, C0, 9C, 70, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000157e10 11 bytes [00, 00, FC, FF, 80, FA, C0, ...] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ff894793120 7 bytes JMP 00007ff9921602d0 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ff894794500 7 bytes JMP 00007ff992160308 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ff894841200 7 bytes JMP 00007ff992160340 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ff894841280 7 bytes JMP 00007ff9921603b0 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ff8948416d0 7 bytes JMP 00007ff992160378 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ff894847250 7 bytes JMP 00007ff992160260 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ff89486d840 7 bytes JMP 00007ff992160228 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ff89486d8b0 7 bytes JMP 00007ff992160298 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ff8921720f4 7 bytes JMP 00007ff9921600d8 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ff892175380 5 bytes JMP 00007ff992160180 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ff8921754b8 5 bytes JMP 00007ff992160110 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ff892175520 5 bytes JMP 00007ff992160148 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ff8945b7b64 10 bytes JMP 00007ff992160490 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ff8945d2910 5 bytes JMP 00007ff992160420 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ff8945d4578 5 bytes JMP 00007ff992160458 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ff8945d4980 9 bytes JMP 00007ff9921603e8 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ff892981500 8 bytes JMP 00007ff9921601b8 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ff892981750 8 bytes JMP 00007ff9921601f0 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007ff88fdd705c 5 bytes JMP 00007ff98fc500d8 .text C:\WINDOWS\System32\dwm.exe[3992] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007ff88fdd7678 5 bytes JMP 00007ff98fc50110 .text C:\WINDOWS\system32\nvvsvc.exe[3172] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff8922d169a 4 bytes [2D, 92, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[3172] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff8922d16a2 4 bytes [2D, 92, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[3172] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff8922d181a 4 bytes [2D, 92, F8, 7F] .text C:\WINDOWS\system32\nvvsvc.exe[3172] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff8922d1832 4 bytes [2D, 92, F8, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [5072:3088] fffff960009754d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- und im abgesichterten Modus: GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-04-25 20:52:21 Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST1000LM014-1EJ164 rev.LVD3 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\Manfred\AppData\Local\Temp\pwrdypob.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\Explorer.EXE[392] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffae4a3154a 4 bytes [A3, E4, FA, 7F] .text C:\WINDOWS\Explorer.EXE[392] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffae4a31552 4 bytes [A3, E4, FA, 7F] .text C:\WINDOWS\Explorer.EXE[392] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffae4a3162a 4 bytes [A3, E4, FA, 7F] .text C:\WINDOWS\Explorer.EXE[392] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffae4a31642 4 bytes [A3, E4, FA, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [492:380] fffff960008bd4d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Das wärs erstmal von meine Seite, lg Manfred |
25.04.2014, 21:11 | #2 |
/// the machine /// TB-Ausbilder | Windows 8.1 Lenovo Laptop und sein Eigenleben hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
25.04.2014, 23:12 | #3 |
| Windows 8.1 Lenovo Laptop und sein EigenlebenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2014 03 Ran by SYSTEM on MININT-I56U7HE on 26-04-2014 00:00:13 Running from E:\ Windows 8.1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation) HKLM\...\Run: [UMonit64] => C:\WINDOWS\SysWOW64\UMonit64.exe [40960 2013-04-09] () HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-12-01] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-01] (Lenovo(beijing) Limited) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.) HKLM\...\Run: [FileOpenBroker] => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe [1589104 2013-03-26] (FileOpen Systems Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-28] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\Manfred\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [184048 2013-11-01] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-11-01] (NVIDIA Corporation) ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-28] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-28] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-28] (Avira Operations GmbH & Co. KG) S2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel) S2 FileOpenManager; C:\Program Files\FileOpen\Services\FileOpenManager64.exe [337264 2013-03-19] (FileOpen Systems Inc.) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation) S2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] () S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation) S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) S2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S2 Megatech-Software-Protection; C:\Megatech\MProtect\MPSERV.EXE [36864 2007-12-12] () S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-03-28] (Avira Operations GmbH & Co. KG) S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-03-28] (Avira Operations GmbH & Co. KG) S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG) S2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2014-03-28] (Avira Operations GmbH & Co. KG) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider) S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) S2 CSDriver; C:\WINDOWS\SysWOW64\Drivers\CSDriver.Sys [6027 2002-09-24] (Windows (R) 2000 DDK provider) S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-04] (Disc Soft Ltd) S3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation) S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-01] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-22] (Intel Corporation) S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-01] (Microsoft Corporation) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows (R) Win 7 DDK provider) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1 C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1 C:\Windows\System32\drivers\ACPI.sys 3D30878A269D934100FA5F972E53AF39 C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813 C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65 C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7 C:\Windows\System32\drivers\AcpiVpc.sys 3B42D95D20CD2AACDB0564471AE43ED7 C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD C:\Windows\system32\drivers\afd.sys 239268BAB58EAE9A3FF4E08334C00451 C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8 C:\Windows\System32\DRIVERS\ahcache.sys 8E8E34B7BA059050EED827410D0697A2 C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729 C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3 C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2 C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50 C:\Windows\system32\drivers\appid.sys 04951A9A937CBE28A2D3FEEA360B6D1F C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD C:\Windows\System32\DRIVERS\avgntflt.sys 7806BFCD1D7FA5EC23F7324D4EAFD25B C:\Windows\system32\DRIVERS\avipbb.sys C3A58DBD18786C338126D30BF8C33D72 C:\Windows\system32\DRIVERS\avkmgr.sys 390184FAD8FCC1B6DA25AEBAE928C3B6 C:\Windows\system32\DRIVERS\avnetflt.sys 3B220F0D170EE8EE2B365749B03D73F6 C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68 C:\Windows\System32\drivers\BasicRender.sys 2748E116F8621A4DB0D39FCDD7318C01 C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21 C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6 C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697 C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7 C:\Windows\System32\drivers\BthEnum.sys 131F1C8573E7BFB41C54FBF5309CCD94 C:\Windows\System32\drivers\bthhfenum.sys 746B9F94214915AECDE4B7FEA5FF9664 C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07 C:\Windows\System32\drivers\BthLEEnum.sys FCD8BD17B7193CFFF18C332D1A381D7F C:\Windows\System32\drivers\bthmodem.sys 07E33226AD218A2A162662A05CAFB52F C:\Windows\system32\DRIVERS\bthpan.sys 3AFE71D80EDF5D4DE0C5731352905669 C:\Windows\System32\Drivers\BTHport.sys 10EDF9E0838BA4578FFFFF274632D454 C:\Windows\System32\Drivers\BTHUSB.sys 0E7FA34B975764C33B5DBC6F8C401627 C:\Windows\system32\DRIVERS\btmaux.sys 4428C299BE7B9841ECFA82044B69FA6A C:\Windows\system32\DRIVERS\btmhsf.sys 7B31A8A9DC95B3634D896FD0F2814F19 C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9 C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B C:\Windows\System32\drivers\CLFS.sys B8B663BE41827211737F627473D6D192 C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB C:\Windows\System32\Drivers\cng.sys 825BE21E6395E00698D8A23955A87972 C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905 C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2 C:\WINDOWS\SysWOW64\Drivers\CSDriver.Sys 7F7823DFBE7DF6003AE2937E8CE9AB86 C:\Windows\System32\drivers\dam.sys 315BA4BC19316D72B2E037534E048B93 C:\Windows\System32\Drivers\dfsc.sys 5DB26D7E0216D0BF364A81D3829AD7B9 C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85 C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F C:\Windows\system32\drivers\drmkaud.sys DDC11A202207C0400CBE07315B8FDE5E C:\Windows\System32\drivers\dtsoftbus01.sys 6A0E850DDCB136AA3D2FB7234382DF12 C:\Windows\System32\drivers\dxgkrnl.sys 13B160C1913F012BD1615EB1398D3779 C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9 C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3 C:\Windows\system32\DRIVERS\ETD.sys 70C7F8406767314DF77D3E62C465D331 C:\Windows\system32\DRIVERS\ETDSMBus.sys 6B3AD858EEEAC7407B39868ADEC67407 C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4 C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B C:\Windows\System32\drivers\fileinfo.sys 957A7A8F5ACCAF23DD9DFF6DAA393CE5 C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A C:\Windows\System32\drivers\fltmgr.sys 60D5067FCE6D9433D35E04C01D8538B3 C:\Windows\System32\drivers\FsDepends.sys 35005534E600E993A90B036E4E599F2B C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42 C:\Windows\system32\drivers\ftdibus.sys 0B0E36E669B47E256BE7BDB66D76CCCF C:\Windows\system32\drivers\ftser2k.sys D35D8310AA13DC851EC2319D1640A17B C:\Windows\System32\DRIVERS\fvevol.sys 83E1F0983B02A6F8EC764D18E24ECF10 C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015 C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1 C:\Windows\System32\Drivers\msgpioclx.sys FDA72810CA2F8409D9B31E833C448E34 C:\Windows\System32\drivers\HDAudBus.sys 03909BDBFF0DCACCABF2B2D4ADEE44DC C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906 C:\Windows\System32\drivers\hidbth.sys 1EA1B4FABB8CC348E73CA90DBA22E104 C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17 C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95 C:\Windows\System32\drivers\hidusb.sys F31397220D9687E11EB448649AA6E038 C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D C:\Windows\System32\drivers\HTTP.sys 3502776E366C913D49C0DA928AE3E6CB C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1 C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25 C:\Windows\System32\drivers\i8042prt.sys 84CFC5EFA97D0C965EDE1D56F116A541 C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05 C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C C:\Windows\System32\drivers\iaStorA.sys 0A34D806EF2767E62CAFEA1A150A8830 C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2 C:\Windows\system32\DRIVERS\iBtFltCoex.sys 23E22B130EFE5A225E279467BE146317 C:\Windows\system32\DRIVERS\igdkmd64.sys 0AECABC08F9AB4E504935B7662123B6E C:\Windows\system32\drivers\intelaud.sys F0F581A2299CB2BAB1DF2597BCDDB80F C:\Windows\system32\drivers\RTKVHD64.sys 12628A1A2495D202A813B7743F799257 C:\Windows\system32\DRIVERS\IntcDAud.sys 0E0B99617ED3FDB6C5F0E2D62709B5DF C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157 C:\Windows\System32\drivers\intelpep.sys 139CFCDCD36B1B1782FD8C0014AC9B0E C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9 C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514 C:\Windows\System32\drivers\IPMIDrv.sys 9949A3C7590B8C536C05312205079A82 C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97 C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21 C:\Windows\System32\drivers\msiscsi.sys 034D4BD9DC67C64F3A4C8A049B5173BF C:\Windows\System32\drivers\iwdbus.sys C2BC9AC9C6514230A481BDCA6A24BEFD C:\Windows\System32\drivers\kbdclass.sys 8BE92376799B6B44D543E8D07CDCF885 C:\Windows\System32\drivers\kbdhid.sys FB6E47E569D4872ABEB506BE03A45FBA C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05 C:\Windows\System32\Drivers\ksecdd.sys ADDECBCC777665BD113BED437E602AB0 C:\Windows\System32\Drivers\ksecpkg.sys 7296EA420134EAC390798B3232D066A4 C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F C:\Windows\system32\DRIVERS\L1C63x64.sys 50AECF8C21AB2A6428A6E1E10549D8E5 C:\Windows\System32\DRIVERS\LhdX64.sys BE166935083F9C38EDFDC21B9A7A679B C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8 C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141 C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191 C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C C:\Windows\system32\drivers\luafv.sys 5EF604B0698F4FA962778285E8C5F1F2 C:\WINDOWS\system32\drivers\mbam.sys FD5465B876D55534117963FAAA4B9DFC C:\WINDOWS\system32\drivers\mwac.sys 3FFFB7F54CD7A792099C10402FCF8F56 C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363 C:\Windows\System32\drivers\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624 C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378 C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9 C:\Windows\System32\drivers\mouclass.sys CEAC6D40FE887CE8406C2393CF97DE06 C:\Windows\System32\drivers\mouhid.sys 02D98BF804084E9A0D69D1C69B02CCA9 C:\Windows\System32\drivers\mountmgr.sys 515549560D481138E6E21AF7C6998E56 C:\Windows\System32\drivers\mpsdrv.sys F170510BE94CF45E3C6274578F6204B2 C:\Windows\system32\drivers\mrxdav.sys 59DCEC7499095DE5AED741358037AE2D C:\Windows\System32\DRIVERS\mrxsmb.sys 79B6F3DF7CDFD12159871FF71464F0CE C:\Windows\System32\DRIVERS\mrxsmb10.sys 295771B092D4F7FCF2B62F80CCD14320 C:\Windows\System32\DRIVERS\mrxsmb20.sys AAF56E4E84D35411B4E446C445732DFE C:\Windows\system32\DRIVERS\bridge.sys 4E888019078AC363076A5433E89AA4F8 C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08 C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31 C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D C:\Windows\system32\DRIVERS\mslldp.sys 375E44168F2DFB91A68B8A3F619C5A7C C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6 C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8 C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0 C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2 C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365 C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F C:\Windows\system32\DRIVERS\nwifi.sys CF8B989D89D6807B887690F2CF24EFD9 C:\Windows\System32\drivers\ndis.sys ED39D676080A1AEA755F1DEC1A8DF1A4 C:\Windows\system32\DRIVERS\ndiscap.sys C6BB12BC35D1637CA17AE16D3A4725EB C:\Windows\system32\DRIVERS\NdisImPlatform.sys 9F1DA20E943BE7AA4ED5F3E1EBA78B37 C:\Windows\system32\DRIVERS\ndistapi.sys 9423421E735BD5394351E0C47C76BB92 C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59 C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A C:\Windows\System32\Drivers\NDProxy.sys A5BD69A8812FA79D1A487691DD3FB244 C:\Windows\System32\drivers\Ndu.sys 5A072F0B90C29C5233D78BE33EF5ED78 C:\Windows\System32\DRIVERS\netbios.sys A83D67D347A684F10B7D3019C8A6380C C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD C:\Windows\system32\DRIVERS\netvsc63.sys 70414DB660BFBB7BD58FCE8EA4364E1B C:\Windows\system32\DRIVERS\NETwew00.sys 75B9B86878CC159FBC40C4F9202ADBE3 C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351 C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC C:\Windows\System32\drivers\nsiproxy.sys E490B459978CB87779E84C761D22B827 C:\Windows\System32\Drivers\Ntfs.sys 725EF69B2DBEB7B33280019A556201BC C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904 C:\Windows\system32\DRIVERS\nvlddmkm.sys 86B50CE257C74E378FC2686B8A1F8B30 C:\Windows\System32\DRIVERS\nvpciflt.sys 3C4C982A745D50EEF29A59927E4E37CD C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8 C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E C:\Windows\system32\drivers\nvvad64v.sys 939C0FAE9CC0CDD69E6508BDE4C11FE5 C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49 C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B C:\Windows\System32\drivers\partmgr.sys EF0C1749C9A8CEE9A457473D433CC00F C:\Windows\System32\drivers\pci.sys C0D3F3BC1C84B4BA746D9847314C1164 C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4 C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397 C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D C:\Windows\System32\drivers\pdc.sys B9D968D8E2B0F9C6301CEB39CFC9B9E4 C:\Windows\System32\drivers\peauth.sys BA50CC0BD19004AAB88BE37338B6FA0D C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F C:\Windows\system32\DRIVERS\pacer.sys 8528BB05E4D4E25945F78B00B2555FB7 C:\Windows\system32\drivers\qwavedrv.sys 3FB466684609A4329858CF2EBD62E0FD C:\Windows\System32\DRIVERS\rasacd.sys 2C56F0EE27E4EF70CA4B4983D3638905 C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051 C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32 C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF C:\Windows\System32\drivers\rdpvideominiport.sys 858776908AF838E3790F3261B799CDA6 C:\Windows\System32\drivers\rdyboost.sys 847C6A08912C3515807049C93E526D65 C:\Windows\System32\Drivers\ReFS.sys 036746D54347FD2D0385668E2A4064E4 C:\Windows\System32\drivers\rfcomm.sys 02307C86CB24769306B0DFA0C751952E C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0 C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7 C:\Windows\System32\DRIVERS\scfilter.sys ABD0237B15DBD2B4695F4B7D734A58F7 C:\Windows\System32\drivers\sdbus.sys 2F9A3380B8C0380E5608E29C7AA66899 C:\Windows\System32\drivers\sdstor.sys 4EAF4DCF9DBD9A56952A58F56D61C005 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89 C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431 C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166 C:\Windows\System32\drivers\sermouse.sys 0BD2B65DCE756FDE95A2E5CCCBF7705D C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764 C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F C:\Windows\System32\drivers\spaceport.sys F6EBE514D13ECE7EDC23440039CDF9AB C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34 C:\Windows\System32\DRIVERS\srv.sys 2B78788A1485F9B99A578A299DF42C02 C:\Windows\System32\DRIVERS\srv2.sys C1AE59C0B0817236EC083A91C396005A C:\Windows\System32\DRIVERS\srvnet.sys 77195C32175FC63D6054EBA5A066D727 C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B C:\Windows\system32\DRIVERS\serscan.sys 2A997C64F9B2584D81FA6749FE36A887 C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90 C:\Windows\System32\DRIVERS\vmstorfl.sys 7A08CEE1535F5A448215634C5EA74E50 C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F C:\Windows\System32\drivers\swenum.sys 84E0F5D41C138C5CC975137A2A98F6D3 C:\Windows\System32\drivers\tcpip.sys ECC68BD5347BDE9631EE68274858A41F C:\Windows\system32\DRIVERS\tcpip.sys ECC68BD5347BDE9631EE68274858A41F C:\Windows\System32\drivers\tcpipreg.sys 33A7D83EEB15431773A6E186CFAABA21 C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431 C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626 C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93 C:\Windows\System32\drivers\TsUsbGD.sys E0088068DCE2EE82897027DDB8E05254 C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242 C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54 C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B C:\Windows\System32\drivers\ucx01000.sys 5D1B430EA11064C56E7C8F84B90DEB6A C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21 C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9 C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034 C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E C:\Windows\System32\drivers\usb3Hub.sys D63ADC30F0E99216E715F313EA73F5F6 C:\Windows\System32\drivers\usbccgp.sys 433ECDE01A52691FA7ACA51C10C09B70 C:\Windows\System32\drivers\usbcir.sys B3D6457D841A0CAEF4C52D88621715F2 C:\Windows\System32\drivers\usbehci.sys 5477D6E27C7D266EF8C152B9A25ADE5E C:\Windows\System32\drivers\usbhub.sys DF56C2C04EFA328D7A66B69007130266 C:\Windows\System32\drivers\UsbHub3.sys C0E33820326199CE3CFD3B9F27F81D99 C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C C:\Windows\System32\drivers\USBSTOR.SYS 4628B415A84EA9D4D396A56F1D0CB6C6 C:\Windows\System32\drivers\usbuhci.sys BA4FA655E0FC577DB7436FC963932CE4 C:\Windows\System32\Drivers\usbvideo.sys 18F744E8CCEB2670040EBAF7AD77B8C6 C:\Windows\System32\drivers\USBXHCI.SYS D22EB844EB57D016CC34178AC86456DF C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562 C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD C:\Windows\system32\DRIVERS\vfilter.sys E4DA1D85CCCB610DFF0C0E116900E17F C:\Windows\System32\drivers\vhdmp.sys 041D3EF364E624DBB2703A64A5AADF89 C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199 C:\Windows\System32\drivers\vmbus.sys C6305BDFC4F7CE51F72BB072C03D4ACE C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F C:\Windows\system32\DRIVERS\virtualnet.sys A99CA064AD11266FE7067A79BF78BBB5 C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744 C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7 C:\Windows\System32\drivers\volsnap.sys C85C075DE5B6D0FE116043054DE8EE02 C:\Windows\System32\drivers\vpci.sys 01355C98B5C3ED1EC446743CDA848FCE C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07 C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0 C:\Windows\system32\DRIVERS\vwififlt.sys 6B26AD573CCDD5209DF4397438B76354 C:\Windows\system32\DRIVERS\vwifimp.sys 0B48E0DFB44EE475F4FD8A8EE599AF30 C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B C:\Windows\System32\drivers\WdBoot.sys 241895E8A9C158DF86E12FDD21033A32 C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D C:\Windows\System32\drivers\WdFilter.sys C52148456E0F6EAD9E903020A79207FC C:\Windows\System32\Drivers\WdNisDrv.sys 57F22324FAAF92ADF957B281E88F1743 C:\Windows\System32\DRIVERS\wfplwfs.sys 2E3E82D7B1076B90F4E228A8EF17B261 C:\Windows\System32\drivers\wimmount.sys 867BCC69ED9C31C501465EB0E8BA9DFA C:\Windows\system32\DRIVERS\WinUsb.sys AC263C2F66405589528995AA41040599 C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128 C:\Windows\System32\DRIVERS\wpcfltr.sys E746BCDBA2E02CF6B8D6B26FB167FBE0 C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572 C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F C:\Windows\System32\drivers\WSDScan.sys D38297814FB6E33655342D869996E617 C:\Windows\system32\DRIVERS\wsvd.sys 72B4E9DF6456C43C42A1419B09486045 C:\Windows\System32\drivers\WudfPf.sys 2FEAE33E9B2B56104596E1BA444405A9 C:\Windows\System32\drivers\WUDFRd.sys 19240C13F526125554B5370566F21A0A C:\Windows\system32\DRIVERS\WUDFRd.sys 19240C13F526125554B5370566F21A0A C:\Windows\system32\DRIVERS\WUDFRd.sys 19240C13F526125554B5370566F21A0A ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-25 22:29 - 2014-04-25 22:29 - 02061824 _____ (Farbar) C:\Users\Manfred\Downloads\FRST64.exe 2014-04-25 19:25 - 2014-04-25 19:25 - 00380416 _____ () C:\Users\Manfred\Downloads\Gmer-19357.exe 2014-04-25 19:21 - 2014-04-25 19:21 - 00000000 ____D () C:\FRST 2014-04-25 19:19 - 2014-04-25 19:19 - 00000168 _____ () C:\Users\Manfred\defogger_reenable 2014-04-25 19:16 - 2014-04-25 22:24 - 00000000 ____D () C:\Users\Manfred\Downloads\scan 2014-04-25 07:13 - 2014-04-25 09:51 - 00000000 ____D () C:\Users\Manfred\Desktop\Manfred 2014-04-24 22:09 - 2014-04-24 22:09 - 00001290 _____ () C:\Users\Manfred\Desktop\Prüfung Meister - Verknüpfung.lnk 2014-04-24 15:53 - 2014-04-24 15:53 - 00000000 ____D () C:\Program Files\FileOpen 2014-04-24 15:53 - 2014-04-24 15:53 - 00000000 ____D () C:\Program Files (x86)\FileOpen 2014-04-23 14:15 - 2014-04-23 14:15 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-23 14:05 - 2014-04-23 14:05 - 00003172 _____ () C:\Windows\System32\Tasks\{95F2D096-A407-4C8E-A49B-B9B5F98E6F64} 2014-04-21 20:56 - 2014-04-21 20:56 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-21 20:56 - 2014-04-14 19:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-21 20:56 - 2014-04-14 19:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-21 20:56 - 2014-04-14 19:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-21 20:56 - 2014-04-14 19:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-21 20:39 - 2014-04-21 20:40 - 02707456 _____ () C:\Users\Manfred\Downloads\FileOpenInstaller64(2).msi 2014-04-21 20:34 - 2014-04-21 20:34 - 02707456 _____ () C:\Users\Manfred\Downloads\FileOpenInstaller64(1).msi 2014-04-21 19:38 - 2014-04-21 21:07 - 00002277 _____ () C:\Users\Public\Desktop\Treppensoftware- Programme ND.lnk 2014-04-21 19:37 - 2004-11-28 07:43 - 00397312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSRDO20.DLL 2014-04-21 19:37 - 2004-11-28 07:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdocurs.dll 2014-04-21 19:37 - 2004-11-28 07:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RDO20DE.DLL 2014-04-21 19:37 - 2004-11-28 07:42 - 00041316 _____ () C:\Windows\SysWOW64\odbcinst.hlp 2014-04-21 19:37 - 2004-11-28 07:42 - 00026224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ODBC16GT.DLL 2014-04-21 19:37 - 2004-11-28 07:42 - 00007952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.cpl 2014-04-21 19:37 - 2004-11-28 07:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ODBC32GT.DLL 2014-04-21 19:37 - 2004-11-28 07:42 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DS32GT.DLL 2014-04-21 19:37 - 2004-11-28 07:42 - 00004656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DS16GT.DLL 2014-04-21 19:37 - 2004-11-28 07:42 - 00000421 _____ () C:\Windows\SysWOW64\odbcinst.cnt 2014-04-21 19:37 - 2004-11-28 07:34 - 01238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjt4jlt.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 01050896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00415504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBAR332.DLL 2014-04-21 19:37 - 2004-11-28 07:34 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbse35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00252688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00250128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspdox35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00174871 _____ () C:\Windows\SysWOW64\ODBCJET.HLP 2014-04-21 19:37 - 2004-11-28 07:34 - 00168720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00166672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSJINT35.DLL 2014-04-21 19:37 - 2004-11-28 07:34 - 00044304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrpfs35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JETCOMP.exe 2014-04-21 19:37 - 2004-11-28 07:34 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter35.dll 2014-04-21 19:37 - 2004-11-28 07:34 - 00007827 _____ () C:\Windows\SysWOW64\ODBCJET.CNT 2014-04-21 19:37 - 2004-04-19 13:29 - 00339968 _____ (MARX Software Security) C:\Windows\SysWOW64\MPIWIN32.DLL 2014-04-21 19:07 - 2014-04-21 19:07 - 00001444 _____ () C:\Users\Manfred\Downloads\STG06278 2014-04-21 18:57 - 2014-04-21 18:57 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\dpnathlp.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe 2014-04-21 18:57 - 2014-04-21 18:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2014-04-21 18:57 - 2014-04-21 18:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe 2014-04-21 18:57 - 2014-04-21 18:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\dpnhupnp.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\dpnhpast.dll 2014-04-16 19:55 - 2014-04-16 19:58 - 32099072 _____ () C:\Users\Manfred\Downloads\ServicePack_Nussreiner-20.13.08.21.exe 2014-04-16 19:55 - 2014-04-16 19:56 - 12149248 _____ () C:\Users\Manfred\Downloads\SP_18_1_26_2_14.exe 2014-04-16 19:54 - 2014-04-16 19:59 - 98135552 _____ () C:\Users\Manfred\Downloads\Abb18_0.exe 2014-04-16 15:31 - 2014-04-16 15:51 - 00000156 _____ () C:\Users\Manfred\Desktop\160414_Manfred__PrjData.sbl 2014-04-16 10:06 - 2014-04-25 08:40 - 00000053 _____ () C:\Windows\dach.INI 2014-04-16 09:38 - 2014-04-16 15:51 - 01237890 _____ () C:\Users\Manfred\Desktop\160414_Manfred_.PRT 2014-04-16 09:38 - 2014-04-16 08:41 - 00000470 _____ () C:\Users\Manfred\Desktop\502329_14_NUSSA.MPF 2014-04-16 07:54 - 2014-04-16 08:14 - 01591409 _____ () C:\Users\Manfred\Desktop\Holzbau cad übung.3d 2014-04-16 07:42 - 2014-04-16 07:42 - 00000000 ____D () C:\Users\Manfred\AppData\Local\pcvisit Software AG 2014-04-16 07:41 - 2014-04-16 07:46 - 00000000 ____D () C:\Users\Manfred\Desktop\502329_13_NUSSA_Manfred 2014-04-16 07:40 - 2014-04-16 07:40 - 00000333 _____ () C:\Users\Manfred\Downloads\502329_13_NUSSA_Manfred(1).zip 2014-04-16 07:32 - 2012-08-02 12:19 - 00050688 _____ () C:\Windows\System32\MPDLL.DLL 2014-04-14 11:41 - 2014-04-14 12:33 - 00000683 _____ () C:\Users\Manfred\Desktop\Neues Textdokument.txt 2014-04-09 20:47 - 2014-04-09 20:50 - 22913908 _____ () C:\Users\Manfred\Downloads\torbrowser-install-3.5.4_en-US.exe 2014-04-09 14:09 - 2014-04-09 14:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf 2014-04-09 12:33 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-04-09 12:33 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 12:33 - 2014-03-10 11:35 - 02008408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2014-04-09 12:33 - 2014-03-10 11:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys 2014-04-09 12:33 - 2014-03-06 10:19 - 01287576 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2014-04-09 12:33 - 2014-03-06 10:02 - 01109424 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2014-04-09 12:33 - 2014-03-06 07:17 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-09 12:33 - 2014-03-06 07:10 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 12:32 - 2014-04-09 12:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 12:32 - 2014-04-09 12:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-04-09 12:06 - 2014-04-09 12:06 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-04-09 12:01 - 2014-04-09 12:01 - 00001972 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-04-09 12:01 - 2014-04-09 12:01 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Canneverbe Limited 2014-04-09 12:01 - 2014-04-09 12:01 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-04-09 12:00 - 2014-04-09 12:00 - 05290664 _____ (Canneverbe Limited ) C:\Users\Manfred\Downloads\cdbxp_setup_4.5.3.4643.exe 2014-04-09 09:30 - 2014-04-09 09:30 - 00000000 ____D () C:\SAVE EXACT 2014-04-09 09:13 - 2014-04-09 09:14 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\EAC 2014-04-09 09:13 - 2014-04-09 09:14 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\AccurateRip 2014-04-09 09:13 - 2014-04-09 09:13 - 00001093 _____ () C:\Users\Public\Desktop\Exact Audio Copy.lnk 2014-04-09 09:13 - 2014-04-09 09:13 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy 2014-04-09 09:11 - 2014-04-09 09:11 - 04422611 _____ () C:\Users\Manfred\Downloads\eac-1.0beta3.exe 2014-04-09 09:05 - 2014-04-09 09:06 - 31524272 _____ (DVDVideoSoft Ltd. ) C:\Users\Manfred\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228.exe 2014-04-03 11:27 - 2014-04-23 18:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-04-03 11:26 - 2014-04-08 19:40 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-03 11:26 - 2014-04-08 19:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-03 11:26 - 2014-04-03 11:26 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-03 11:26 - 2014-04-03 11:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-03 11:26 - 2014-04-03 08:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-04-03 11:26 - 2014-04-03 08:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-04-03 11:26 - 2014-04-03 08:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-04-03 10:58 - 2014-04-03 10:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-03 10:58 - 2014-04-03 10:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-03 10:57 - 2014-04-03 10:57 - 13084896 _____ (Microsoft Corporation) C:\Users\Manfred\Downloads\Silverlight_x64.exe 2014-04-02 20:54 - 2014-04-02 20:54 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-04-02 11:28 - 2014-04-02 11:46 - 00013919 _____ () C:\Users\Manfred\Documents\nebenkostenabrechung.xlsx 2014-04-02 00:05 - 2014-04-02 00:05 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Apps\2.0 2014-04-01 22:43 - 2014-04-01 22:43 - 15912395 _____ () C:\Users\Manfred\Downloads\FreenetInstaller-1459.exe 2014-03-31 10:36 - 2014-02-22 13:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe 2014-03-31 10:36 - 2014-02-22 12:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\Manfred\AppData\Roaming\Brother 2014-03-29 22:39 - 2014-03-29 22:39 - 00082047 _____ () C:\Users\Manfred\Downloads\dasessen.swf 2014-03-29 20:34 - 2014-03-29 20:34 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-29 02:58 - 2014-03-29 02:58 - 00116616 _____ () C:\Users\Manfred\Downloads\wifite_r68.py 2014-03-29 02:57 - 2014-03-29 02:57 - 00033176 _____ () C:\Users\Manfred\Downloads\wifite-2.0r85.tar.gz 2014-03-28 00:23 - 2014-03-28 00:23 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Avira 2014-03-28 00:12 - 2014-03-28 00:14 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2014-03-28 00:12 - 2014-03-28 00:14 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2014-03-28 00:12 - 2014-03-28 00:14 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2014-03-28 00:12 - 2014-03-28 00:12 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-03-28 00:12 - 2014-03-28 00:12 - 00000000 ____D () C:\ProgramData\Avira 2014-03-28 00:12 - 2014-03-28 00:12 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-28 00:12 - 2013-09-30 11:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys 2014-03-28 00:05 - 2014-03-28 00:09 - 122946048 _____ () C:\Users\Manfred\Downloads\avira14_free_antivirus_de.exe 2014-03-28 00:04 - 2014-01-19 08:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ==================== One Month Modified Files and Folders ======= 2014-04-25 22:53 - 2014-03-01 13:02 - 00001126 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-25 22:53 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-25 22:30 - 2014-03-01 13:59 - 01404301 _____ () C:\Windows\WindowsUpdate.log 2014-04-25 22:30 - 2013-11-14 08:27 - 01780340 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-04-25 22:30 - 2013-11-14 08:11 - 00766620 _____ () C:\Windows\System32\perfh007.dat 2014-04-25 22:30 - 2013-11-14 08:11 - 00159902 _____ () C:\Windows\System32\perfc007.dat 2014-04-25 22:29 - 2014-04-25 22:29 - 02061824 _____ (Farbar) C:\Users\Manfred\Downloads\FRST64.exe 2014-04-25 22:24 - 2014-04-25 19:16 - 00000000 ____D () C:\Users\Manfred\Downloads\scan 2014-04-25 22:19 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\ELAM 2014-04-25 22:07 - 2014-03-01 13:02 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-25 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru 2014-04-25 19:25 - 2014-04-25 19:25 - 00380416 _____ () C:\Users\Manfred\Downloads\Gmer-19357.exe 2014-04-25 19:21 - 2014-04-25 19:21 - 00000000 ____D () C:\FRST 2014-04-25 19:19 - 2014-04-25 19:19 - 00000168 _____ () C:\Users\Manfred\defogger_reenable 2014-04-25 19:19 - 2014-03-01 14:06 - 00000000 ____D () C:\users\Manfred 2014-04-25 15:26 - 2014-03-04 11:21 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\XnView 2014-04-25 15:20 - 2014-03-04 11:20 - 00000000 ____D () C:\Users\Manfred\Desktop\bilder Treppe 2014-04-25 09:51 - 2014-04-25 07:13 - 00000000 ____D () C:\Users\Manfred\Desktop\Manfred 2014-04-25 09:51 - 2013-08-22 15:46 - 00302220 _____ () C:\Windows\setupact.log 2014-04-25 08:40 - 2014-04-16 10:06 - 00000053 _____ () C:\Windows\dach.INI 2014-04-24 22:09 - 2014-04-24 22:09 - 00001290 _____ () C:\Users\Manfred\Desktop\Prüfung Meister - Verknüpfung.lnk 2014-04-24 15:53 - 2014-04-24 15:53 - 00000000 ____D () C:\Program Files\FileOpen 2014-04-24 15:53 - 2014-04-24 15:53 - 00000000 ____D () C:\Program Files (x86)\FileOpen 2014-04-23 22:03 - 2014-02-25 18:38 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-985481003-2855859536-316065226-1002 2014-04-23 20:37 - 2014-02-25 19:33 - 00000000 ____D () C:\Program Files (x86)\cadwork.dir 2014-04-23 18:18 - 2014-04-03 11:27 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-04-23 17:32 - 2013-11-13 23:18 - 00056628 _____ () C:\Windows\PFRO.log 2014-04-23 14:16 - 2014-03-04 11:42 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Adobe 2014-04-23 14:15 - 2014-04-23 14:15 - 00002050 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-04-23 14:15 - 2014-03-04 11:42 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-23 14:05 - 2014-04-23 14:05 - 00003172 _____ () C:\Windows\System32\Tasks\{95F2D096-A407-4C8E-A49B-B9B5F98E6F64} 2014-04-22 13:03 - 2014-03-04 21:30 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Microsoft Help 2014-04-21 22:21 - 2014-02-25 19:33 - 00000000 ____D () C:\Users\Public\Documents\cadwork 2014-04-21 21:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-04-21 21:07 - 2014-04-21 19:38 - 00002277 _____ () C:\Users\Public\Desktop\Treppensoftware- Programme ND.lnk 2014-04-21 20:56 - 2014-04-21 20:56 - 00004224 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-21 20:56 - 2014-03-24 13:50 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-21 20:40 - 2014-04-21 20:39 - 02707456 _____ () C:\Users\Manfred\Downloads\FileOpenInstaller64(2).msi 2014-04-21 20:34 - 2014-04-21 20:34 - 02707456 _____ () C:\Users\Manfred\Downloads\FileOpenInstaller64(1).msi 2014-04-21 19:30 - 2013-12-01 06:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-21 19:07 - 2014-04-21 19:07 - 00001444 _____ () C:\Users\Manfred\Downloads\STG06278 2014-04-21 18:57 - 2014-04-21 18:57 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\dpnet.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\dpnathlp.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe 2014-04-21 18:57 - 2014-04-21 18:57 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2014-04-21 18:57 - 2014-04-21 18:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe 2014-04-21 18:57 - 2014-04-21 18:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\dpnhupnp.dll 2014-04-21 18:57 - 2014-04-21 18:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\dpnhpast.dll 2014-04-20 20:53 - 2014-02-26 15:06 - 00000000 ____D () C:\Megatech 2014-04-16 19:59 - 2014-04-16 19:54 - 98135552 _____ () C:\Users\Manfred\Downloads\Abb18_0.exe 2014-04-16 19:58 - 2014-04-16 19:55 - 32099072 _____ () C:\Users\Manfred\Downloads\ServicePack_Nussreiner-20.13.08.21.exe 2014-04-16 19:56 - 2014-04-16 19:55 - 12149248 _____ () C:\Users\Manfred\Downloads\SP_18_1_26_2_14.exe 2014-04-16 15:51 - 2014-04-16 15:31 - 00000156 _____ () C:\Users\Manfred\Desktop\160414_Manfred__PrjData.sbl 2014-04-16 15:51 - 2014-04-16 09:38 - 01237890 _____ () C:\Users\Manfred\Desktop\160414_Manfred_.PRT 2014-04-16 08:46 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\BBI 2014-04-16 08:41 - 2014-04-16 09:38 - 00000470 _____ () C:\Users\Manfred\Desktop\502329_14_NUSSA.MPF 2014-04-16 08:14 - 2014-04-16 07:54 - 01591409 _____ () C:\Users\Manfred\Desktop\Holzbau cad übung.3d 2014-04-16 07:55 - 2014-03-04 09:59 - 00000000 ____D () C:\Users\Manfred\Desktop\backups 2014-04-16 07:46 - 2014-04-16 07:41 - 00000000 ____D () C:\Users\Manfred\Desktop\502329_13_NUSSA_Manfred 2014-04-16 07:42 - 2014-04-16 07:42 - 00000000 ____D () C:\Users\Manfred\AppData\Local\pcvisit Software AG 2014-04-16 07:40 - 2014-04-16 07:40 - 00000333 _____ () C:\Users\Manfred\Downloads\502329_13_NUSSA_Manfred(1).zip 2014-04-14 19:13 - 2014-04-21 20:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 19:05 - 2014-04-21 20:56 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 19:05 - 2014-04-21 20:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 19:04 - 2014-04-21 20:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-14 12:33 - 2014-04-14 11:41 - 00000683 _____ () C:\Users\Manfred\Desktop\Neues Textdokument.txt 2014-04-10 07:45 - 2013-08-22 15:44 - 00413296 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-04-10 07:44 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData 2014-04-10 07:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore 2014-04-10 07:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-04-10 07:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices 2014-04-10 07:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform 2014-04-10 07:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices 2014-04-10 07:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform 2014-04-10 07:44 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2014-04-10 07:44 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-04-10 07:44 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\servicing 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\zh-HK 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\uk-UA 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\tr-TR 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\th-TH 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\SystemResetPlatform 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sr-Latn-RS 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sr-Latn-CS 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sl-SI 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sk-SK 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\setup 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\ro-RO 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\migwiz 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\lv-LV 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\lt-LT 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\hr-HR 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\he-IL 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\et-EE 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\en-GB 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\bg-BG 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\ar-SA 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager 2014-04-10 07:43 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera 2014-04-10 07:43 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\Sysprep 2014-04-10 07:43 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\oobe 2014-04-10 07:43 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\System32\Dism 2014-04-10 07:17 - 2014-03-01 13:59 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-04-10 07:17 - 2013-08-22 15:46 - 00000618 _____ () C:\Windows\setuperr.log 2014-04-09 23:59 - 2014-03-23 14:10 - 00000000 ____D () C:\Users\Manfred\Desktop\Laufrouten 2014-04-09 20:53 - 2014-02-25 19:13 - 00000000 ____D () C:\Users\Manfred\Desktop\Tor Browser 2014-04-09 20:50 - 2014-04-09 20:47 - 22913908 _____ () C:\Users\Manfred\Downloads\torbrowser-install-3.5.4_en-US.exe 2014-04-09 14:10 - 2014-03-01 09:21 - 00000000 ____D () C:\Windows\System32\MRT 2014-04-09 14:09 - 2014-04-09 14:09 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf 2014-04-09 14:09 - 2014-03-01 09:21 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-04-09 12:32 - 2014-04-09 12:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 12:32 - 2014-04-09 12:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2014-04-09 12:06 - 2014-04-09 12:06 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-04-09 12:01 - 2014-04-09 12:01 - 00001972 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-04-09 12:01 - 2014-04-09 12:01 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Canneverbe Limited 2014-04-09 12:01 - 2014-04-09 12:01 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-04-09 12:00 - 2014-04-09 12:00 - 05290664 _____ (Canneverbe Limited ) C:\Users\Manfred\Downloads\cdbxp_setup_4.5.3.4643.exe 2014-04-09 09:45 - 2014-03-01 11:31 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\vlc 2014-04-09 09:30 - 2014-04-09 09:30 - 00000000 ____D () C:\SAVE EXACT 2014-04-09 09:14 - 2014-04-09 09:13 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\EAC 2014-04-09 09:14 - 2014-04-09 09:13 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\AccurateRip 2014-04-09 09:13 - 2014-04-09 09:13 - 00001093 _____ () C:\Users\Public\Desktop\Exact Audio Copy.lnk 2014-04-09 09:13 - 2014-04-09 09:13 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy 2014-04-09 09:11 - 2014-04-09 09:11 - 04422611 _____ () C:\Users\Manfred\Downloads\eac-1.0beta3.exe 2014-04-09 09:06 - 2014-04-09 09:05 - 31524272 _____ (DVDVideoSoft Ltd. ) C:\Users\Manfred\Downloads\FreeAudioCDToMP3Converter_1.3.12.1228.exe 2014-04-09 08:50 - 2014-02-26 14:59 - 00000432 _____ () C:\Windows\BRWMARK.INI 2014-04-08 19:40 - 2014-04-03 11:26 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-08 19:40 - 2014-04-03 11:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-07 23:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System 2014-04-07 23:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Resources 2014-04-03 21:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-04-03 11:26 - 2014-04-03 11:26 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Manfred\Downloads\mbam-setup-2.0.0.1000.exe 2014-04-03 11:26 - 2014-04-03 11:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-03 10:58 - 2014-04-03 10:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-03 10:58 - 2014-04-03 10:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-03 10:57 - 2014-04-03 10:57 - 13084896 _____ (Microsoft Corporation) C:\Users\Manfred\Downloads\Silverlight_x64.exe 2014-04-03 09:29 - 2014-02-26 07:54 - 00007620 _____ () C:\Users\Manfred\AppData\Local\Resmon.ResmonCfg 2014-04-03 08:51 - 2014-04-03 11:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-04-03 08:51 - 2014-04-03 11:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys 2014-04-03 08:50 - 2014-04-03 11:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2014-04-02 20:54 - 2014-04-02 20:54 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-04-02 11:46 - 2014-04-02 11:28 - 00013919 _____ () C:\Users\Manfred\Documents\nebenkostenabrechung.xlsx 2014-04-02 00:05 - 2014-04-02 00:05 - 00000000 ____D () C:\Users\Manfred\AppData\Local\Apps\2.0 2014-04-01 23:53 - 2014-02-25 18:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-01 22:43 - 2014-04-01 22:43 - 15912395 _____ () C:\Users\Manfred\Downloads\FreenetInstaller-1459.exe 2014-03-31 22:23 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-31 22:23 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-31 02:16 - 2014-04-09 12:33 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2014-03-31 00:57 - 2014-04-09 12:33 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-30 17:06 - 2014-03-30 17:06 - 00000000 ___RD () C:\Users\Manfred\AppData\Roaming\Brother 2014-03-29 22:39 - 2014-03-29 22:39 - 00082047 _____ () C:\Users\Manfred\Downloads\dasessen.swf 2014-03-29 20:34 - 2014-03-29 20:34 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-29 02:58 - 2014-03-29 02:58 - 00116616 _____ () C:\Users\Manfred\Downloads\wifite_r68.py 2014-03-29 02:57 - 2014-03-29 02:57 - 00033176 _____ () C:\Users\Manfred\Downloads\wifite-2.0r85.tar.gz 2014-03-29 02:00 - 2014-03-15 01:53 - 00000000 ____D () C:\Users\Manfred\dwhelper 2014-03-28 00:23 - 2014-03-28 00:23 - 00000000 ____D () C:\Users\Manfred\AppData\Roaming\Avira 2014-03-28 00:17 - 2014-02-25 18:52 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-28 00:14 - 2014-03-28 00:12 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys 2014-03-28 00:14 - 2014-03-28 00:12 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys 2014-03-28 00:14 - 2014-03-28 00:12 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys 2014-03-28 00:12 - 2014-03-28 00:12 - 00002093 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk 2014-03-28 00:12 - 2014-03-28 00:12 - 00000000 ____D () C:\ProgramData\Avira 2014-03-28 00:12 - 2014-03-28 00:12 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-28 00:09 - 2014-03-28 00:05 - 122946048 _____ () C:\Users\Manfred\Downloads\avira14_free_antivirus_de.exe 2014-03-28 00:03 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP Some content of TEMP: ==================== C:\Users\Manfred\AppData\Local\Temp\avgnt.exe C:\Users\Manfred\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Manfred\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Manfred\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe C:\Users\Manfred\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Manfred\AppData\Local\Temp\mirc732.exe C:\Users\Manfred\AppData\Local\Temp\uninstall.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-04-24 09:30:06 Restore point made on: 2014-04-24 09:31:31 Restore point made on: 2014-04-24 18:39:45 Restore point made on: 2014-04-24 18:39:49 Restore point made on: 2014-04-24 18:45:47 Restore point made on: 2014-04-24 18:45:56 Restore point made on: 2014-04-24 18:46:04 Restore point made on: 2014-04-24 18:48:59 Restore point made on: 2014-04-24 19:11:27 Restore point made on: 2014-04-24 19:11:37 Restore point made on: 2014-04-24 19:15:05 Restore point made on: 2014-04-24 19:15:13 Restore point made on: 2014-04-24 19:15:22 Restore point made on: 2014-04-24 19:15:31 Restore point made on: 2014-04-24 19:15:39 Restore point made on: 2014-04-24 19:15:48 Restore point made on: 2014-04-24 19:16:15 Restore point made on: 2014-04-24 19:16:24 Restore point made on: 2014-04-24 19:16:33 Restore point made on: 2014-04-24 19:16:38 Restore point made on: 2014-04-24 19:16:47 Restore point made on: 2014-04-24 19:16:55 Restore point made on: 2014-04-24 19:17:04 Restore point made on: 2014-04-24 19:17:10 Restore point made on: 2014-04-24 19:17:16 Restore point made on: 2014-04-24 19:17:23 Restore point made on: 2014-04-24 19:17:30 Restore point made on: 2014-04-24 19:17:36 Restore point made on: 2014-04-24 19:17:42 Restore point made on: 2014-04-24 19:17:49 Restore point made on: 2014-04-24 19:17:56 Restore point made on: 2014-04-24 19:18:03 Restore point made on: 2014-04-24 19:18:09 Restore point made on: 2014-04-24 19:18:16 Restore point made on: 2014-04-24 19:18:25 Restore point made on: 2014-04-24 19:18:32 Restore point made on: 2014-04-24 19:18:39 Restore point made on: 2014-04-24 19:18:45 Restore point made on: 2014-04-24 19:18:52 Restore point made on: 2014-04-24 19:18:59 Restore point made on: 2014-04-24 19:19:05 Restore point made on: 2014-04-24 19:19:12 Restore point made on: 2014-04-24 19:19:19 Restore point made on: 2014-04-24 19:19:26 Restore point made on: 2014-04-24 19:19:32 Restore point made on: 2014-04-24 19:19:38 Restore point made on: 2014-04-24 19:19:45 Restore point made on: 2014-04-24 19:19:52 Restore point made on: 2014-04-24 19:19:58 Restore point made on: 2014-04-24 19:20:04 Restore point made on: 2014-04-24 19:20:11 Restore point made on: 2014-04-24 19:20:17 Restore point made on: 2014-04-24 19:20:24 Restore point made on: 2014-04-24 19:20:31 Restore point made on: 2014-04-24 19:20:37 Restore point made on: 2014-04-24 19:20:44 Restore point made on: 2014-04-24 19:20:51 Restore point made on: 2014-04-24 19:20:58 Restore point made on: 2014-04-24 19:21:05 Restore point made on: 2014-04-24 19:21:11 Restore point made on: 2014-04-24 19:21:18 Restore point made on: 2014-04-24 19:21:25 Restore point made on: 2014-04-24 19:21:32 Restore point made on: 2014-04-24 19:21:38 Restore point made on: 2014-04-24 19:21:45 Restore point made on: 2014-04-24 19:21:51 Restore point made on: 2014-04-24 19:21:58 Restore point made on: 2014-04-24 19:22:05 Restore point made on: 2014-04-24 19:22:12 Restore point made on: 2014-04-24 19:22:50 Restore point made on: 2014-04-24 19:22:57 Restore point made on: 2014-04-24 19:23:04 Restore point made on: 2014-04-24 19:24:06 Restore point made on: 2014-04-24 19:24:13 Restore point made on: 2014-04-24 19:24:19 Restore point made on: 2014-04-24 19:24:26 Restore point made on: 2014-04-24 19:24:33 Restore point made on: 2014-04-24 19:25:38 Restore point made on: 2014-04-24 19:33:41 Restore point made on: 2014-04-24 19:33:49 Restore point made on: 2014-04-24 19:33:56 Restore point made on: 2014-04-24 19:49:21 Restore point made on: 2014-04-24 19:49:30 Restore point made on: 2014-04-24 19:49:39 Restore point made on: 2014-04-24 19:49:48 Restore point made on: 2014-04-24 19:50:03 Restore point made on: 2014-04-24 19:50:13 Restore point made on: 2014-04-24 19:53:11 Restore point made on: 2014-04-24 19:53:19 Restore point made on: 2014-04-24 19:53:26 Restore point made on: 2014-04-24 19:53:34 Restore point made on: 2014-04-24 19:53:42 Restore point made on: 2014-04-24 19:53:51 Restore point made on: 2014-04-24 19:53:58 Restore point made on: 2014-04-24 19:56:17 ==================== BCD ================================ Start-Manager fr Firmware -------------------------- Bezeichner {fwbootmgr} displayorder {bootmgr} {9818a860-5a8c-11e3-be39-806e6f6e6963} {fb4457bc-9e7b-11e3-be76-806e6f6e6963} {9818a85e-5a8c-11e3-be39-806e6f6e6963} {9818a85f-5a8c-11e3-be39-806e6f6e6963} timeout 0 Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale de-DE inherit {globalsettings} default {default} resumeobject {256dfc4e-5a8d-11e3-be39-8834f43a59e2} displayorder {default} toolsdisplayorder {memdiag} timeout 0 Firmwareanwendung (101fffff) ---------------------------- Bezeichner {9818a85e-5a8c-11e3-be39-806e6f6e6963} description EFI USB Device Firmwareanwendung (101fffff) ---------------------------- Bezeichner {9818a85f-5a8c-11e3-be39-806e6f6e6963} description EFI DVD/CDROM Firmwareanwendung (101fffff) ---------------------------- Bezeichner {9818a860-5a8c-11e3-be39-806e6f6e6963} description EFI Network Firmwareanwendung (101fffff) ---------------------------- Bezeichner {9818a862-5a8c-11e3-be39-806e6f6e6963} description EFI Network 0 for IPv6 (28-D2-44-3D-9C-D5) Firmwareanwendung (101fffff) ---------------------------- Bezeichner {fb4457bc-9e7b-11e3-be76-806e6f6e6963} device partition=\Device\HarddiskVolume4 path \EFI\Microsoft\Boot\LrsBootMgr.efi description Lenovo Recovery System Firmwareanwendung (101fffff) ---------------------------- Bezeichner {fb4457bd-9e7b-11e3-be76-806e6f6e6963} description EFI Network 0 for IPv4 (28-D2-44-3D-9C-D5) Windows-Startladeprogramm ------------------------- Bezeichner {256dfc4b-5a8d-11e3-be39-8834f43a59e2} device ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{256dfc4c-5a8d-11e3-be39-8834f43a59e2} path \windows\system32\winload.efi description Windows Recovery Environment locale de-de inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{256dfc4c-5a8d-11e3-be39-8834f43a59e2} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {default} device partition=C: path \WINDOWS\system32\winload.efi description Windows 8.1 locale de-DE inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {256dfc4e-5a8d-11e3-be39-8834f43a59e2} nx OptIn bootmenupolicy Legacy Windows-Startladeprogramm ------------------------- Bezeichner {current} device ramdisk=[G:]\Recovery\WindowsRE\Winre.wim,{256dfc51-5a8d-11e3-be39-8834f43a59e2} path \windows\system32\winload.efi description Windows Recovery Environment locale de-DE inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[G:]\Recovery\WindowsRE\Winre.wim,{256dfc51-5a8d-11e3-be39-8834f43a59e2} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {256dfc49-5a8d-11e3-be39-8834f43a59e2} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale de-DE inherit {resumeloadersettings} recoverysequence {256dfc4b-5a8d-11e3-be39-8834f43a59e2} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {256dfc4e-5a8d-11e3-be39-8834f43a59e2} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale de-DE inherit {resumeloadersettings} recoverysequence {current} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume3 path \EFI\Microsoft\Boot\memtest.efi description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems No Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {256dfc4c-5a8d-11e3-be39-8834f43a59e2} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume2 ramdisksdipath \Recovery\WindowsRE\boot.sdi Ger„teoptionen -------------- Bezeichner {256dfc4d-5a8d-11e3-be39-8834f43a59e2} description Windows Setup ramdisksdidevice partition=C: ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi Ger„teoptionen -------------- Bezeichner {256dfc51-5a8d-11e3-be39-8834f43a59e2} description Windows Recovery ramdisksdidevice partition=G: ramdisksdipath \Recovery\WindowsRE\boot.sdi Optionen zum RAM-Datentr„gersetup --------------------------------- Bezeichner {ramdiskoptions} description Ramdisk options ramdisksdidevice boot ramdisksdipath \boot\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8104.27 MB Available physical RAM: 7151.95 MB Total Pagefile: 8104.27 MB Available Pagefile: 7160.09 MB Total Virtual: 131072 MB Available Virtual: 131071.89 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:890.97 GB) (Free:637.98 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.4 GB) NTFS Drive e: (R2D2) (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32 Drive g: () (Fixed) (Total:0.34 GB) (Free:0 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 6877AA51) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=4 GB) - (Type=0B) LastRegBack: 2014-04-22 08:25 ==================== End Of Log ============================ |
26.04.2014, 16:01 | #4 |
/// the machine /// TB-Ausbilder | Windows 8.1 Lenovo Laptop und sein Eigenleben Selbst von aussen is keine Malware zu sehen. Ich würde as erstes mal ein Refresh machen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8.1 Lenovo Laptop und sein Eigenleben |
4d36e972-e325-11ce-bfc1-08002be10318, antivir, antivirus, avira, bluescreen, browser, converter, cpu, defender, dvdvideosoft ltd., eigenleben, excel, firefox, flash player, helper, home, installation, laptop, lenovo, maus, mozilla, problem, realtek, registry, rundll, services.exe, svchost.exe, systemadministrator, tastatur, tracker, usb, windows, windows 8.1, zugeklappt |