Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Vermute Hackerangriff nach Neuinstallation

Vermute Hackerangriff nach Neuinstallation


Plagegeister aller Art und deren Bekämpfung: Vermute Hackerangriff nach Neuinstallation

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.12.2014, 22:41   #1
Jenser0609
 
Vermute Hackerangriff nach Neuinstallation - Standard

Vermute Hackerangriff nach Neuinstallation


Hallo euch allen, ich benötige wirklich mal eure Hilfe. Ich habe vor zwei Tagen komische Dinge auf meinen PC wahr genommen. System sehr träge, ständig neue Prozesse im Taskmanager. Also was hab ich gemacht, Windows Neuinstalliert, habe 4 Festplatten im System alle über Windows 7 CD gelöscht und Partionen neu angelegt, außer eine. Meine 4 HDD da darauf die Sicherung liegt (kein Image nur Private Sicherungen wie spiele ect.) Rechner war gerade wieder neu, das selbe Spiel von Vorn, ich hatte ihn gerade fertig eingerichtet mit Windows+Treiber also jemand mir Dateien erstellte, einmal mitten auf den Desktop ein Ordner mit Smyli dahinter, hier wurde ich stutzig und hab die Fritzbox so eingestellt das nur noch meine IP zugang bekommt. Da ich heute wieder sehr komisches Verhalten hatte wieder Neu Installiert und soforrt danach.

Sehe ich das (seht euch das Bild an Bitte im Anhang)
Da ich die letzte Tage viel hier bei euch gelesen habe, habe ich tdsskiller (von euch hier geladen) laufen lassen, welcher aber auch nichts findet. Ich habe von der Protokolldatei ein Abbild erstellt, auch das ist im Anhang. Ich hoffe jemand von euch kann mir Helfen, denn ich weiß nicht mehr weiter.

Grüße Jens
Angehängte Grafiken
Dateityp: jpg Lokaler Zugriff.jpg (103,9 KB, 160x aufgerufen)

Alt 06.12.2014, 00:11   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Vermute Hackerangriff nach Neuinstallation - Standard

Vermute Hackerangriff nach Neuinstallation


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 06.12.2014, 03:01   #3
Jenser0609
 
Vermute Hackerangriff nach Neuinstallation - Standard

Vermute Hackerangriff nach Neuinstallation


Hallo Schrauber danke zum einen für deine schnelle Antwort. Installiert ist Win7x64 hier die logs der 64 Bit version


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Administrator (administrator) on 041214-PC on 06-12-2014 02:57:59
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator &  (Available profiles: 04.12.14 & Administrator)
Platform: Windows 7 Ultimate (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2542950344-3679411221-3383825861-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae0d3fd3-7c96-11e4-951b-806e6f6e6963} - H:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2542950344-3679411221-3383825861-500\...\MountPoints2: {ae0d3fd3-7c96-11e4-951b-806e6f6e6963} - H:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2542950344-3679411221-3383825861-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ae0d3fd3-7c96-11e4-951b-806e6f6e6963} - H:\.\Bin\ASSETUP.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2542950344-3679411221-3383825861-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2542950344-3679411221-3383825861-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xABDD4B96C610D001
HKU\S-1-5-21-2542950344-3679411221-3383825861-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKU\S-1-5-21-2542950344-3679411221-3383825861-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-2542950344-3679411221-3383825861-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xABDD4B96C610D001
HKU\S-1-5-21-2542950344-3679411221-3383825861-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=MA1FA82D8-3A44-4E0D-AA08-286556685147&SearchSource=55&CUI=&UM=6&UP=SPE3989A98-46DA-47D8-8C91-9DFE80FDF5CA&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=M236ACF6D-166F-4DF3-B61D-71E9337CD40D&SearchSource=55&CUI=&UM=6&UP=SPE3989A98-46DA-47D8-8C91-9DFE80FDF5CA&SSPV=", "hxxp://istart.webssearches.com/?type=hp&ts=1397239034&from=tugs&uid=ST3500820AS_9QM3L76BXXXX9QM3L76B", "hxxp://www.trovi.com/?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=M3B484947-F35F-4E3C-82B1-6F8C1723BCB2&SearchSource=55&CUI=&UM=6&UP=SPFF9A0B62-9264-446B-9712-556E9DBF1F23&SSPV=", "hxxp://www.trovi.com/?gd=&ctid=CT3320845&octid=EB_ORIGINAL_CTID&ISID=M236ACF6D-166F-4DF3-B61D-71E9337CD40D&SearchSource=55&CUI=&UM=6&UP=SP13C6285C-4C33-4C86-AAB5-100C8C07E66B&SSPV=", "hxxp://groovorio.com/?f=7&a=grv_tight10_14_40&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CyDtBtAtB0AyDyCtBtB0AtN0D0Tzu0StCtDyCyCtN1L2XzutAtFyCtFzztFtDtN1L1Czu2Z1L1N1M2Z1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyDtC0C0BtDtCyC0EtGzy0AyCtDtGyEtDtC0CtGzz0ByC0CtGtCyEtByC0CyDzzyDyByDzz0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyBtBtB0AtCtDtDtG0FtA0E0DtGyE0E0E0BtGzy0A0DtAtGyD0DyD0D0AtCyD0BzyyDtCyB2Q&cr=803399962&ir=", "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-06]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-05]
CHR Extension: (Google-Suche) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-05]
CHR Extension: (Lamborghini Century64) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikjgpmondliabjaipmamheijmdhhljo [2014-12-05]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-05]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-05]
CHR Extension: (Google Mail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2014-09-15] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2014-09-15] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [700680 2014-09-15] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 02:55 - 2014-12-06 02:57 - 00010682 _____ () C:\Users\Administrator\Desktop\Addition.txt
2014-12-06 02:55 - 2014-12-06 02:56 - 00010682 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-12-06 02:54 - 2014-12-06 02:58 - 00000000 ____D () C:\FRST
2014-12-06 02:54 - 2014-12-06 02:57 - 00011002 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-12-06 02:53 - 2014-12-06 02:53 - 02117632 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2014-12-06 02:44 - 2014-12-06 02:52 - 170547088 _____ (LSoft Technologies Inc ) C:\Users\Administrator\Downloads\BootDiskDemo-Setup.exe
2014-12-06 02:42 - 2014-12-06 02:42 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner
2014-12-06 02:28 - 2014-12-06 02:28 - 00001826 _____ () C:\Users\Administrator\Desktop\Neues Textdokument (2).txt
2014-12-06 01:38 - 2014-12-06 01:38 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-12-06 01:19 - 2014-12-06 01:19 - 15281584 _____ (Elex do Brasil Participações Ltda) C:\Users\Administrator\Downloads\yet_another_cleaner_nee.exe
2014-12-06 00:48 - 2014-12-06 00:48 - 11425992 _____ (Bitdefender LLC) C:\Users\Administrator\Downloads\BootkitRemoval_x64.exe
2014-12-06 00:47 - 2014-12-06 00:47 - 15258612 _____ () C:\Users\Administrator\Downloads\Rootkit_Remover_3022.zip
2014-12-06 00:47 - 2014-12-06 00:47 - 00000000 ____D () C:\Users\Administrator\Downloads\Rootkit_Remover_3022
2014-12-06 00:27 - 2014-12-06 00:27 - 00178612 _____ () C:\Users\Administrator\Downloads\FixWin.zip
2014-12-06 00:27 - 2014-12-06 00:27 - 00000000 ____D () C:\Users\Administrator\Downloads\FixWin
2014-12-05 23:48 - 2014-12-05 23:48 - 00002498 _____ () C:\Users\Administrator\Desktop\Paragon Hard Disk Manager™ 15 Suite.lnk
2014-12-05 23:48 - 2014-12-05 23:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_blockmounter_01_09_00.Wdf
2014-12-05 23:48 - 2014-12-05 23:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 15 Suite
2014-12-05 23:48 - 2014-12-05 23:48 - 00000000 ____D () C:\ProgramData\launcher
2014-12-05 23:48 - 2014-12-05 23:48 - 00000000 ____D () C:\ProgramData\explauncher
2014-12-05 23:47 - 2014-12-05 23:47 - 00000000 ____D () C:\Program Files\Paragon Software
2014-12-05 23:46 - 2014-12-05 23:46 - 00000000 ____D () C:\Users\Administrator\Downloads\Disk.Manager.15.10.1.25.294
2014-12-05 23:45 - 2014-12-05 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-05 23:45 - 2014-12-05 23:45 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-05 23:44 - 2014-12-05 23:44 - 01376768 _____ () C:\Users\Administrator\Downloads\7z920-x64.msi
2014-12-05 23:16 - 2014-12-05 23:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\KSafe
2014-12-05 23:16 - 2014-12-05 23:16 - 00000000 ____D () C:\ProgramData\KSafe
2014-12-05 23:16 - 2014-12-05 23:16 - 00000000 ____D () C:\Program Files (x86)\DllTool
2014-12-05 23:15 - 2014-12-05 23:15 - 00001054 _____ () C:\Users\Administrator\Desktop\malwarebytes.txt
2014-12-05 23:14 - 2014-12-05 23:14 - 08473440 _____ ( ) C:\Users\Administrator\Downloads\DllTool.exe
2014-12-05 22:59 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-05 22:59 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-05 22:59 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-05 22:59 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-05 22:59 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-12-05 22:59 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-05 22:59 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-05 22:58 - 2014-12-06 02:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 22:58 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-05 22:58 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-05 22:57 - 2014-12-05 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-05 22:57 - 2014-12-05 22:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-05 22:57 - 2014-12-05 22:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-05 22:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 22:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 22:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 22:48 - 2014-12-05 22:48 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-05 22:39 - 2014-12-05 22:39 - 00094735 _____ () C:\Users\Administrator\Desktop\Neues Textdokument.txt
2014-12-05 22:33 - 2014-12-05 22:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2014-12-05 22:06 - 2014-12-05 22:06 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2014-12-05 21:10 - 2014-12-05 23:17 - 387782493 _____ () C:\Users\Administrator\Downloads\Disk.Manager.15.10.1.25.294.rar
2014-12-05 20:40 - 2014-12-05 20:40 - 00196248 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\diskpart_setup (1).exe
2014-12-05 20:34 - 2014-12-05 20:34 - 00196248 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\diskpart_setup.exe
2014-12-05 20:34 - 2014-12-05 20:34 - 00000000 ____D () C:\Program Files (x86)\Resource Kit
2014-12-05 19:37 - 2014-12-05 19:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-12-05 19:35 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-05 19:00 - 2014-12-06 00:01 - 00000684 _____ () C:\Windows\PFRO.log
2014-12-05 18:56 - 2014-12-06 02:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 18:56 - 2014-12-06 01:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 18:56 - 2014-12-05 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-05 18:56 - 2014-12-05 20:06 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-05 18:56 - 2014-12-05 20:06 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-05 18:55 - 2014-12-05 18:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-12-05 18:55 - 2014-12-05 18:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-05 18:21 - 2014-12-05 19:37 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-12-05 18:21 - 2014-12-05 18:22 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-12-05 18:21 - 2014-12-05 18:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-12-05 18:21 - 2014-12-05 18:21 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-05 18:21 - 2014-12-05 18:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-05 17:51 - 2014-12-05 17:51 - 00057560 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 17:51 - 2014-12-05 17:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2014-12-05 17:50 - 2014-12-05 17:50 - 00019418 _____ () C:\Windows\system32\results.xml
2014-12-05 17:48 - 2014-12-05 17:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-12-05 17:47 - 2014-12-05 17:48 - 00000086 _____ () C:\Windows\imsm.log
2014-12-05 17:47 - 2014-12-05 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
2014-12-05 17:47 - 2014-12-05 17:47 - 00000000 ____D () C:\Program Files (x86)\ASM106xSATA
2014-12-05 17:47 - 2012-02-01 16:16 - 00568600 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2014-12-05 17:46 - 2014-12-05 17:47 - 00012812 _____ () C:\Windows\DPINST.LOG
2014-12-05 17:46 - 2014-12-05 17:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-12-05 17:46 - 2014-12-05 17:46 - 00000000 ____D () C:\Temp
2014-12-05 17:46 - 2014-12-05 17:46 - 00000000 ____D () C:\ProgramData\Intel
2014-12-05 17:46 - 2014-12-05 17:46 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2014-12-05 17:46 - 2012-06-25 10:42 - 00015168 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2014-12-05 17:46 - 2012-05-20 17:25 - 00789824 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2014-12-05 17:46 - 2012-05-20 17:25 - 00357184 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2014-12-05 17:46 - 2012-05-20 17:25 - 00019264 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2014-12-05 17:45 - 2014-12-05 17:46 - 00000086 _____ () C:\Windows\MEI.log
2014-12-05 17:45 - 2014-12-05 17:46 - 00000000 ____D () C:\Program Files\Intel
2014-12-05 17:45 - 2014-12-05 17:45 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\InstallShield
2014-12-05 17:45 - 2012-07-25 16:54 - 00538496 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2014-12-05 17:45 - 2012-07-02 15:16 - 00062784 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2014-12-05 17:45 - 2006-01-12 23:52 - 00001904 ____N () C:\Windows\system32\SetupBD.din
2014-12-05 17:44 - 2012-08-10 23:44 - 00482128 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1c62x64.sys
2014-12-05 17:44 - 2012-08-09 21:56 - 00101224 _____ (Intel Corporation) C:\Windows\system32\NicInstC.dll
2014-12-05 17:44 - 2012-08-09 17:54 - 00073032 _____ (Intel Corporation) C:\Windows\system32\e1cmsg.dll
2014-12-05 17:44 - 2012-01-06 22:02 - 00003114 _____ () C:\Windows\system32\e1c62x64.din
2014-12-05 17:44 - 2009-05-26 18:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2014-12-05 17:43 - 2014-12-05 17:43 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-12-05 17:43 - 2012-03-30 08:43 - 05888792 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2014-12-05 17:43 - 2012-03-30 08:43 - 00509720 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-12-05 17:43 - 2012-03-30 08:43 - 00439064 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-12-05 17:43 - 2012-03-30 08:43 - 00398616 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-12-05 17:43 - 2012-03-30 08:43 - 00276248 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-12-05 17:43 - 2012-03-30 08:43 - 00250136 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-12-05 17:43 - 2012-03-30 08:43 - 00184600 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-12-05 17:43 - 2012-03-30 08:43 - 00170264 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-12-05 17:43 - 2012-03-26 12:42 - 00018656 _____ () C:\Windows\system32\iglhxs64.vp
2014-12-05 17:43 - 2012-03-26 12:25 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2712.dll
2014-12-05 17:43 - 2012-03-26 12:19 - 00755188 _____ () C:\Windows\SysWOW64\igkrng700.bin
2014-12-05 17:43 - 2012-03-26 12:19 - 00755188 _____ () C:\Windows\system32\igkrng700.bin
2014-12-05 17:43 - 2012-03-26 12:19 - 00561508 _____ () C:\Windows\SysWOW64\igfcg700m.bin
2014-12-05 17:43 - 2012-03-26 12:19 - 00561508 _____ () C:\Windows\system32\igfcg700m.bin
2014-12-05 17:43 - 2012-03-26 12:09 - 14748416 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-12-05 17:43 - 2012-03-26 12:09 - 08087040 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2014-12-05 17:43 - 2012-03-26 12:08 - 00079360 _____ () C:\Windows\system32\igdde64.dll
2014-12-05 17:43 - 2012-03-26 12:05 - 06121472 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2014-12-05 17:43 - 2012-03-26 12:03 - 00058880 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-12-05 17:43 - 2012-03-26 11:58 - 09605632 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2014-12-05 17:43 - 2012-03-26 11:47 - 07795200 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2014-12-05 17:43 - 2012-03-26 11:38 - 03749888 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2014-12-05 17:43 - 2012-03-26 11:37 - 00591872 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2014-12-05 17:43 - 2012-03-26 11:37 - 00236544 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2014-12-05 17:43 - 2012-03-26 11:36 - 02866688 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2014-12-05 17:43 - 2012-03-26 11:36 - 00518144 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2014-12-05 17:43 - 2012-03-26 11:35 - 00188416 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-12-05 17:43 - 2012-03-26 11:31 - 28992000 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2014-12-05 17:43 - 2012-03-26 11:19 - 23460864 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2014-12-05 17:43 - 2012-03-26 11:08 - 17226240 _____ () C:\Windows\system32\ig7icd64.dll
2014-12-05 17:43 - 2012-03-26 10:53 - 13024768 _____ () C:\Windows\SysWOW64\ig7icd32.dll
2014-12-05 17:43 - 2012-03-26 10:40 - 00440320 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00439296 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438784 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00438272 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00435712 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00432128 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00430592 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00429056 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00428544 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-12-05 17:43 - 2012-03-26 10:40 - 00221877 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00208522 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00192378 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00164821 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00162150 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00157713 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00148461 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00147116 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00146125 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00146008 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00144790 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00144267 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00143564 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00143112 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00142797 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00142606 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00142079 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00141854 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00141421 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00141282 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00140949 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00140548 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00139901 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00136850 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00136778 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00136261 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00131674 _____ () C:\Windows\system32\Gfxres.en-US.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-12-05 17:43 - 2012-03-26 10:40 - 00125306 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2014-12-05 17:43 - 2012-03-26 10:40 - 00123778 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2014-12-05 17:43 - 2012-03-26 10:39 - 00410624 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-12-05 17:43 - 2012-03-26 10:39 - 00386560 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-12-05 17:43 - 2012-03-26 10:39 - 00063488 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2014-12-05 17:43 - 2012-03-26 10:39 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-12-05 17:43 - 2012-03-26 10:38 - 00434688 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-12-05 17:43 - 2012-03-26 10:38 - 00172032 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2014-12-05 17:43 - 2012-03-26 10:38 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2014-12-05 17:43 - 2012-03-26 10:38 - 00009216 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2014-12-05 17:43 - 2012-03-26 10:37 - 09007616 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2014-12-05 17:43 - 2012-03-26 10:37 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-12-05 17:43 - 2012-03-26 10:37 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-12-05 17:43 - 2012-03-26 10:36 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-12-05 17:43 - 2012-03-26 10:35 - 00325120 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 02967040 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 02321408 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 01981696 _____ () C:\Windows\system32\iglhxa64.cpa
2014-12-05 17:43 - 2012-03-26 10:33 - 00524800 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 00519680 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 00237056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 00213504 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 00193024 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 00177152 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 00059425 _____ () C:\Windows\system32\iglhxo64.vp
2014-12-05 17:43 - 2012-03-26 10:33 - 00059398 _____ () C:\Windows\system32\iglhxg64.vp
2014-12-05 17:43 - 2012-03-26 10:33 - 00059230 _____ () C:\Windows\system32\iglhxc64.vp
2014-12-05 17:43 - 2012-03-26 10:33 - 00059104 _____ () C:\Windows\system32\iglhxc64_dev.vp
2014-12-05 17:43 - 2012-03-26 10:33 - 00058796 _____ () C:\Windows\system32\iglhxg64_dev.vp
2014-12-05 17:43 - 2012-03-26 10:33 - 00058109 _____ () C:\Windows\system32\iglhxo64_dev.vp
2014-12-05 17:43 - 2012-03-26 10:33 - 00052736 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-12-05 17:43 - 2012-03-26 10:33 - 00051200 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-12-05 17:43 - 2011-12-05 21:23 - 00331264 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2014-12-05 17:43 - 2011-12-05 21:22 - 00014848 _____ (Intel(R) Corporation) C:\Windows\system32\IntcDAuC.dll
2014-12-05 17:42 - 2010-02-12 21:19 - 03954064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-12-05 17:42 - 2010-02-12 21:19 - 03899784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-12-05 17:42 - 2010-02-12 10:55 - 05485456 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-05 17:41 - 2014-12-05 17:41 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-12-05 17:41 - 2014-12-05 17:41 - 00000000 ____D () C:\Program Files\Realtek
2014-12-05 17:40 - 2014-12-05 17:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-05 17:40 - 2014-12-05 17:41 - 00002217 _____ () C:\RHDSetup.log
2014-12-05 17:40 - 2014-12-05 17:41 - 00000206 _____ () C:\Windows\audio.log
2014-12-05 17:40 - 2014-12-05 17:41 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-12-05 17:40 - 2014-12-05 17:40 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-12-05 17:40 - 2012-08-07 11:51 - 04102928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-12-05 17:40 - 2012-08-07 08:11 - 00329737 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-12-05 17:40 - 2012-08-06 08:44 - 01561744 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-12-05 17:40 - 2012-08-06 04:49 - 02743440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-12-05 17:40 - 2012-08-03 11:18 - 01706640 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-12-05 17:40 - 2012-08-03 05:13 - 05911552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-12-05 17:40 - 2012-08-01 11:29 - 00109200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-12-05 17:40 - 2012-07-24 10:30 - 00606336 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-12-05 17:40 - 2012-07-23 09:44 - 01433976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-12-05 17:40 - 2012-07-20 07:41 - 00880784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-12-05 17:40 - 2012-07-19 09:52 - 07598456 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-12-05 17:40 - 2012-07-19 09:52 - 02028920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-12-05 17:40 - 2012-07-19 09:51 - 02080120 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-12-05 17:40 - 2012-07-19 09:51 - 00834936 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-12-05 17:40 - 2012-07-16 07:16 - 03643024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-12-05 17:40 - 2012-07-15 14:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-12-05 17:40 - 2012-07-15 14:13 - 00394616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-12-05 17:40 - 2012-07-02 08:39 - 01264272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-12-05 17:40 - 2012-06-20 10:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-12-05 17:40 - 2012-06-15 04:20 - 07163784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-12-05 17:40 - 2012-06-15 04:20 - 00433544 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-12-05 17:40 - 2012-06-15 04:20 - 00141192 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-12-05 17:40 - 2012-06-15 04:20 - 00123784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-12-05 17:40 - 2012-06-15 04:20 - 00074632 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-12-05 17:40 - 2012-04-10 07:40 - 02533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-12-05 17:40 - 2012-03-08 04:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-12-05 17:40 - 2012-03-08 04:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-12-05 17:40 - 2012-01-30 04:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-12-05 17:40 - 2012-01-23 15:30 - 00537456 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-12-05 17:40 - 2012-01-23 15:30 - 00524656 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-12-05 17:40 - 2012-01-23 15:30 - 00449392 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-12-05 17:40 - 2012-01-10 03:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-12-05 17:40 - 2011-12-20 08:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-12-05 17:40 - 2011-11-22 09:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-12-05 17:40 - 2011-09-02 07:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-12-05 17:40 - 2011-09-02 07:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-12-05 17:40 - 2011-09-02 07:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-12-05 17:40 - 2011-08-23 10:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-12-05 17:40 - 2011-08-11 09:55 - 00001332 ____R () C:\Windows\system32\Drivers\DTSU2P.DAT
2014-12-05 17:40 - 2011-05-31 02:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-12-05 17:40 - 2011-05-31 02:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-12-05 17:40 - 2011-03-17 05:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-12-05 17:40 - 2011-03-07 10:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-12-05 17:40 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-12-05 17:40 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-12-05 17:40 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-12-05 17:40 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-12-05 17:40 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-12-05 17:40 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-12-05 17:40 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-12-05 17:40 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-12-05 17:40 - 2010-07-22 09:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2014-12-05 17:40 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-12-05 17:40 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-12-05 17:40 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-12-05 17:40 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-12-05 17:38 - 2014-12-05 17:48 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-12-05 17:38 - 2012-07-04 03:55 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-12-05 17:37 - 2014-12-05 17:42 - 00000000 ____D () C:\Intel
2014-12-05 17:32 - 2014-12-05 17:48 - 00068107 _____ () C:\Windows\Ascd_log.ini
2014-12-05 17:32 - 2014-12-05 17:33 - 00000000 ____D () C:\Windows\AsusInstAll
2014-12-05 17:32 - 2011-02-25 07:36 - 00295296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-12-05 17:26 - 2014-12-05 18:54 - 00048178 _____ () C:\Windows\Ascd_tmp.ini
2014-12-05 17:26 - 2014-12-05 18:53 - 00001769 _____ () C:\Windows\Language_trs.ini
2014-12-05 17:24 - 2014-12-05 17:24 - 00001439 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-05 17:24 - 2014-12-05 17:24 - 00001405 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-05 17:23 - 2014-12-05 17:24 - 00000000 ____D () C:\Users\Administrator
2014-12-05 17:23 - 2014-12-05 17:23 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2014-12-05 17:23 - 2014-12-05 17:23 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2014-12-05 17:23 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-05 17:23 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-05 17:07 - 2014-12-05 17:07 - 00001443 _____ () C:\Users\04.12.14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-05 17:07 - 2014-12-05 17:07 - 00001409 _____ () C:\Users\04.12.14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-05 17:07 - 2014-12-05 17:07 - 00000000 ____D () C:\Users\04.12.14\AppData\Local\VirtualStore
2014-12-05 17:06 - 2014-12-06 02:21 - 00272018 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 17:06 - 2014-12-05 17:07 - 00000000 ____D () C:\Users\04.12.14
2014-12-05 17:06 - 2014-12-05 17:06 - 00000020 ___SH () C:\Users\04.12.14\ntuser.ini
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Vorlagen
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Startmenü
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Netzwerkumgebung
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Lokale Einstellungen
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Eigene Dateien
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Druckumgebung
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Documents\Eigene Musik
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Documents\Eigene Bilder
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\AppData\Local\Verlauf
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\AppData\Local\Anwendungsdaten
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Users\04.12.14\Anwendungsdaten
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Programme
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-12-05 17:06 - 2014-12-05 17:06 - 00000000 __SHD () C:\Recovery
2014-12-05 17:06 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\04.12.14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-05 17:06 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\04.12.14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-05 16:55 - 2014-12-05 16:55 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-12-05 16:55 - 2014-12-05 16:55 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-12-05 16:55 - 2014-12-05 16:55 - 00001313 _____ () C:\Windows\TSSysprep.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-06 02:25 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 02:25 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-06 02:22 - 2009-07-14 18:58 - 00643628 _____ () C:\Windows\system32\perfh007.dat
2014-12-06 02:22 - 2009-07-14 18:58 - 00126188 _____ () C:\Windows\system32\perfc007.dat
2014-12-06 02:22 - 2009-07-14 06:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-06 02:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-06 02:18 - 2009-07-14 05:51 - 00021573 _____ () C:\Windows\setupact.log
2014-12-05 20:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-05 17:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-05 17:32 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2014-12-05 17:24 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-05 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-05 17:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-12-05 16:56 - 2009-07-14 05:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-05 16:55 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-05 16:55 - 2009-07-14 05:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2014-12-05 16:55 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-05 16:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-12-05 16:52 - 2009-07-14 19:18 - 00000000 ____D () C:\Windows\CSC
2014-12-05 16:51 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-12-05 16:51 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-05 16:51 - 2009-07-14 05:45 - 00000000 ____D () C:\Windows\Setup
2014-12-05 16:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\_is4317.exe
C:\Users\Administrator\AppData\Local\Temp\_is5012.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 16:52

==================== End Of Log ============================
--- --- ---





Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Administrator at 2014-12-06 02:56:31
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader 9.1 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Tool Web Package:diskpart.exe (HKLM-x32\...\{9782762F-639B-499B-A23D-5EBEAFC160E6}) (Version: 1.0.0.1 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Paragon Hard Disk Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-12-2014 16:32:31 Windows Update
05-12-2014 16:42:29 Windows Update
05-12-2014 16:44:19 Intel® Netzwerkanschlüsse
05-12-2014 17:20:54 Installed Adobe Reader 9.1 - Deutsch.
05-12-2014 18:35:00 Windows Update
05-12-2014 19:34:28 Installed Microsoft Tool Web Package:diskpart.exe
05-12-2014 21:58:32 Windows Update
05-12-2014 22:45:38 Installed 7-Zip 9.20 (x64 edition)
05-12-2014 22:47:43 Installed Paragon Hard Disk Manager™ 15 Suite.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {FA1075E2-38B0-4B7A-AE09-6DAB96C427F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {FEE37B4C-B124-4632-BCE3-B86F2741664F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-05 17:48 - 2014-12-05 17:48 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c1ef8189e658c07001049b7e7d83a2aa\IsdiInterop.ni.dll
2014-12-05 17:47 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-05 17:46 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-05 20:16 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-12-05 20:16 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

04.12.14 (S-1-5-21-2542950344-3679411221-3383825861-1000 - Administrator - Disabled) => C:\Users\04.12.14
Administrator (S-1-5-21-2542950344-3679411221-3383825861-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2542950344-3679411221-3383825861-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/06/2014 02:18:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/06/2014 02:08:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/06/2014 01:02:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/06/2014 00:57:57 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (12/06/2014 00:56:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/06/2014 00:56:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/06/2014 00:56:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/06/2014 00:56:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/06/2014 00:56:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (12/06/2014 00:56:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 15%
Total physical RAM: 16329.13 MB
Available physical RAM: 13878.43 MB
Total Pagefile: 32656.38 MB
Available Pagefile: 30128.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:890.3 GB) NTFS
Drive d: () (Fixed) (Total:298.09 GB) (Free:297.99 GB) NTFS

==================== MBR & Partition Table ==================
 Could not read MBR for disk 0.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: BE465B9D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A23B3D3D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6E4D2A35)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________
Alt 06.12.2014, 22:03   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Vermute Hackerangriff nach Neuinstallation - Standard

Vermute Hackerangriff nach Neuinstallation


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Vermute Hackerangriff nach Neuinstallation
bild, dateien, desktop, festplatte, festplatten, fritzbox, gelöscht, image, komische, neue, neuinstallation, nicht mehr, nichts, ordner, platte, prozesse, rechner, spiele, system, treiber, verhalten, windows, windows 7, wirklich, zugang


« Bildschirm wird nach steam update nicht erkannt | Windows 7 nach Start nur schwarzer Screen mit Explorer ohne Taskleiste »


Ähnliche Themen: Vermute Hackerangriff nach Neuinstallation


  1. Nach Hackerangriff auf LOT: Piloten fordern mehr Sicherheit
    Nachrichten - 24.06.2015 (0)
  2. LOT Polish Airlines: Flugverkehr nach Hackerangriff wieder normal
    Nachrichten - 22.06.2015 (0)
  3. Website der US-Armee nach Hackerangriff vorübergehend abgeschaltet
    Nachrichten - 09.06.2015 (0)
  4. Win 8.1: Vermute Mailwarebefall nach Linkaufruf in Fake-E-Mail
    Log-Analyse und Auswertung - 18.05.2015 (12)
  5. Kann an meinem PC trotz vorhandener Internetverbindung nicht mehr in das Internet. Vermute einen "Hackerangriff"
    Log-Analyse und Auswertung - 09.10.2014 (4)
  6. Plagegeister nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (28)
  7. MBR Check nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (9)
  8. vermute virus nach installation einer .exe datei aus nicht 100%sicherer Quelle.
    Log-Analyse und Auswertung - 07.12.2011 (7)
  9. Neuinstallation nach Virusbefall - was tun?
    Plagegeister aller Art und deren Bekämpfung - 05.09.2011 (11)
  10. Penny.de nach angeblichem Hackerangriff offline
    Nachrichten - 20.07.2011 (0)
  11. Nach Trojanner (HackerAngriff) BOOT.mgr probleme
    Alles rund um Windows - 13.07.2011 (73)
  12. Trojanerwarnung nach XP Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 04.09.2010 (31)
  13. Einstellungen nach Neuinstallation
    Alles rund um Windows - 04.11.2009 (10)
  14. Log-File nach Neuinstallation
    Log-Analyse und Auswertung - 19.06.2009 (1)
  15. 1.HJT-Log nach XP-Neuinstallation
    Log-Analyse und Auswertung - 20.05.2009 (5)
  16. Nachprüfung nach Neuinstallation
    Log-Analyse und Auswertung - 28.09.2008 (2)
  17. nach Neuinstallation
    Alles rund um Windows - 10.07.2005 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Vermute Hackerangriff nach Neuinstallation - Hallo euch allen, ich benötige wirklich mal eure Hilfe. Ich habe vor zwei Tagen komische Dinge auf meinen PC wahr genommen. System sehr träge, ständig neue Prozesse im Taskmanager. Also - Vermute Hackerangriff nach Neuinstallation...
Archiv
Du betrachtest: Vermute Hackerangriff nach Neuinstallation auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131