| |
| |||||||
Log-Analyse und Auswertung: GData meldet Win32.Adware.OpenCandy.CWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.12.2014, 11:29
| #1 |
| |  GData meldet Win32.Adware.OpenCandy.C Hallo zusammen, mein Gdata Virenscanner hat bei der Virenprüfung vergangenen Samstag den Virus Win32.Adware.OpenCandy.C gemeldet. Ich habe die entsprechende Datei sofort in Quarantäne verschoben und anschließend gelöscht. Eine weitere Prüfung mit ESET ergab weitere Treffer. Die ext. Festplatte ist wohl auch betroffen. Um das ganze System nun wieder sauber zu bekommen, benötige ich Eure Hilfe. Vielen Dank im Voraus! PS: Der Rechner zeigt bisher keine weiteren Auffälligkeiten. Gdata Protokoll Code:
ATTFilter Virenprüfung mit G Data AntiVirus
Version 25.0.1.4 (11.06.2014)
Virensignaturen vom 20.12.2014
Startzeit: 20.12.2014 10:55:04
Engine(s): Engine A (AVA 24.5629), Engine B (GD 25.4345)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 20.12.2014 12:23:08
140648 Dateien überprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Archiv: MyPhoneExplorer_Setup_1.8.5.exe
Pfad: C:\Users\Thorsten\Documents
Status: Datei in Quarantäne verschoben
Virus: Win32.Adware.OpenCandy.C, NSIS.Adware.SoftBundled.A (Engine B)
Objekt: $PLUGINSDIR\OCSetupHlp.dll
In Archiv: C:\Users\Thorsten\Documents\MyPhoneExplorer_Setup_1.8.5.exe
Status: Virus gefunden
Virus: Win32.Adware.OpenCandy.C
Objekt: [NSIS].nsi
In Archiv: C:\Users\Thorsten\Documents\MyPhoneExplorer_Setup_1.8.5.exe
Status: Virus gefunden
Virus: NSIS.Adware.SoftBundled.A
Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00312985de6dd84628e9c75446ff0cd5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\011c37fbfe9235811a767e3e7794868a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01249600252be9d2af9d547eba94380a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\01fd51a5fe2b9e2c7fc3b2df831d4904_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\026930c20d116aa1c34ce8663b8c6a2c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\045a6832454c7d65be63a5555bf972f0_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\04a6570dbe2bcbe8ff23781b8bd62461_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06d28cdc532a00ddd81efeb52dd067dc_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\079f0f75f21f5c3113e047bf05b49db6_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09149e6a4daa597c5c26687c666c4f80_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0953f7aa790ba3139783a57b53a6c72d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09cf7142038cad99b652abde4974fb51_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\09f348489c3e8247021bb8de8506be3b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0acae3396a1d5708c4bec0964f686a1d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0b271360e6cd4af28ef20310e626c4e6_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0b9f1e281f313084db894201d566ebc9_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0bc37620b72fa38cce8d3cad961e84e2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c3dc3e5a13663a30bb6ffef949f1f16_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e02c347e9aad37f641a3f44231dd31a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e39d172c5566b464dd95a2446bda50b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e51b0bf0c8f01eeb4103b8aa391e24f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e7bf70b8668fb961b0063e662b7d089_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0ea7522e7b5ec0f2937dd0de3933041a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0f7af855bddd926ed6e5e708a07a056d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0fe38ab06a9124f2831c7b5414be19c1_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\10495c5f08e1deaec40121d88427e2ef_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\105b5bf409b7c06abe1e763c9408d02b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1063334a907851ec8c2322fdf350e530_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1088f3d61141af981ce781cee6b9a135_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\13a90427e1579503991e9b5a07f76229_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1463157858c61b57b34d365cc1917fb4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1515b5774d9b998fec934ef8596a2c5c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1553dc4aef68ce070e3e98aa596f4290_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15787ed9f4e0144bfb9a7c4c658e0583_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1718b732c46a21840eec08507acf6de2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\176c32b1a96090e58c02f3805c0c3ebc_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\18878d0fd5d7837333db0ab72b1a8834_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\18a824d9fccd6756b4ad2dbdd6472236_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\193086ae96563daa073080b005bf33da_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\19e0ade624b6ff95434e7bd57d675d37_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1aa201e93c4694f924adbd4f9b56f24f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1b53844ea49da5144a451fa7202fc171_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1be09f4621ad5d6ed407d7316433b6c4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c1925b92b9ef6be521d54b00c8de536_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c636b12afc659b1202244a11f3410e5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c9dc8ba5261fdf59ea13de400932297_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1cbcab0cf61ede504d7eda03219809d8_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1da6e73f16583b836995655d81041f8e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1dced02dfad6530bdc0d5c3197fd5343_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1e7d1867605f66af01e5cd29e5a7e9af_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1eb7c62bb70571574e1445def444ae12_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1eca5065a8fed510dd88671ce2e0b222_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f1e4ee4eabffb093b01e9b133d5432a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f2aa310e0fd29d115d30e39c0c6416f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1f8d6f5ace1ad38f8d21db13cac42b7e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1fec743607cd8dd5f85e35a80bb93bd7_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1fed27ff97f778c1185c82b7cf9bd5e0_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2122c41d2ded9f93efceb60fb6d1e2f0_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\214abcbe71ebb76f3bca07e4d54d8c7d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\219227412c43d4c596eaa7e3a9767b3b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\21cdae186251b48596292b495973049b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2289b93a4bca85a7f292ebf3296eaf3c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22bbf11e81033449eaa61bc7d259868e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22c7bb7fb30b4ec468e84a5aa1191249_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22e585e19b14555d16b78d3fdecbfd77_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\23f62bddbba59fc918f9f062b2644405_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\249cafe96ccf792a882faf6e5e78ee44_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\250651ffc89e2bbcb1b80b063a06d36c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\258d8ee369f5a476a0cdfe3b8236e7ac_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\262eaad66acb10b67170b118772897e8_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\268cfe8e0ac213a39be6a440ff1e7ace_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28d6169da25a70d5930a96d5be3e93af_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\28f8c9f69b90f419dd5c53e78bf5f20f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29627c8281e57f0cc5af749c2c535ff4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2999d9c800508a9b0ea293be88e8c828_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a2170ef05423bd071c1325a44f8fdf3_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c3e21487ed09d98eb2c88e46bde8935_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2c9ce4f0fe28a53dbe2858a7e7aa30f8_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2dba8bf222c9568c55919f65de161add_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2dd1c8983f2fec4b8dc3c3538cf0c368_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2dd5261c3d5b7d7a5490a5caacddb363_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e5636970833d74a07436ce491a37028_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2e9ad822912aac362ea1461c74fe5b08_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ebbfe834c982a1c6b309894ba1e5c8a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ed7cb6d6a013b1ff32d637280fb7762_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2ef800e7a270a63197d2f94857f071ef_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2fd1e7746921d9e5c020bf890ec552a4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2fd7fdaa66cbeaa4ac54d97286547243_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\309c7730cd53d100c7bece0b54d3ce45_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\310444ec3b63cd105c4665aa95c3cdaa_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\323d672e96c224a0c620a4e7ab72a755_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\32e11075efb0c569c1d10a2797ec408c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33348e420db521a3f4ea2a55af2c26ff_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33f633d0098ed6481e07381274a3f8e4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\34e70768b91928dc990ecfecf537ed44_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\355cff625c2ed8dbb8ed36fcb29d1362_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\35fc9d40f37dc202412537f6945a6fea_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3712b02d3c768add6ce4e1c55a7530ed_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\373091e70e366688864fd83d658d788e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37bda4719952353f720a81345078e2d3_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37c08b4fc4e13d1eca6c1574efee8942_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\37e1b798fba8a9f8793cef4306f36385_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\38afcd1a5baa7c3a9e55731eb10ca35a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\38ce85781ccdedf762d3b20a438431a3_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\393ba2c7860bee104d06857f4a5d0bd5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39edcd426835ab88fad2d67877a50220_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a0baaa8bf0ffd288a13f55aa829bd16_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3b35fc6bf10deed0d9dea20413bdb650_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3bd8dc1cf0bdb8721db46824b940629a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c09377e038df3e4c1ef9efef74a2e72_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ea47104197e90e31f8acc31a42e884e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ebe623e06d6698370624065d2d25389_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f7da5d8244f0a89656b233482ba7838_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\405ea0d64b78508085e6153249b7808f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\412cf989a42436ac4eadf7887f9b188d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\41495c1cf223727a698c871266f2bc9e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\417628399de818d83303f7d5257a1621_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\423d74c8a24ba287c912f911a6aff921_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\430bd0ca57d66104a3d7590259be4886_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\43cf37eff1dfa45eb0c04e4be907ddfe_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45a6d505b2246c5fa77d9f528b225643_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45aec1a3c2f6fbe27c0fe5e2cff6c366_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\45d40e39ceff7d46d1e865546c645966_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4637013e5b75b94a91c77581aeb1bff5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\46a5e6bca88cc015a382e31f5968f4f5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\47213c7f3f64f2ed1e8bc98c7041dced_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48f16cbd68f4e6973cf6c9fdc65242b0_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\496360d3356765bbbee784d7e315ed0b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a2b3ff232e52f83303ac470fbab6f17_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a30782dab7d6afdbc69a2c3623f5f7c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a4016a2c3f4c46d2177972454157994_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a70d24d610a03fafbac893d2d0a3562_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a95dbe4c9c5b80cbcae8e468a3bf621_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b9d017b4d89261549adc89e2386d4c7_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4b9d7d375e691462708a60a763b3c20e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4be37f008a1831f384ba942c66aa24d2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c6abf5bdccb0afdc4044d69b1c50e6b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c739a404f64cb5ff5dfd82f6b8edc87_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e7d7370655f956cfa13fd248ecda1f4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e9c39eb8e5b9ebe9c7782a1724e22e3_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e9d6b906246291abc255f70f44ca5b5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4ef2d2d27c46d0623265715b51a19055_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f8063ec19709d78004750becbb23543_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\50a48d650798f16216f84b6c7386fb0e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\50df4887efd06d2fc9c780f085c7b045_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\50e97a15edbe7f9bf8e2bca09ee8ac12_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\510f17a3c33d5d67cfec7b1c4a8c3bda_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\51378e27d5bb485ad79ca0bbe3110799_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\523fcdcc0e3b30d44fda862c6894c7a7_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5283d7732785d99990cd15782182b1af_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\52fe0e78f2ffe67dec9b1ae9aa7178d4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5416fd412f1c6dad75f0448d01c9b81c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5423d24fe684995eec806b7b68241dad_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\558a915f9329d864f173782f339df109_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55e50be93fa7ed39e20028550237e191_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\563c8c743742f61671054d73bad43f1f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5678f9d2aa096c1807cb3a5c9a1a223f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\568aa8ab31a763d89003106165db3421_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56fab0247c6dc91249e90a62beaea498_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5752faf28f5e17a897524d8e6b0610e1_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57c33f24fdf752e76a4efb2fabe47f4e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57d47c8e80cacd35ce82e14c1037c82e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\591fe5698c6d872da424656753cd6c65_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\59a053d07fbdfd2f8909c978ce8e8cf4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5a506e03f83d3b5af81e5ae3062381be_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5adf18ba50e01bb9170979afdf83ec32_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5bdc142ce341a6c207381f2a7da86987_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c286da152680669f0e1827bfb3ec7fc_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c692fd31ee1d73d59341453b28305ce_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5d8b380d160efa5e365305bf3bd76f20_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ee88a66039202de3d6b234b20579a51_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f61199d2372712b51b766c51b95cfd0_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f79d4df1186a7eb82ebad7b3e104788_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5fb3ca650618b9c582aa7b3789c6505a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5fd20695feca57bb4254ddd597c965a7_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\605c2e78a4ea16680d0f6ffebb648232_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\61119e5b4608bb08ddfc0c75f46c90f2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\62747380cec6cca947065e82fc1d7433_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\62c8a4c8b4559a3cdde00025bf9cd918_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\655c714f1f2dc9b92e248442a3bd7f59_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\664775dc160b629fe9e51215d9c0cbdc_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\669a0d9db79a3e7cd271b9fa3eb22a22_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\69097ff2cbe238a7f692f0b99564b487_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6a704959945ca3f5baeeccd578200a83_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6aac9a2a8449fcc13f418ba29dcf37cb_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ade64a8bd3e02139e01edc47871a142_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6afc5532c9c2945e9e5b8a9f8b90a86e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b198b2ab3b64e7d0ef16521829fccc1_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b7a0333b4610f009e82a7590378dce7_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6c2c8ffbde4f7183a0d395d74bcb118e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6c35d9b8e6c14ee434d3dbd5a539fe37_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6cc5e3a858518445d965bf3b09ccea25_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6cd3031abd0a09bcca69dae7a4f010b5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6d529e051420cee0d537ea807093a89b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f390fc7ef21f83d5b65d40ff805a24e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6f8c539484895018fbb7fd76f3d123e2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6fb267559a2695183efb06d4aa64bb95_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ff9eb1d817a5f72424baab786133b9d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\707172010fc59a7764f343cb65893bef_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\715ba27c6e628b901c82f7b47855e711_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\71b0f2dc1bf84f8eb8f849e751df44b2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72a9865e5d9778efd0014e752d515f06_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\72f4cdcb626d03abddf560abc7e225f2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\73f2c29830fbf318cceedb859861c79e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\74073680dbcbebc20fa2b1fe313bb703_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75cddeb9085d641c57dc554a1859feed_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\769df329033abb0339a99596511e5a68_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76b5286dbdfb30e1e1c6af65d3fdbe20_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\770c2bc922e4e99b8ababf49300f6bb2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\772ef46120f3933a559752937d06a83a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\77838fb90d9cd37ac60de2183b11a379_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\77fdbd8b05bea0449f1b99c2ad17424e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\786cf6cedad31ccdf654ced2509dc43f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78c6cf63b092aa0ff9d425c990ec38df_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79d774d2ba3e0dade15634803c8ac3d8_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7a04699109294c41a568bad7c834f3d6_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7b095aa119f947f690cc01c4ea025013_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c4244c80271da1bbbcf1eb905b9b609_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cbab91f8fc1ddc85726d1e6179cd219_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cfdda304f05b0d4da593b24bd4e67b8_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7d256b5a34bdd610278d304fb1b98114_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7e2f56a2900cae23e8fb5b15757736ff_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7f682662afce40f7214350e3272e7448_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7fe8ca5e971e8a2b4d4620c6f4b0599a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7fe9dce666a548880fa54df95c1d04ac_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8032036e6e32efeec30cfbc6b6a3683e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81b8192595a15ea5cca1a1eb2d598fa6_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82ad187cd048645dfbed49ba546287b9_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\82d7c92c5a361f26027a6dd1d5081333_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\831a8d676708bc2662903cf26f8c340a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83f0095ab1ad109311934c15d9f9c128_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\851709ac95e1033899ea060597f6dea2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8550dfcfb61b3020323faf51ea136ab2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\858292e4f5f9bb77c4be8681a21f4185_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85c538c9170eca0fbf35601b27f4cb29_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\85e22e19631eb66856baed90b4d408cd_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8694864aad310f4b082957d43fa7cdcd_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86c23beb80934413c8ccba3f3c57040a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\86f15a201b2be22a3ee5dcf2ffaa1fb8_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\87fc0d10258e0bc9ac17c8463f054e09_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8833c251d98af97035fb8eca0a4fcfbd_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89bf7218674f3815328f17b994548318_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b44588cdf98d6c06ca0232be35d10e1_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8bc711c5c95d5f16fe00c97ff65ce756_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8cb7fa0352451b29a9581dc2f0338d9d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d665b807c11f7716aeae41f7ce8a67c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8d7828231ecb398374078013ec7cf0d4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8df7c44e11dbfdae2a1cd03efea5bb86_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e275b1b10298dd8e80fb59b55c4c9a0_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8e3485732d412db06263aaec357d246f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ea6a60543a3df932c0066b1e69734ad_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f2a040011e0573c50b5d77a5c125171_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8fcf360f77014797f4fea779659323ba_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9301b938ec53960356e3539006a72a9e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93054144eb976c899af32b9499774aca_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\933733177332e324a2fd3ed4cc65355e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\939c4035a4746352e35ebee12f52a67e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\940aca54890c70ca6c2e21c88e2ed4cc_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9457e14c1d7cd5b3fc14ae4ef116a4c6_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9608f107ec9ec78e50f9f8f146ae7199_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\96e4611974490f0eb1457390d877d643_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98002adb54c11c96b65f1714f8e20735_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9899f69eb42bd205088a1a9782f2209c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98a3d4104da54e79bbdb57ab651462ad_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98b0a959df8d002cb256fd2d41480715_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98b24c16c997f82ebda40ea04e31428b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9908e959f81a8431cf224174d33f48e5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9b54154e2ee40ccd30f5fbf0d9a7faaa_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cad8a4cc6f81e6d7c4f2021e2d7975e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d17253ebc4e9e6ad3b5845d08e74642_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f00b99e87b18e411ea72ba938550c91_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9f4331a21f43466f06507a6be14c4daf_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9fbe6e74d56382d2bfe4945ce3a4363b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a07ecfa0bbb3f70de1a84d362eb76ca9_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a12f5582e01937a740903924809fa22d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a19b7df73825fa97cde0ffda57c63cf1_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a21740b8c81c348d1f53e8b4adcc1568_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a23bdce440e06b01bf89fa0856c38ecf_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a245c98d066c1b376fecc6684286a207_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2a54d2e0b9d480e1fa5414f332981a1_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a35e918b6341d90b0e3ff8128941f557_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a36d992476cd6413aa4ada47f99fc14a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a551cde928a9a4fa34ed320ec84c0b27_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a5afe648dea591921affe7a908e16220_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6041d085d50168c02ad9ccb742b937e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a609a786741657d17244ae9e9b36b41c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a60c3c9a468a2d20909a1d2dd59f5801_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6903a5e917c5413d5388fbbb5573e32_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6a7e21067f7e095fa7efce57e70ec9e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6bdb921cc363c90ecdf30a197d784f4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a6fd7a8c704ae422f4192d7bb316cf3f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a73847d73c4c9bdb35684c5df63afbc0_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7e0868587d6803a5eba83c4246fc7e1_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7e397b811d5dfc5384fbd6f3818bcb4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a91bdef148fa1229f848fc0eb9a0cccf_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aad1f1d8ceb0a0585fa58252f4bf7e3a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ac1a61422e4f7a2b08a206ae6d8026c8_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\acabc4b8c88c8af73a5b51a75b09dad9_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae58446946fc2a1749cf455fa4c9ab4d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b05ee55ca6a5e33c222a00ea2c896a5c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b1fe2573a8f5f410fb5520df9239c3bd_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2ffcbddca77cd42ba80607eff02e845_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b4439afed20120ab8b46c35f2577ceec_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b48e1948d63e399371b8b3049879707e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b7a879a438abc870328716cea8f50d00_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcb110adb06b82025a4cc1beaff08b9a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bdf001b8f9ece274fda14a907cd0bd3d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c35289cfa3a1b339498823b1df95b506_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c4139e48fe36f8b801c668fa5d4b113d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c5acdd3afadc912d63f49c843df51055_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c64f6ae0279866fa2780db947f396ca4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c71d6e8903a24c519a2befe6f2b1f6d2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7e937324669816efb0b023bfc1a9fe5_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c81a79f188e9faec3a5a821769c15b3e_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c865dde77ff1a235d5f7506dfd316c7b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c8c4442d1111505c75b49c27877af89c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c9c6393fdc50a85b2c094ff6ed4e8ee3_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c9e33deb750d0212524c4c347f22e972_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd3307e8eacc876c155b0f207269a2ea_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd8daba5e6e1de6db44217fc235a466b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cda16629c4e40da171cb45611296d398_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d171eb70b56883a10390ed1460be522c_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1e36c159f998cb4f1a86888ec393590_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1ea49201aa934ac7e73f6032ce196dd_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2895745ae4c13f58ff9a30d660b2c5b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d37d7b74e673fb108e4ac4dfa279d1d2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d399287b0718cbcf02d14f9c802092a6_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d42b79c345d94a5d1b6b34111fc6d9fe_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d4813d704b40406c68882cac9622beed_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d80380b8e1619426e5773cb4de9fd2c2_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da01226fa9e7b0665816a19b0ad60f5b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\daf5e008358e80d9397c9c33112a9c2a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dbc8c73226da5f380ff499f5d030a76f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dd376dbf6819cb9c440a50686fb416ca_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e02573521d121313b9748e4e0f2bd8cc_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e156939e93ae67b6bab8180fff2c151a_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e1d7c118a7247056d1f013f689bfad28_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e3974fae3e48261857fe056c33ae49f9_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e5888a06249deaa9c62b40069fe43085_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e63275bafc288aab51a6f52f637a7ac7_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e7a2f000bed12fb3a83024b700c1630d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e9a3091fa06d01e795934fc1ea3c7f5d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ea78097c6867a1d6757f3493f4e2fe4b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0483d60b62809b3b6ed59d3ff4fb953_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f269670ed72e890a10822abce8da203d_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2f9f2bc6b3ed86c8c2eb48770a7e06b_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f57dbeed0b869fa7556d459d5cfdbf03_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f7b30bd65f236e4e6876637e31e25cb4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f7ca109d032eef967c1e205ab2fff6fa_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f7edeb1cdbdc38837f4b3d359c09ab32_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f8fd6452849b02658fb6cd2213f06bac_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fbf2ad16ecab57ebb3fa7620a58be2fd_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc80dbc35b13fadb8bc6cea4349b08ce_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fe0057336e9d92a40de61eee45f8b7e4_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\feb40b392f7119153b32a09c18ffbf08_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ff27875def7fefff2a58d1f2e7689e1f_a4b3a5fd-eb62-4f2f-b6b5-e87286a98b3d
Die folgenden Dateien sind Passwortgeschützt:
C:\$Recycle.Bin\S-1-5-21-4006249133-3918135945-1396373427-1000\$RWFLCE3.pdf
C:\Users\Thorsten\AppData\Local\Microsoft\Outlook\archive.pst
C:\Users\Thorsten\AppData\Local\Microsoft\Outlook\Outlook.pst
Code:
ATTFilter C:\$Recycle.Bin\S-1-5-21-4006249133-3918135945-1396373427-1000\$RSTLXOG.exe Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung
C:\$Recycle.Bin\S-1-5-21-4006249133-3918135945-1396373427-1000\$RZAOB5Y.exe Variante von Win32/InstallCore.JW evtl. unerwünschte Anwendung
F:\20131220_Win7_Thorsten+Öffentlich\Users\Thorsten\Documents\MyPhoneExplorer_Setup_1.8.5.exe Win32/DownWare.L evtl. unerwünschte Anwendung
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:32 on 22/12/2014 (Thorsten)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014 01
Ran by Thorsten (administrator) on PC on 22-12-2014 10:33:35
Running from C:\Users\Thorsten\Desktop
Loaded Profile: Thorsten (Available profiles: Thorsten & Jessica)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
() C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\Drucker\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(sw4you) C:\Program Files\Hardcopy\hardcopy.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Drucker\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\...\MountPoints2: {ecd49b7e-6993-11e3-87bd-806e6f6e6963} - E:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Classic Theme Restorer - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-06-10]
FF Extension: New Tab Homepage View - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default\Extensions\clearz@gmail.com.xpi [2014-02-22]
FF HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-02-14]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-05-27] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [2123416 2014-05-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 HPSLPSVC; C:\Program Files\Drucker\Digital Imaging\bin\HPSLPSVC32.DLL [701288 2010-05-28] (Hewlett-Packard Co.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [43008 2014-07-03] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20096 2014-07-03] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [102400 2014-07-03] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52224 2014-07-03] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-07-03] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-07-18] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [46080 2014-07-03] (G Data Software AG)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1812512 2010-03-23] (Realtek Semiconductor Corporation )
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 10:33 - 2014-12-22 10:34 - 00007983 _____ () C:\Users\Thorsten\Desktop\FRST.txt
2014-12-22 10:33 - 2014-12-22 10:33 - 00000000 ____D () C:\FRST
2014-12-22 10:31 - 2014-12-22 10:31 - 01113600 _____ (Farbar) C:\Users\Thorsten\Desktop\FRST.exe
2014-12-22 10:29 - 2014-12-22 10:32 - 00000478 _____ () C:\Users\Thorsten\Desktop\defogger_disable.log
2014-12-22 10:29 - 2014-12-22 10:29 - 00000000 _____ () C:\Users\Thorsten\defogger_reenable
2014-12-22 10:26 - 2014-12-22 10:26 - 00050477 _____ () C:\Users\Thorsten\Desktop\Defogger.exe
2014-12-22 10:08 - 2014-12-22 10:29 - 00044192 _____ () C:\Users\Thorsten\Desktop\G Data Protokoll ID 496.txt
2014-12-21 21:10 - 2014-12-21 21:10 - 00000421 _____ () C:\Users\Thorsten\Desktop\virus.txt
2014-12-21 14:28 - 2014-12-21 14:28 - 02347384 _____ (ESET) C:\Users\Thorsten\Desktop\esetsmartinstaller_deu.exe
2014-12-21 14:28 - 2014-12-21 14:28 - 00000000 ____D () C:\Program Files\ESET
2014-12-21 14:26 - 2014-12-21 14:26 - 00000000 __SHD () C:\Users\Thorsten\AppData\Local\EmieBrowserModeList
2014-12-21 14:16 - 2014-12-21 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 14:15 - 2014-12-21 14:15 - 01707646 _____ (Thisisu) C:\Users\Thorsten\Desktop\JRT.exe
2014-12-21 14:08 - 2014-12-21 14:11 - 00000000 ____D () C:\AdwCleaner
2014-12-21 14:08 - 2014-12-21 14:08 - 02166272 _____ () C:\Users\Thorsten\Desktop\AdwCleaner_4.105.exe
2014-12-21 13:25 - 2014-12-21 13:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 13:25 - 2014-12-21 13:25 - 00000973 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-12-21 13:25 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 13:25 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 13:25 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 10:32 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 10:26 - 2014-12-20 08:55 - 00000000 ____D () C:\Users\Jessica\Desktop\bilder
2014-12-13 13:12 - 2014-12-13 13:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 18:26 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 18:26 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 18:26 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 18:26 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 18:26 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 17:12 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 17:12 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 17:12 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 17:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 17:12 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 17:12 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 17:12 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 17:12 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 17:12 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 17:12 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 17:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 17:12 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 17:12 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 17:12 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 17:12 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 17:12 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 17:12 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 17:12 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 17:12 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 17:12 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 17:12 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 17:12 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 17:12 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 17:12 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 17:12 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 17:12 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 17:12 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 17:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 17:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 17:12 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 17:12 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 17:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 17:12 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 17:11 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 17:11 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 17:11 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 17:11 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-07 14:00 - 2014-12-07 14:00 - 00000000 ____D () C:\Users\Thorsten\Documents\My Games
2014-12-07 14:00 - 2014-12-07 14:00 - 00000000 ____D () C:\ProgramData\Codemasters
2014-12-07 13:54 - 2014-12-07 13:54 - 00445016 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-07 13:54 - 2014-12-07 13:54 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\Program Files\OpenAL
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\Program Files\BRS
2014-12-07 13:54 - 2011-08-08 18:44 - 00809560 ____R (Creative Labs Inc.) C:\Windows\system32\tmpCFAE.tmp
2014-12-07 13:54 - 2011-05-06 13:40 - 01302528 _____ (Blue Ripple Sound Limited) C:\Windows\system32\rapture3d_oal.dll
2014-12-07 13:54 - 2010-09-22 14:12 - 19087360 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\system32\mkl_blueripple.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-07 13:53 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-07 13:53 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-07 13:53 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-07 13:52 - 2014-12-07 13:52 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\Windows\system32\xlive
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-12-07 13:39 - 2014-12-07 13:39 - 00000000 ____D () C:\Program Files\Codemasters
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 10:24 - 2013-12-20 17:33 - 01710619 ____N () C:\Windows\WindowsUpdate.log
2014-12-22 10:12 - 2014-08-10 13:22 - 00002526 _____ () C:\Users\Thorsten\Desktop\ETF-Sparplan - Verknüpfung.lnk
2014-12-22 10:12 - 2013-12-21 14:29 - 00000000 ____D () C:\Users\Thorsten\Documents\700_Jessica
2014-12-22 10:12 - 2009-07-14 05:34 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 10:12 - 2009-07-14 05:34 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 10:05 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 21:09 - 2014-07-27 12:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 14:27 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 13:41 - 2013-12-21 14:25 - 00000000 ____D () C:\Users\Thorsten\Documents\100_Haus
2014-12-14 10:33 - 2013-12-23 07:49 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Microsoft Help
2014-12-13 13:12 - 2014-05-07 19:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 13:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-13 13:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 18:26 - 2013-12-21 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 18:24 - 2013-12-20 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 18:22 - 2013-12-20 19:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:56 - 2013-12-22 11:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 18:56 - 2013-12-22 11:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-07 15:00 - 2013-12-21 14:25 - 00000000 ____D () C:\Users\Thorsten\Documents\080_Autos
2014-12-07 13:52 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-07 13:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-02 16:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-28 11:57 - 2013-12-23 08:22 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-11-26 22:15 - 2013-12-22 11:13 - 00000000 ____D () C:\Users\Thorsten\AppData\Roaming\vlc
2014-11-24 14:04 - 2013-12-20 17:49 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-23 18:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\Checkupdate.exe
C:\Users\Jessica\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Jessica\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Jessica\AppData\Local\Temp\gtapi_signed.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-23 18:29
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2014 01
Ran by Thorsten at 2014-12-22 10:34:37
Running from C:\Users\Thorsten\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G Data AntiVirus (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data AntiVirus (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
6000E609_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
F1 2011 (HKLM\...\GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}) (Version: 1.0.0000.129 - Codemasters)
F1 2011 (Version: 1.0.0000.129 - Codemasters) Hidden
Filzip 3.06 (HKLM\...\Filzip 3.0.6.93_is1) (Version: 3.0.6 - Philipp Engel)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.4.719 - Foxit Corporation)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
G Data AntiVirus (HKLM\...\{B9FC0A7D-FA1D-4347-ABED-AD8AD5305633}) (Version: 25.0.1.4 - G Data Software AG)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Hardcopy (HKLM\...\Hardcopy) (Version: 2014.01.01 - www.hardcopy.de)
HP Officejet 6000 E609 Series (HKLM\...\{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}) (Version: 14.0 - HP)
HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook 2007 (HKLM\...\OUTLOOKR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
my moments (HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\...\mymoments) (Version: 2.6.12.0 - my moments Fotobuch Verlag GmbH & Co. KG)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.3 - Nikon)
OLink 2.0.4.730 (HKLM\...\OLink 2.0.4.730_is1) (Version: OLink 2.0.4 - Jablotron Alarms a.s.)
OpenAL (HKLM\...\OpenAL) (Version: - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.16 - Nikon)
Rapture3D 2.4.9 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
SmartTools Publishing • Word Falz & Lochmarken-Assistent (HKLM\...\SmartToolsFalz & Lochmarken-Assistentv7.00) (Version: v7.00 - SmartTools Publishing)
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.3 - Nikon)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\...\{E6E37757-5E21-41DF-B0A1-4B146502F52A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4006249133-3918135945-1396373427-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
==================== Restore Points =========================
02-05-2014 09:38:25 Windows Update
04-05-2014 11:23:29 Windows Update
07-05-2014 16:38:51 Windows Update
07-05-2014 17:09:39 Windows Update
10-05-2014 17:04:59 Windows Update
15-05-2014 17:23:32 Windows Update
21-05-2014 20:35:26 Windows Update
01-06-2014 09:31:18 Windows Update
05-06-2014 15:27:34 Windows Update
11-06-2014 15:41:18 Windows Update
11-06-2014 15:46:14 Windows Update
12-06-2014 17:28:38 Windows Update
19-06-2014 09:02:41 Windows Update
22-06-2014 12:19:14 Windows Update
25-06-2014 12:28:32 Windows Update
03-07-2014 19:30:24 Windows Update
07-07-2014 08:06:24 Windows Update
10-07-2014 16:03:59 Windows Update
10-07-2014 16:21:17 Windows Update
15-07-2014 19:31:30 Windows Update
24-07-2014 08:32:26 Windows Update
29-07-2014 16:58:42 Windows Update
02-08-2014 15:11:09 Windows Update
07-08-2014 15:44:00 Windows Update
15-08-2014 12:16:26 Windows Update
15-08-2014 12:36:37 Windows Update
21-08-2014 15:08:58 Windows Update
21-08-2014 15:14:09 Windows Update
28-08-2014 10:11:56 Windows Update
28-08-2014 11:10:24 Windows Update
03-09-2014 09:40:19 Windows Update
06-09-2014 11:54:43 Windows Update
11-09-2014 18:05:54 Windows Update
13-09-2014 09:28:29 Windows Update
13-09-2014 10:42:50 Windows Update
17-09-2014 16:17:26 Windows Update
23-09-2014 15:47:29 Windows Update
24-09-2014 16:43:07 Windows Update
30-09-2014 20:02:30 Windows Update
30-09-2014 21:17:26 Windows Update
08-10-2014 06:12:33 Windows Update
12-10-2014 12:15:37 Windows Update
18-10-2014 13:28:21 Windows Update
18-10-2014 13:36:55 Windows Update
19-10-2014 09:32:14 Windows Update
19-10-2014 14:08:47 Windows Update
25-10-2014 12:28:05 Windows Update
29-10-2014 06:43:59 Windows Update
04-11-2014 17:38:47 Windows Update
08-11-2014 12:01:05 Windows Update
13-11-2014 09:38:17 Windows Update
13-11-2014 10:00:43 Windows Update
21-11-2014 07:18:17 Windows Update
21-11-2014 07:27:58 Windows Update
26-11-2014 09:44:13 Windows Update
02-12-2014 10:33:16 Windows Update
05-12-2014 20:30:58 Windows Update
07-12-2014 13:53:07 DirectX wurde installiert
07-12-2014 13:53:58 DirectX wurde installiert
08-12-2014 17:54:10 Windows Update
11-12-2014 18:18:50 Windows Update
17-12-2014 07:08:39 Windows Update
19-12-2014 10:58:52 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {82EFA276-E49A-41FC-BDF1-233C6F01CCC7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {9EB06974-9CFB-4A24-8E2F-E0A626639F85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {A4C86CC1-CED4-466A-A3E6-F7FF522044EA} - System32\Tasks\hcdll2_ex_Win32 => C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe [2013-07-17] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-05-20 02:38 - 2014-05-20 02:38 - 00277624 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2013-12-22 12:59 - 2013-07-17 16:03 - 00037880 _____ () C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe
2013-12-22 12:59 - 2012-07-05 14:56 - 00052800 _____ () C:\Program Files\Hardcopy\hardcopy_05.dll
2013-12-22 12:59 - 2013-10-30 10:49 - 00117752 _____ () C:\Program Files\Hardcopy\HcDLL2_43_Win32.dll
2014-07-18 21:23 - 2004-09-08 12:45 - 00368128 _____ () C:\Program Files\Filzip\fzshext.dll
2013-12-22 12:59 - 2013-12-14 11:09 - 03001152 _____ () C:\Program Files\Hardcopy\HcDllS.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-11-16 13:35 - 2014-11-16 13:35 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
========================= Accounts: ==========================
Administrator (S-1-5-21-4006249133-3918135945-1396373427-500 - Administrator - Disabled)
Gast (S-1-5-21-4006249133-3918135945-1396373427-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4006249133-3918135945-1396373427-1002 - Limited - Enabled)
Jessica (S-1-5-21-4006249133-3918135945-1396373427-1003 - Limited - Enabled) => C:\Users\Jessica
Thorsten (S-1-5-21-4006249133-3918135945-1396373427-1000 - Administrator - Enabled) => C:\Users\Thorsten
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/22/2014 10:07:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/21/2014 03:15:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 37%
Total physical RAM: 3071.18 MB
Available physical RAM: 1925.39 MB
Total Pagefile: 6140.65 MB
Available Pagefile: 4359.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.63 GB) (Free:487.05 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 30080C4C)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-22 10:58:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD753LJ rev.1AA01113 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Thorsten\AppData\Local\Temp\pxldapow.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83048A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83082212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x96E16000, 0x2BFBF0, 0xE8000020]
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@ABA7EE76 456
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{714044A6-59E5-404F-8369-ED8019A2EC90}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{714044A6-59E5-404F-8369-ED8019A2EC90}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{714044A6-59E5-404F-8369-ED8019A2EC90}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{714044A6-59E5-404F-8369-ED8019A2EC90}@Hash 0x36 0x64 0x2C 0xC6 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{714044A6-59E5-404F-8369-ED8019A2EC90}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{714044A6-59E5-404F-8369-ED8019A2EC90}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {714044A6-59E5-404F-8369-ED8019A2EC90}
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 44
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\45
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\45@CrawlType 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\45@InProgress 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\45@DoneAddingCrawlSeeds 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\45@IsCatalogLevel 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\45@LogStartAddId 2
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress 45
---- EOF - GMER 2.1 ----
|
|
22.12.2014, 11:40
| #2 |
| /// the machine /// TB-Ausbilder    | GData meldet Win32.Adware.OpenCandy.C hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
22.12.2014, 13:03
| #3 |
| | GData meldet Win32.Adware.OpenCandy.C Hallo Schrauber,
__________________danke für die schnelle Rückmeldung. Anbei die log-files Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.12.2014 Suchlauf-Zeit: 11:47:33 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.22.03 Rootkit Datenbank: v2014.12.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Thorsten Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 356198 Verstrichene Zeit: 11 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 22/12/2014 um 12:06:07
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Thorsten - PC
# Gestartet von : C:\Users\Thorsten\Desktop\AdwCleaner_4.106.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v33.1.1 (x86 de)
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [2078 octets] - [21/12/2014 14:09:03]
AdwCleaner[R1].txt - [923 octets] - [22/12/2014 12:02:57]
AdwCleaner[S0].txt - [2161 octets] - [21/12/2014 14:11:25]
AdwCleaner[S1].txt - [845 octets] - [22/12/2014 12:06:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [904 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x86
Ran by Thorsten on 22.12.2014 at 12:11:49,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.12.2014 at 12:13:35,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014 01
Ran by Thorsten (administrator) on PC on 22-12-2014 12:14:21
Running from C:\Users\Thorsten\Desktop
Loaded Profile: Thorsten (Available profiles: Thorsten & Jessica)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
() C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\Drucker\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(sw4you) C:\Program Files\Hardcopy\hardcopy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Drucker\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\...\MountPoints2: {ecd49b7e-6993-11e3-87bd-806e6f6e6963} - E:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Classic Theme Restorer - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-06-10]
FF Extension: New Tab Homepage View - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default\Extensions\clearz@gmail.com.xpi [2014-02-22]
FF HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-02-14]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-05-27] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [2123416 2014-05-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 HPSLPSVC; C:\Program Files\Drucker\Digital Imaging\bin\HPSLPSVC32.DLL [701288 2010-05-28] (Hewlett-Packard Co.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [43008 2014-07-03] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20096 2014-07-03] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [102400 2014-07-03] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52224 2014-07-03] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-07-03] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-07-18] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [46080 2014-07-03] (G Data Software AG)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1812512 2010-03-23] (Realtek Semiconductor Corporation )
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 12:13 - 2014-12-22 12:13 - 00000628 _____ () C:\Users\Thorsten\Desktop\JRT.txt
2014-12-22 12:10 - 2014-12-22 12:10 - 01707646 _____ (Thisisu) C:\Users\Thorsten\Desktop\JRT(1).exe
2014-12-22 12:08 - 2014-12-22 12:08 - 00000983 _____ () C:\Users\Thorsten\Desktop\AdwCleaner[S1].txt
2014-12-22 12:07 - 2014-12-22 12:07 - 00000314 _____ () C:\Windows\PFRO.log
2014-12-22 12:02 - 2014-12-22 12:02 - 02173952 _____ () C:\Users\Thorsten\Desktop\AdwCleaner_4.106.exe
2014-12-22 12:00 - 2014-12-22 12:00 - 00001206 _____ () C:\Users\Thorsten\Desktop\mbam.txt
2014-12-22 11:38 - 2014-12-22 11:57 - 00014271 _____ () C:\Users\Thorsten\Documents\Bauschlotttermin.ics
2014-12-22 11:10 - 2014-12-22 11:10 - 00000000 ____D () C:\Program Files\Common Files\SYSTEM
2014-12-22 10:58 - 2014-12-22 10:58 - 00003501 _____ () C:\Users\Thorsten\Desktop\Gmer.txt
2014-12-22 10:48 - 2014-12-22 10:48 - 00104960 _____ (GMER) C:\pxldapow.sys
2014-12-22 10:46 - 2014-12-22 12:07 - 00000112 _____ () C:\Windows\setupact.log
2014-12-22 10:46 - 2014-12-22 10:46 - 306713414 _____ () C:\Windows\MEMORY.DMP
2014-12-22 10:46 - 2014-12-22 10:46 - 00000000 ____D () C:\Windows\Minidump
2014-12-22 10:46 - 2014-12-22 10:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-22 10:39 - 2014-12-22 10:39 - 00380416 _____ () C:\Users\Thorsten\Desktop\Gmer-19357.exe
2014-12-22 10:34 - 2014-12-22 10:35 - 00019058 _____ () C:\Users\Thorsten\Desktop\Addition.txt
2014-12-22 10:33 - 2014-12-22 12:14 - 00008002 _____ () C:\Users\Thorsten\Desktop\FRST.txt
2014-12-22 10:33 - 2014-12-22 12:14 - 00000000 ____D () C:\FRST
2014-12-22 10:31 - 2014-12-22 10:31 - 01113600 _____ (Farbar) C:\Users\Thorsten\Desktop\FRST.exe
2014-12-22 10:29 - 2014-12-22 10:32 - 00000478 _____ () C:\Users\Thorsten\Desktop\defogger_disable.log
2014-12-22 10:29 - 2014-12-22 10:29 - 00000000 _____ () C:\Users\Thorsten\defogger_reenable
2014-12-22 10:26 - 2014-12-22 10:26 - 00050477 _____ () C:\Users\Thorsten\Desktop\Defogger.exe
2014-12-22 10:08 - 2014-12-22 10:29 - 00044192 _____ () C:\Users\Thorsten\Desktop\G Data Protokoll.txt
2014-12-21 21:10 - 2014-12-21 21:10 - 00000421 _____ () C:\Users\Thorsten\Desktop\ESET.txt
2014-12-21 14:28 - 2014-12-21 14:28 - 02347384 _____ (ESET) C:\Users\Thorsten\Desktop\esetsmartinstaller_deu.exe
2014-12-21 14:28 - 2014-12-21 14:28 - 00000000 ____D () C:\Program Files\ESET
2014-12-21 14:26 - 2014-12-21 14:26 - 00000000 __SHD () C:\Users\Thorsten\AppData\Local\EmieBrowserModeList
2014-12-21 14:16 - 2014-12-21 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 14:15 - 2014-12-21 14:15 - 01707646 _____ (Thisisu) C:\Users\Thorsten\Desktop\JRT.exe
2014-12-21 14:08 - 2014-12-22 12:06 - 00000000 ____D () C:\AdwCleaner
2014-12-21 13:25 - 2014-12-22 11:47 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 13:25 - 2014-12-21 13:25 - 00000973 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-12-21 13:25 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 13:25 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 13:25 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 10:32 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 10:26 - 2014-12-20 08:55 - 00000000 ____D () C:\Users\Jessica\Desktop\bilder
2014-12-13 13:12 - 2014-12-13 13:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 18:26 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 18:26 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 18:26 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 18:26 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 18:26 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 17:12 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 17:12 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 17:12 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 17:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 17:12 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 17:12 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 17:12 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 17:12 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 17:12 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 17:12 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 17:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 17:12 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 17:12 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 17:12 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 17:12 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 17:12 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 17:12 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 17:12 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 17:12 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 17:12 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 17:12 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 17:12 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 17:12 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 17:12 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 17:12 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 17:12 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 17:12 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 17:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 17:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 17:12 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 17:12 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 17:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 17:12 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 17:11 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 17:11 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 17:11 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 17:11 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-07 14:00 - 2014-12-07 14:00 - 00000000 ____D () C:\Users\Thorsten\Documents\My Games
2014-12-07 14:00 - 2014-12-07 14:00 - 00000000 ____D () C:\ProgramData\Codemasters
2014-12-07 13:54 - 2014-12-07 13:54 - 00445016 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-07 13:54 - 2014-12-07 13:54 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\Program Files\OpenAL
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\Program Files\BRS
2014-12-07 13:54 - 2011-08-08 18:44 - 00809560 ____R (Creative Labs Inc.) C:\Windows\system32\tmpCFAE.tmp
2014-12-07 13:54 - 2011-05-06 13:40 - 01302528 _____ (Blue Ripple Sound Limited) C:\Windows\system32\rapture3d_oal.dll
2014-12-07 13:54 - 2010-09-22 14:12 - 19087360 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\system32\mkl_blueripple.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-07 13:53 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-07 13:53 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-07 13:53 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-07 13:52 - 2014-12-07 13:52 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\Windows\system32\xlive
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-12-07 13:39 - 2014-12-07 13:39 - 00000000 ____D () C:\Program Files\Codemasters
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-22 12:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-22 12:06 - 2013-12-20 17:33 - 01721992 _____ () C:\Windows\WindowsUpdate.log
2014-12-22 11:56 - 2014-07-27 12:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-22 11:10 - 2013-12-21 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 11:10 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-12-22 10:54 - 2009-07-14 05:34 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-22 10:54 - 2009-07-14 05:34 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-22 10:12 - 2014-08-10 13:22 - 00002526 _____ () C:\Users\Thorsten\Desktop\ETF-Sparplan - Verknüpfung.lnk
2014-12-22 10:12 - 2013-12-21 14:29 - 00000000 ____D () C:\Users\Thorsten\Documents\700_Jessica
2014-12-21 14:27 - 2010-11-20 22:01 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 13:41 - 2013-12-21 14:25 - 00000000 ____D () C:\Users\Thorsten\Documents\100_Haus
2014-12-14 10:33 - 2013-12-23 07:49 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Microsoft Help
2014-12-13 13:12 - 2014-05-07 19:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 13:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-13 13:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 18:24 - 2013-12-20 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 18:22 - 2013-12-20 19:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:56 - 2013-12-22 11:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 18:56 - 2013-12-22 11:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-07 15:00 - 2013-12-21 14:25 - 00000000 ____D () C:\Users\Thorsten\Documents\080_Autos
2014-12-07 13:52 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-07 13:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-02 16:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-28 11:57 - 2013-12-23 08:22 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-11-26 22:15 - 2013-12-22 11:13 - 00000000 ____D () C:\Users\Thorsten\AppData\Roaming\vlc
2014-11-24 14:04 - 2013-12-20 17:49 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-23 18:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\Checkupdate.exe
C:\Users\Jessica\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Jessica\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Jessica\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Thorsten\AppData\Local\Temp\Quarantine.exe
C:\Users\Thorsten\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-23 18:29
==================== End Of Log ============================
--- --- --- --- --- --- |
|
23.12.2014, 11:53
| #4 |
| /// the machine /// TB-Ausbilder | GData meldet Win32.Adware.OpenCandy.CESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.12.2014, 13:01
| #5 |
| | GData meldet Win32.Adware.OpenCandy.C Hi schrauber, anbei die logs. Securitycheck meldet leider "unsupported operating system! aborted!" Ansonsten gab und gibt es keine Auffäligkeiten. Ist der Rechner damit clean? Herzlichen Dank und Fröhliche Weihnachten! Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=11ab0bd7d534e7418fc11ef49caa9040
# engine=21680
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-23 03:22:40
# local_time=2014-12-23 04:22:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='G Data AntiVirus'
# compatibility_mode=4110 16777213 100 100 7278 152588793 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 16789 170979351 0 0
# scanned=183112
# found=0
# cleaned=0
# scan_time=3443
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Thorsten (administrator) on PC on 23-12-2014 16:40:14
Running from C:\Users\Thorsten\Desktop
Loaded Profile: Thorsten (Available profiles: Thorsten & Jessica)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(G Data Software AG) C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe
() C:\Program Files\Hardcopy\hcdll2_ex_Win32.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\Drucker\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(sw4you) C:\Program Files\Hardcopy\hardcopy.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Drucker\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\AntiVirus\AVKTray\AVKTray.exe,
HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\...\MountPoints2: {ecd49b7e-6993-11e3-87bd-806e6f6e6963} - E:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
ShortcutTarget: Hardcopy.LNK -> C:\Program Files\Hardcopy\hardcopy.exe (sw4you)
Startup: C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files\WISO\Steuersoftware 2014\mshaktuell.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Classic Theme Restorer - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-06-10]
FF Extension: New Tab Homepage View - C:\Users\Thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\pp6nqsah.default\Extensions\clearz@gmail.com.xpi [2014-02-22]
FF HKU\S-1-5-21-4006249133-3918135945-1396373427-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-02-14]
Chrome:
=======
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-05-27] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\AntiVirus\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\AntiVirus\AVK\AVKWCtl.exe [2123416 2014-05-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 HPSLPSVC; C:\Program Files\Drucker\Digital Imaging\bin\HPSLPSVC32.DLL [701288 2010-05-28] (Hewlett-Packard Co.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [43008 2014-07-03] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt32.sys [20096 2014-07-03] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [102400 2014-07-03] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52224 2014-07-03] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [53248 2014-07-03] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [29528 2014-07-18] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [46080 2014-07-03] (G Data Software AG)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [1812512 2010-03-23] (Realtek Semiconductor Corporation )
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 16:40 - 2014-12-23 16:40 - 00008002 _____ () C:\Users\Thorsten\Desktop\FRST.txt
2014-12-23 12:41 - 2014-12-23 12:41 - 00852505 _____ () C:\Users\Thorsten\Desktop\SecurityCheck.exe
2014-12-23 12:40 - 2014-12-23 12:40 - 02347384 _____ (ESET) C:\Users\Thorsten\Desktop\esetsmartinstaller_deu(1).exe
2014-12-22 13:05 - 2014-12-23 16:37 - 00000041 _____ () C:\Windows\Filzip.ini
2014-12-22 12:10 - 2014-12-22 12:10 - 01707646 _____ (Thisisu) C:\Users\Thorsten\Desktop\JRT(1).exe
2014-12-22 12:02 - 2014-12-22 12:02 - 02173952 _____ () C:\Users\Thorsten\Desktop\AdwCleaner_4.106.exe
2014-12-22 11:10 - 2014-12-22 11:10 - 00000000 ____D () C:\Program Files\Common Files\SYSTEM
2014-12-22 10:48 - 2014-12-22 10:48 - 00104960 _____ (GMER) C:\pxldapow.sys
2014-12-22 10:46 - 2014-12-22 10:46 - 00000000 ____D () C:\Windows\Minidump
2014-12-22 10:39 - 2014-12-22 10:39 - 00380416 _____ () C:\Users\Thorsten\Desktop\Gmer-19357.exe
2014-12-22 10:33 - 2014-12-23 16:40 - 00000000 ____D () C:\FRST
2014-12-22 10:31 - 2014-12-22 13:35 - 01114112 _____ (Farbar) C:\Users\Thorsten\Desktop\FRST.exe
2014-12-22 10:29 - 2014-12-22 10:29 - 00000000 _____ () C:\Users\Thorsten\defogger_reenable
2014-12-22 10:26 - 2014-12-22 10:26 - 00050477 _____ () C:\Users\Thorsten\Desktop\Defogger.exe
2014-12-21 14:28 - 2014-12-21 14:28 - 02347384 _____ (ESET) C:\Users\Thorsten\Desktop\esetsmartinstaller_deu.exe
2014-12-21 14:28 - 2014-12-21 14:28 - 00000000 ____D () C:\Program Files\ESET
2014-12-21 14:26 - 2014-12-21 14:26 - 00000000 __SHD () C:\Users\Thorsten\AppData\Local\EmieBrowserModeList
2014-12-21 14:16 - 2014-12-21 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-12-21 14:15 - 2014-12-21 14:15 - 01707646 _____ (Thisisu) C:\Users\Thorsten\Desktop\JRT.exe
2014-12-21 14:08 - 2014-12-23 15:19 - 00000000 ____D () C:\AdwCleaner
2014-12-21 13:25 - 2014-12-23 14:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-21 13:25 - 2014-12-21 13:25 - 00000973 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 13:25 - 2014-12-21 13:25 - 00000000 ____D () C:\Program Files\Malwarebytes
2014-12-21 13:25 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-21 13:25 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-21 13:25 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-19 10:32 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-19 10:26 - 2014-12-20 08:55 - 00000000 ____D () C:\Users\Jessica\Desktop\bilder
2014-12-13 13:12 - 2014-12-13 13:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 18:26 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 18:26 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 18:26 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 18:26 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 18:26 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 17:12 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 17:12 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 17:12 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 17:12 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 17:12 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 17:12 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 17:12 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 17:12 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 17:12 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 17:12 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 17:12 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 17:12 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 17:12 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 17:12 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 17:12 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 17:12 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 17:12 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 17:12 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 17:12 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 17:12 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 17:12 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 17:12 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 17:12 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 17:12 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 17:12 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 17:12 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 17:12 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 17:12 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 17:12 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 17:12 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 17:12 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 17:12 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 17:12 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 17:12 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 17:11 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 17:11 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 17:11 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 17:11 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 17:11 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-07 14:00 - 2014-12-07 14:00 - 00000000 ____D () C:\Users\Thorsten\Documents\My Games
2014-12-07 14:00 - 2014-12-07 14:00 - 00000000 ____D () C:\ProgramData\Codemasters
2014-12-07 13:54 - 2014-12-07 13:54 - 00445016 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-12-07 13:54 - 2014-12-07 13:54 - 00109144 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\Program Files\OpenAL
2014-12-07 13:54 - 2014-12-07 13:54 - 00000000 ____D () C:\Program Files\BRS
2014-12-07 13:54 - 2011-08-08 18:44 - 00809560 ____R (Creative Labs Inc.) C:\Windows\system32\tmpCFAE.tmp
2014-12-07 13:54 - 2011-05-06 13:40 - 01302528 _____ (Blue Ripple Sound Limited) C:\Windows\system32\rapture3d_oal.dll
2014-12-07 13:54 - 2010-09-22 14:12 - 19087360 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\Windows\system32\mkl_blueripple.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-12-07 13:54 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-12-07 13:54 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-12-07 13:53 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-12-07 13:53 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-12-07 13:53 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-07 13:52 - 2014-12-07 13:52 - 00001338 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\Windows\system32\xlive
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2014-12-07 13:52 - 2014-12-07 13:52 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-12-07 13:39 - 2014-12-07 13:39 - 00000000 ____D () C:\Program Files\Codemasters
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 16:28 - 2013-12-20 17:33 - 01773977 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 15:56 - 2014-07-27 12:29 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 15:28 - 2009-07-14 05:34 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 15:28 - 2009-07-14 05:34 - 00031680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 15:21 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 14:01 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\schemas
2014-12-22 13:08 - 2010-11-20 22:01 - 01645874 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 12:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-12-22 11:10 - 2013-12-21 12:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 11:10 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-12-22 10:12 - 2014-08-10 13:22 - 00002526 _____ () C:\Users\Thorsten\Desktop\ETF-Sparplan - Verknüpfung.lnk
2014-12-22 10:12 - 2013-12-21 14:29 - 00000000 ____D () C:\Users\Thorsten\Documents\700_Jessica
2014-12-21 13:41 - 2013-12-21 14:25 - 00000000 ____D () C:\Users\Thorsten\Documents\100_Haus
2014-12-14 10:33 - 2013-12-23 07:49 - 00000000 ____D () C:\Users\Jessica\AppData\Local\Microsoft Help
2014-12-13 13:12 - 2014-05-07 19:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 13:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-13 13:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 18:24 - 2013-12-20 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 18:22 - 2013-12-20 19:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:56 - 2013-12-22 11:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-09 18:56 - 2013-12-22 11:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-07 15:00 - 2013-12-21 14:25 - 00000000 ____D () C:\Users\Thorsten\Documents\080_Autos
2014-12-07 13:52 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-07 13:52 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-02 16:35 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-28 11:57 - 2013-12-23 08:22 - 00000000 ____D () C:\Users\Jessica\AppData\Roaming\vlc
2014-11-26 22:15 - 2013-12-22 11:13 - 00000000 ____D () C:\Users\Thorsten\AppData\Roaming\vlc
2014-11-24 14:04 - 2013-12-20 17:49 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\Jessica\AppData\Local\Temp\Checkupdate.exe
C:\Users\Jessica\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Jessica\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Jessica\AppData\Local\Temp\gtapi_signed.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-22 12:46
==================== End Of Log ============================
--- --- --- |
|
25.12.2014, 11:35
| #6 |
| /// the machine /// TB-Ausbilder | GData meldet Win32.Adware.OpenCandy.C Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> GData meldet Win32.Adware.OpenCandy.C |
|
| Themen zu GData meldet Win32.Adware.OpenCandy.C |
| adobe, bluescreen, branding, converter, cpu, defender, dvdvideosoft ltd., excel, festplatte, firefox, flash player, gdata, gdata meldet, helper, homepage, infizierte, mozilla, officejet, prozesse, realtek, registry, scan, services.exe, software, svchost.exe, system, virus, windows, wiso |
Linear-Darstellung
