|
Plagegeister aller Art und deren Bekämpfung: Windows 8 W-LAN Laptop legt LAN Rechner lahmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.02.2015, 20:14 | #1 |
| Windows 8 W-LAN Laptop legt LAN Rechner lahm Hallo Experten Team. Ich betreibe ein W-LAN/LAN Zuhause und die Verbindungen klappen alle soweit. Alle Rechner, Smartphones, Tablets, etc. sind im gleichen Subnetz und bekommen vom Router über DHCP ihre IPs. Einige feste, andere Dynamische, z.B. Gast-Handys. Vor einigen Monaten fragte mich meine Frau ob ich ihr die Bildordner der Kinder über das Netzwerk freigeben könne und das tat ich. Über Benutzernamen und Kennwort, gab ich ihr den Ordner mit Leseberechtigung frei und das klappte Super, mit einer Ausnahme. Jedesmal wenn sie sich mit dem Ordner verband, wurde mein PC (i5-2500k, 16GB Ram, Raid 1) so ausgebremst, das an ein Arbeiten nicht mehr zu denken war. Ich hob die Freigabe somit erst einmal wieder auf und bemerkte das immer wenn sie ins Internet über W-LAN ging, z.B. Facebook öffnete, mein Rechner blockierte. Mein Rechner ist aber über Kabel an einem Gigabit Switch (nachträglich gekauft, weil ich an Datenkollisionen dachte) und der Switch am W-LAN Router (per Kabel). Über SmartSniff sah ich dann das das Windows 8 Laptop über Multicast Adresse sogar die Firewall Regeln ausser Kraft setzte und fleißig im Netz Daten schickte. Ein weiterer Windows 7 Rechner ist nicht am zicken, der ist auch über W-LAN drin. Auch wenn ich ins Internet gehe, oder Daten ziehe/sende, blockiert es keinen anderen Rechner. Da ich vermute das das Win8 Laptop irgend etwas drauf hat, wäre es Nett wenn ihr da mal drauf schauen könntet, weil ich seit Monaten alles mögliche getestet, ausgetauscht und konfiguriert habe, und mit meinem Latein am Ende bin. LG Houseman |
05.02.2015, 20:16 | #2 |
/// the machine /// TB-Ausbilder | Windows 8 W-LAN Laptop legt LAN Rechner lahm hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
05.02.2015, 23:13 | #3 |
| Frst und AdditionFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by Anja (administrator) on JESSICANB on 05-02-2015 23:06:54 Running from C:\Users\Anja\Desktop Loaded Profiles: Anja (Available profiles: Anja) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [LManager] => [X] HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\MountPoints2: {eafd6177-aadd-11e4-bf5f-b888e3d1ce52} - "E:\pushinst.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\S-1-5-21-2513446037-876431734-2113241799-1001 -> DefaultScope {312C44B3-E40B-4721-A1BB-43DC49C7DBAA} URL = SearchScopes: HKU\S-1-5-21-2513446037-876431734-2113241799-1001 -> {312C44B3-E40B-4721-A1BB-43DC49C7DBAA} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 FireFox: ======== FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] S4 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) S4 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-22] (Dritek System INC.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-22] (Dritek System Inc.) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 23:06 - 2015-02-05 23:08 - 00008418 _____ () C:\Users\Anja\Desktop\FRST.txt 2015-02-05 23:06 - 2015-02-05 23:06 - 00000000 ____D () C:\FRST 2015-02-05 23:05 - 2015-02-05 23:05 - 02131968 _____ (Farbar) C:\Users\Anja\Desktop\FRST64.exe 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieUserList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieSiteList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieBrowserModeList 2015-02-03 07:34 - 2015-02-03 07:34 - 00000020 ___SH () C:\Users\Anja\ntuser.ini 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-02-03 00:47 - 2015-02-03 00:47 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-02-03 00:27 - 2015-02-03 00:27 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-02-03 00:24 - 2015-02-05 23:07 - 01308777 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-03 00:21 - 2015-02-03 00:21 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-02-03 00:19 - 2015-02-03 07:34 - 00000000 ____D () C:\Users\Anja 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagwrn.xml 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagerr.xml 2015-02-03 00:19 - 2015-02-03 00:20 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Vorlagen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Startmenü 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Netzwerkumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Lokale Einstellungen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Eigene Dateien 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Druckumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Musik 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Bilder 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Verlauf 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Anwendungsdaten 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Anwendungsdaten 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-02-03 00:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\Program Files\Realtek 2015-02-03 00:11 - 2015-02-03 00:22 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-02-03 00:11 - 2015-02-03 00:11 - 00000000 ____D () C:\Program Files\Elantech 2015-02-03 00:08 - 2015-02-03 07:35 - 00000000 ___DC () C:\WINDOWS\Panther 2015-02-03 00:08 - 2015-02-03 00:08 - 00000000 __SHD () C:\Recovery 2015-02-03 00:07 - 2015-02-03 00:07 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00000000 ____D () C:\Windows.old 2015-02-03 00:05 - 2015-02-03 00:05 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-02-03 00:04 - 2015-02-03 00:04 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\MSBuild 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-03 00:02 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-02-03 00:02 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-02-02 23:34 - 2015-02-03 00:48 - 00006626 _____ () C:\WINDOWS\comsetup.log 2015-02-02 22:27 - 2015-02-02 22:27 - 00002259 _____ () C:\WINDOWS\epplauncher.mif 2015-02-02 22:22 - 2015-02-02 22:24 - 00000000 ____D () C:\Users\Anja\Downloads\smsniff-2.16_x64 2015-02-02 22:22 - 2015-02-02 22:22 - 00127443 _____ () C:\Users\Anja\Downloads\smsniff-2.16_x64.zip 2015-02-02 21:55 - 2015-02-02 22:15 - 00000000 ____D () C:\Users\Anja\Documents\smsniff-2.16_x64 2015-02-02 14:41 - 2015-02-05 23:06 - 00062254 _____ () C:\WINDOWS\avmfwlanci.log 2015-02-02 14:41 - 2015-02-03 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN 2015-02-02 14:41 - 2015-02-02 14:41 - 00024866 _____ () C:\WINDOWS\avmacc.log 2015-02-02 14:41 - 2015-02-02 14:41 - 00018142 _____ () C:\WINDOWS\AVMInstall.Log 2015-02-02 14:41 - 2015-02-02 14:41 - 00010145 _____ () C:\WINDOWS\avmsetup.log 2015-02-02 14:41 - 2015-02-02 14:41 - 00002358 _____ () C:\WINDOWS\avmadd32.log 2015-02-02 14:41 - 2015-02-02 14:41 - 00000000 ____D () C:\Program Files (x86)\avmwlanstick 2015-02-02 14:41 - 2015-02-02 14:41 - 00000000 ____D () C:\Program Files (x86)\AVM_update 2015-02-02 14:39 - 2015-02-02 14:39 - 00000000 ____D () C:\Users\Anja\AVM_Driver 2015-01-06 08:45 - 2015-02-03 00:25 - 00000000 ____D () C:\WINDOWS\system32\appraiser ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 23:08 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-05 23:08 - 2014-11-21 03:45 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-05 23:08 - 2014-11-21 03:45 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-05 23:05 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-05 23:00 - 2013-08-22 15:46 - 00286134 _____ () C:\WINDOWS\setupact.log 2015-02-05 23:00 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-04 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-04 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-03 16:30 - 2014-12-05 22:59 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-02-03 16:30 - 2014-11-20 19:24 - 00009764 _____ () C:\WINDOWS\PFRO.log 2015-02-03 16:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-03 07:51 - 2013-01-13 22:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2513446037-876431734-2113241799-1001 2015-02-03 07:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-03 07:39 - 2013-01-13 21:54 - 00000000 ____D () C:\Users\Anja\AppData\Local\Packages 2015-02-03 07:36 - 2013-01-13 21:55 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-02-03 00:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-03 00:49 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-02-03 00:48 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-02-03 00:32 - 2013-08-22 15:44 - 00362824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-03 00:30 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-02-03 00:29 - 2013-11-12 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron 2015-02-03 00:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-02-03 00:29 - 2013-01-20 18:13 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 2015-02-03 00:29 - 2012-10-22 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9 2015-02-03 00:29 - 2012-10-22 23:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-02-03 00:29 - 2012-09-01 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.5 2015-02-03 00:29 - 2012-09-01 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2015-02-03 00:29 - 2012-09-01 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-02-03 00:29 - 2012-09-01 19:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-03 00:27 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log 2015-02-03 00:27 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-02-03 00:26 - 2014-11-21 11:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-02-03 00:26 - 2014-09-23 17:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\mflpro 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-02-03 00:25 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-02-03 00:23 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-02-03 00:23 - 2013-03-02 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual 2015-02-03 00:23 - 2012-09-01 18:58 - 00000000 ____D () C:\ProgramData\PRICache 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-03 00:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-02-03 00:07 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-02-03 00:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-02-03 00:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-02-02 23:48 - 2013-01-13 21:54 - 01856833 _____ () C:\WINDOWS\WindowsUpdate (1).log 2015-02-02 23:31 - 2014-11-21 22:57 - 00000000 ___HD () C:\$Windows.~BT 2015-02-02 23:19 - 2014-09-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Brother 2015-02-02 14:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-02-02 14:49 - 2013-10-14 20:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-02 14:47 - 2013-10-14 20:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-11-06 21:40 - 2014-11-06 21:49 - 0007597 _____ () C:\Users\Anja\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 00:10 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015 Ran by Anja at 2015-02-05 23:09:02 Running from C:\Users\Anja\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation) clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated) CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.) Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM) ETDWare PS/2-X64 11.6.8.001_WHQL (HKLM\...\Elantech) (Version: 11.6.8.001 - ELAN Microelectronic Corp.) Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) InterActual Player (HKLM-x32\...\InterActual Player) (Version: - ) Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated) Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer) Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) SRWare Iron Version SRWare Iron 37.2000.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 37.2000.0 - SRWare) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {004A9BD8-EDC7-4DE8-A894-8EE41E1131B5} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] () Task: {371A112A-B68F-469C-B4D9-D77530517061} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2014-11-21] (Microsoft Corporation) Task: {400BFB4E-660E-4F32-8CA7-CEF261688561} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {66FA40D8-46CA-4894-AD0A-03BDF40FA844} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] () Task: {6CEDD6E2-E7EA-4233-AFDA-FFA454E894D4} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {8A8DF02A-3E72-4DF0-8EFD-ABA9072780F9} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated) Task: {99F3F7D0-8466-4793-AC28-F7A0DF12E1E1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe Task: {9D1D7272-BF8E-44BA-9B11-A8A7E83AA8B0} - System32\Tasks\{BBCF31F8-EF78-4C24-84E2-140E7D43643E} => pcalua.exe -a C:\Users\Anja\Downloads\MFC-5890CN-inst-win8-A1.EXE Task: {A776AB8E-5E5B-4E08-BCE2-BEE79D7C5E28} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.) Task: {D8F40E55-DB27-491F-B538-A91A2A9C9793} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-02] (Microsoft Corporation) Task: {F12DF198-34A2-4126-A5C3-13FEC59BC340} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) ==================== Loaded Modules (whitelisted) ============== 2012-06-22 02:12 - 2012-06-22 02:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll 2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe 2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-08-23 07:26 - 2012-08-23 07:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2012-10-22 23:29 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AVM WLAN Connection Service => 2 MSCONFIG\Services: BrcmCardReader => 2 MSCONFIG\Services: DsiWMIService => 2 MSCONFIG\Services: EgisTec Ticket Service => 3 MSCONFIG\Services: ETDService => 2 MSCONFIG\Services: FLEXnet Licensing Service => 3 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: LanmanServer => 2 MSCONFIG\Services: lmhosts => 2 MSCONFIG\Services: NTI IScheduleSvc => 2 MSCONFIG\Services: RfButtonDriverService => 2 ==================== Accounts: ============================= Administrator (S-1-5-21-2513446037-876431734-2113241799-500 - Administrator - Disabled) Anja (S-1-5-21-2513446037-876431734-2113241799-1001 - Administrator - Enabled) => C:\Users\Anja Gast (S-1-5-21-2513446037-876431734-2113241799-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2513446037-876431734-2113241799-1005 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Broadcom NetLink (TM)-Gigabit-Ethernet Description: Broadcom NetLink (TM)-Gigabit-Ethernet Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Corporation Service: k57nd60a Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/03/2015 00:22:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 00:22:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 00:22:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „Microsoft.BingSports_8wekyb3d8bbwe!AppexSports“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 10:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 10:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 10:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „Microsoft.BingSports_8wekyb3d8bbwe!AppexSports“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 07:51:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „Microsoft.BingSports_8wekyb3d8bbwe!AppexSports“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 07:46:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „Microsoft.BingWeather_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 07:36:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (02/03/2015 07:35:19 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (3468) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. System errors: ============= Error: (02/05/2015 11:02:55 PM) (Source: RemoteAccess) (EventID: 20106) (User: ) Description: RoutingDomainID- {00000000-0000-0000-0000-000000000000}: Die Schnittstelle "{CC40FC4F-4E18-4570-BC54-77017C9BDCD3}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden. Error: (02/05/2015 11:02:55 PM) (Source: RemoteAccess) (EventID: 20063) (User: ) Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [IKEv2] nicht initialisiert wurde. Die Anforderung wird nicht unterstützt. Error: (02/04/2015 09:08:56 PM) (Source: RemoteAccess) (EventID: 20106) (User: ) Description: RoutingDomainID- {00000000-0000-0000-0000-000000000000}: Die Schnittstelle "{CC40FC4F-4E18-4570-BC54-77017C9BDCD3}" kann nicht zu dem Router-Manager für das Protokoll IPV6 hinzugefügt werden. Fehler: Die Funktion kann nicht abgeschlossen werden. Error: (02/04/2015 09:08:56 PM) (Source: RemoteAccess) (EventID: 20063) (User: ) Description: Fehler beim Starten der RAS-Verbindungsverwaltung, da das Protokoll-Engine [IKEv2] nicht initialisiert wurde. Die Anforderung wird nicht unterstützt. Error: (02/04/2015 09:05:44 PM) (Source: DCOM) (EventID: 10010) (User: JESSICANB) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (02/04/2015 09:05:44 PM) (Source: DCOM) (EventID: 10010) (User: JESSICANB) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (02/04/2015 08:29:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Routing und RAS" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%11004 Error: (02/04/2015 08:29:16 PM) (Source: RemoteAccess) (EventID: 20152) (User: ) Description: Der momentan konfigurierte Authentifizierungsanbieter konnte nicht geladen und initialisiert werden. Der angeforderte Name ist gültig, es wurden jedoch keine Daten des angeforderten Typs gefunden. Error: (02/04/2015 08:21:20 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: Der Dienst "Routing und RAS" wurde mit dem folgenden dienstspezifischen Fehler beendet: %%11004 Error: (02/04/2015 08:21:18 PM) (Source: RemoteAccess) (EventID: 20152) (User: ) Description: Der momentan konfigurierte Authentifizierungsanbieter konnte nicht geladen und initialisiert werden. Der angeforderte Name ist gültig, es wurden jedoch keine Daten des angeforderten Typs gefunden. Microsoft Office Sessions: ========================= Error: (02/03/2015 00:22:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148 Error: (02/03/2015 00:22:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (02/03/2015 00:22:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148 Error: (02/03/2015 10:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (02/03/2015 10:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148 Error: (02/03/2015 10:13:35 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148 Error: (02/03/2015 07:51:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports-2144927148 Error: (02/03/2015 07:46:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927148 Error: (02/03/2015 07:36:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JESSICANB) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (02/03/2015 07:35:19 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail3468WindowsMail0: ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz Percentage of memory in use: 23% Total physical RAM: 8005.28 MB Available physical RAM: 6117.16 MB Total Pagefile: 9925.28 MB Available Pagefile: 8236.21 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:448.75 GB) (Free:383.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: C6DD69FB) Partition: GPT Partition Type. ==================== End Of Log ============================ |
06.02.2015, 09:40 | #4 |
/// the machine /// TB-Ausbilder | Windows 8 W-LAN Laptop legt LAN Rechner lahm Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.02.2015, 15:44 | #5 |
| Problem mit adwcleaner und Datenbank Hallo Schrauber. Danke erstmal das Du dich um mein Problem !? kümmerst. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015 Ran by Anja at 2015-02-06 11:47:05 Run:1 Running from C:\Users\Anja\Desktop\Trojaner-Board\Erster Scan Loaded Profiles: Anja (Available profiles: Anja) Boot Mode: Normal ============================================== Content of fixlist: ***************** Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 ***************** HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully. ==== End of Fixlog 11:47:05 ==== Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.02.2015 Suchlauf-Zeit: 11:53:38 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.06.03 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Anja Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 350618 Verstrichene Zeit: 20 Min, 59 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 8.1 x64 Ran by Anja on 06.02.2015 at 12:47:16,59 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.02.2015 at 12:48:25,09 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by Anja (administrator) on JESSICANB on 06-02-2015 12:53:07 Running from C:\Users\Anja\Desktop Loaded Profiles: Anja (Available profiles: Anja) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [LManager] => [X] HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\MountPoints2: {eafd6177-aadd-11e4-bf5f-b888e3d1ce52} - "E:\pushinst.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\S-1-5-21-2513446037-876431734-2113241799-1001 -> DefaultScope {312C44B3-E40B-4721-A1BB-43DC49C7DBAA} URL = SearchScopes: HKU\S-1-5-21-2513446037-876431734-2113241799-1001 -> {312C44B3-E40B-4721-A1BB-43DC49C7DBAA} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) S4 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] S4 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) S4 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-22] (Dritek System INC.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-22] (Dritek System Inc.) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 12:53 - 2015-02-06 12:53 - 00008680 _____ () C:\Users\Anja\Desktop\FRST.txt 2015-02-06 12:53 - 2015-02-05 23:05 - 02131968 _____ (Farbar) C:\Users\Anja\Desktop\FRST64.exe 2015-02-06 12:52 - 2015-02-06 12:52 - 00001189 _____ () C:\Users\Anja\Desktop\mbam.txt 2015-02-06 12:48 - 2015-02-06 12:48 - 00000613 _____ () C:\Users\Anja\Desktop\JRT.txt 2015-02-06 12:46 - 2015-02-06 12:47 - 01388274 _____ (Thisisu) C:\Users\Anja\Downloads\JRT.exe 2015-02-06 12:42 - 2015-02-06 12:42 - 02112512 _____ () C:\Users\Anja\Downloads\AdwCleaner_4.110.exe 2015-02-06 12:42 - 2015-02-06 12:42 - 02112512 _____ () C:\Users\Anja\Downloads\AdwCleaner_4.110 (1).exe 2015-02-06 11:53 - 2015-02-06 11:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-06 11:52 - 2015-02-06 11:52 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-06 11:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-06 11:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-06 11:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-06 11:50 - 2015-02-06 11:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anja\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-06 11:43 - 2015-02-06 11:43 - 00002702 _____ () C:\WINDOWS\avmfwlanci.log 2015-02-06 11:41 - 2015-02-06 11:41 - 00000077 _____ () C:\WINDOWS\setupact.log 2015-02-06 11:41 - 2015-02-06 11:41 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-02-06 09:01 - 2015-02-06 11:54 - 00057639 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-06 08:25 - 2015-02-06 12:25 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-06 08:25 - 2015-02-06 08:25 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-06 08:24 - 2015-02-06 08:25 - 00000000 ____D () C:\Users\Anja\AppData\Local\Adobe 2015-02-06 07:50 - 2015-02-06 07:50 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-02-06 07:50 - 2015-02-06 07:50 - 00000838 _____ () C:\Users\Anja\Desktop\CCleaner.lnk 2015-02-06 07:50 - 2015-02-06 07:50 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-06 07:50 - 2015-02-06 07:50 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-06 07:48 - 2015-02-06 07:48 - 04196968 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup502_slim (1).exe 2015-02-06 07:47 - 2015-02-06 07:47 - 04196968 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup502_slim.exe 2015-02-05 23:26 - 2015-02-06 12:53 - 00000000 ____D () C:\Users\Anja\Desktop\Trojaner-Board 2015-02-05 23:13 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-02-05 23:13 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-02-05 23:13 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-02-05 23:13 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-02-05 23:13 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-02-05 23:13 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-02-05 23:13 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-02-05 23:12 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-02-05 23:12 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-02-05 23:06 - 2015-02-06 12:53 - 00000000 ____D () C:\FRST 2015-02-04 21:45 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-02-04 21:45 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-02-04 21:45 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-02-04 21:45 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-02-04 21:38 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-02-04 21:38 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieUserList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieSiteList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieBrowserModeList 2015-02-03 07:34 - 2015-02-03 07:34 - 00000020 ___SH () C:\Users\Anja\ntuser.ini 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-02-03 00:47 - 2015-02-03 00:47 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-02-03 00:27 - 2015-02-03 00:27 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-02-03 00:21 - 2015-02-03 00:21 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-02-03 00:19 - 2015-02-03 07:34 - 00000000 ____D () C:\Users\Anja 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagwrn.xml 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagerr.xml 2015-02-03 00:19 - 2015-02-03 00:20 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Vorlagen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Startmenü 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Netzwerkumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Lokale Einstellungen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Eigene Dateien 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Druckumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Musik 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Bilder 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Verlauf 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Anwendungsdaten 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Anwendungsdaten 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-02-03 00:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\Program Files\Realtek 2015-02-03 00:11 - 2015-02-03 00:22 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-02-03 00:11 - 2015-02-03 00:11 - 00000000 ____D () C:\Program Files\Elantech 2015-02-03 00:08 - 2015-02-06 07:59 - 00000000 ___DC () C:\WINDOWS\Panther 2015-02-03 00:08 - 2015-02-03 00:08 - 00000000 __SHD () C:\Recovery 2015-02-03 00:07 - 2015-02-03 00:07 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-02-03 00:04 - 2015-02-03 00:04 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\MSBuild 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-03 00:02 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-02-02 22:27 - 2015-02-02 22:27 - 00002259 _____ () C:\WINDOWS\epplauncher.mif 2015-02-02 22:22 - 2015-02-02 22:24 - 00000000 ____D () C:\Users\Anja\Downloads\smsniff-2.16_x64 2015-02-02 22:22 - 2015-02-02 22:22 - 00127443 _____ () C:\Users\Anja\Downloads\smsniff-2.16_x64.zip 2015-02-02 21:55 - 2015-02-02 22:15 - 00000000 ____D () C:\Users\Anja\Documents\smsniff-2.16_x64 2015-02-02 14:41 - 2015-02-03 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN 2015-02-02 14:41 - 2015-02-02 14:41 - 00000000 ____D () C:\Program Files (x86)\avmwlanstick 2015-02-02 14:41 - 2015-02-02 14:41 - 00000000 ____D () C:\Program Files (x86)\AVM_update 2015-02-02 14:39 - 2015-02-02 14:39 - 00000000 ____D () C:\Users\Anja\AVM_Driver ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-06 12:52 - 2013-01-13 22:01 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2513446037-876431734-2113241799-1001 2015-02-06 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-06 11:45 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-06 11:45 - 2014-11-21 03:45 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-06 11:45 - 2014-11-21 03:45 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-06 11:41 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-06 09:26 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-06 08:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-06 08:56 - 2013-01-13 21:54 - 00000000 ____D () C:\Users\Anja\AppData\Local\Packages 2015-02-06 08:36 - 2013-11-12 10:28 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron 2015-02-06 07:59 - 2013-01-13 17:41 - 00000000 ____D () C:\Users\Anja\AppData\Local\CrashDumps 2015-02-06 07:44 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-02-05 23:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-02-04 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-03 20:31 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 16:30 - 2014-12-05 22:59 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-02-03 07:36 - 2013-01-13 21:55 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-02-03 00:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-03 00:49 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-02-03 00:48 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-02-03 00:32 - 2013-08-22 15:44 - 00362824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-03 00:30 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-02-03 00:29 - 2013-11-12 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron 2015-02-03 00:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-02-03 00:29 - 2013-01-20 18:13 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 2015-02-03 00:29 - 2012-10-22 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9 2015-02-03 00:29 - 2012-10-22 23:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-02-03 00:29 - 2012-09-01 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.5 2015-02-03 00:29 - 2012-09-01 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2015-02-03 00:29 - 2012-09-01 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-02-03 00:29 - 2012-09-01 19:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-03 00:27 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-02-03 00:26 - 2014-11-21 11:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-02-03 00:26 - 2014-09-23 17:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\mflpro 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-02-03 00:25 - 2015-01-06 08:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-03 00:25 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-02-03 00:23 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-02-03 00:23 - 2013-03-02 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual 2015-02-03 00:23 - 2012-09-01 18:58 - 00000000 ____D () C:\ProgramData\PRICache 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-03 00:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-02-03 00:07 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-02-03 00:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-02-03 00:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-02-02 23:19 - 2014-09-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Brother 2015-02-02 14:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-02-02 14:49 - 2013-10-14 20:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-02 14:47 - 2013-10-14 20:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-11-06 21:40 - 2014-11-06 21:49 - 0007597 _____ () C:\Users\Anja\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Anja\AppData\Local\Temp\Quarantine.exe C:\Users\Anja\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 00:10 ==================== End Of Log ============================ --- --- --- --- --- --- So hab jetzt doch noch geschafft das Programm zum laufen zu bewegen. Hier das File Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 15:39:08 # Aktualisiert 05/02/2015 von Xplode # Datenbank : 2015-02-05.2 [Server] # Betriebssystem : Windows 8.1 (x64) # Benutzername : Anja - JESSICANB # Gestarted von : C:\Users\Anja\Downloads\adwcleaner_4.110.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Chromium v ************************* AdwCleaner[R0].txt - [744 Bytes] - [06/02/2015 15:36:12] AdwCleaner[S0].txt - [667 Bytes] - [06/02/2015 15:39:08] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [725 Bytes] ########## |
06.02.2015, 21:36 | #6 | |
/// the machine /// TB-Ausbilder | Windows 8 W-LAN Laptop legt LAN Rechner lahmZitat:
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Windows 8 W-LAN Laptop legt LAN Rechner lahm |
07.02.2015, 00:59 | #7 |
| Windows 8 W-LAN Laptop legt LAN Rechner lahmCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=2d8491dcbc8b454590b02debcc84375f # engine=22347 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-06 11:42:27 # local_time=2015-02-07 12:42:27 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 12758 13570466 0 0 # scanned=192215 # found=0 # cleaned=0 # scan_time=4461 Code:
ATTFilter Results of screen317's Security Check version 0.99.95 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015 Ran by Anja (administrator) on JESSICANB on 07-02-2015 00:55:41 Running from C:\Users\Anja\Desktop Loaded Profiles: Anja (Available profiles: Anja) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [LManager] => [X] Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\MountPoints2: {eafd6177-aadd-11e4-bf5f-b888e3d1ce52} - "E:\pushinst.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2513446037-876431734-2113241799-1001 -> {312C44B3-E40B-4721-A1BB-43DC49C7DBAA} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) S4 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) S4 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-22] (Dritek System INC.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-22] (Dritek System Inc.) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 00:55 - 2015-02-07 00:56 - 00008614 _____ () C:\Users\Anja\Desktop\FRST.txt 2015-02-07 00:49 - 2015-02-07 00:49 - 00852573 _____ () C:\Users\Anja\Desktop\SecurityCheck.exe 2015-02-06 23:23 - 2015-02-06 23:23 - 02347384 _____ (ESET) C:\Users\Anja\Downloads\esetsmartinstaller_deu.exe 2015-02-06 23:23 - 2015-02-06 23:23 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-02-06 21:29 - 2015-02-06 21:29 - 00002702 _____ () C:\WINDOWS\avmfwlanci.log 2015-02-06 21:27 - 2015-02-06 21:27 - 00000077 _____ () C:\WINDOWS\setupact.log 2015-02-06 21:27 - 2015-02-06 21:27 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-02-06 19:18 - 2015-02-06 23:39 - 00328874 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-06 19:17 - 2015-02-06 19:17 - 00000000 ____D () C:\Users\Anja\AppData\Local\iGware 2015-02-06 18:32 - 2015-02-06 18:32 - 00000000 ____D () C:\Users\Anja\AppData\Local\AcerCloud 2015-02-06 18:31 - 2015-02-06 18:31 - 00000000 ____D () C:\Users\Anja\AppData\Local\Doc 2015-02-06 18:29 - 2015-02-06 21:23 - 00000000 ____D () C:\Users\Anja\AppData\Local\ClearfiMedia 2015-02-06 18:28 - 2015-02-06 18:30 - 00000000 ____D () C:\Users\Anja\AppData\Local\Acer 2015-02-06 18:28 - 2015-02-06 18:28 - 00000000 ____D () C:\Users\Anja\AppData\Local\AOP SDK 2015-02-06 18:25 - 2015-02-06 18:27 - 00000000 ____D () C:\Users\Anja\AppData\Local\ClearfiPhoto 2015-02-06 15:35 - 2015-02-06 15:39 - 00000000 ____D () C:\AdwCleaner 2015-02-06 15:35 - 2015-02-06 15:35 - 02112512 _____ () C:\Users\Anja\Downloads\adwcleaner_4.110.exe 2015-02-06 14:10 - 2010-10-22 02:00 - 00480632 ____N (AVM Berlin) C:\WINDOWS\instwcli.dex 2015-02-06 12:53 - 2015-02-05 23:05 - 02131968 _____ (Farbar) C:\Users\Anja\Desktop\FRST64.exe 2015-02-06 12:46 - 2015-02-06 12:47 - 01388274 _____ (Thisisu) C:\Users\Anja\Downloads\JRT.exe 2015-02-06 12:42 - 2015-02-06 12:42 - 02112512 _____ () C:\Users\Anja\Downloads\AdwCleaner_4.110 (1).exe 2015-02-06 11:53 - 2015-02-06 11:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-06 11:52 - 2015-02-06 11:52 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-06 11:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-06 11:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-06 11:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-06 11:50 - 2015-02-06 11:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anja\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-06 08:25 - 2015-02-07 00:25 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-06 08:25 - 2015-02-06 08:25 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-06 08:24 - 2015-02-06 08:25 - 00000000 ____D () C:\Users\Anja\AppData\Local\Adobe 2015-02-06 07:50 - 2015-02-06 07:50 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-02-06 07:50 - 2015-02-06 07:50 - 00000838 _____ () C:\Users\Anja\Desktop\CCleaner.lnk 2015-02-06 07:50 - 2015-02-06 07:50 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-06 07:50 - 2015-02-06 07:50 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-06 07:48 - 2015-02-06 07:48 - 04196968 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup502_slim (1).exe 2015-02-06 07:47 - 2015-02-06 07:47 - 04196968 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup502_slim.exe 2015-02-05 23:26 - 2015-02-06 12:53 - 00000000 ____D () C:\Users\Anja\Desktop\Trojaner-Board 2015-02-05 23:13 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-02-05 23:13 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-02-05 23:13 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-02-05 23:13 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-02-05 23:13 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-02-05 23:13 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-02-05 23:13 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-02-05 23:12 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-02-05 23:12 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-02-05 23:06 - 2015-02-07 00:55 - 00000000 ____D () C:\FRST 2015-02-04 21:45 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-02-04 21:45 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-02-04 21:45 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-02-04 21:45 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-02-04 21:38 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-02-04 21:38 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieUserList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieSiteList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieBrowserModeList 2015-02-03 07:34 - 2015-02-03 07:34 - 00000020 ___SH () C:\Users\Anja\ntuser.ini 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-02-03 00:47 - 2015-02-03 00:47 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-02-03 00:27 - 2015-02-03 00:27 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-02-03 00:21 - 2015-02-03 00:21 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-02-03 00:19 - 2015-02-03 07:34 - 00000000 ____D () C:\Users\Anja 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagwrn.xml 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagerr.xml 2015-02-03 00:19 - 2015-02-03 00:20 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Vorlagen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Startmenü 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Netzwerkumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Lokale Einstellungen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Eigene Dateien 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Druckumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Musik 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Bilder 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Verlauf 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Anwendungsdaten 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Anwendungsdaten 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-02-03 00:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\Program Files\Realtek 2015-02-03 00:11 - 2015-02-03 00:22 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-02-03 00:11 - 2015-02-03 00:11 - 00000000 ____D () C:\Program Files\Elantech 2015-02-03 00:08 - 2015-02-06 07:59 - 00000000 ___DC () C:\WINDOWS\Panther 2015-02-03 00:08 - 2015-02-03 00:08 - 00000000 __SHD () C:\Recovery 2015-02-03 00:07 - 2015-02-03 00:07 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-02-03 00:04 - 2015-02-03 00:04 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\MSBuild 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-03 00:02 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-02-02 22:27 - 2015-02-02 22:27 - 00002259 _____ () C:\WINDOWS\epplauncher.mif 2015-02-02 22:22 - 2015-02-02 22:24 - 00000000 ____D () C:\Users\Anja\Downloads\smsniff-2.16_x64 2015-02-02 22:22 - 2015-02-02 22:22 - 00127443 _____ () C:\Users\Anja\Downloads\smsniff-2.16_x64.zip 2015-02-02 21:55 - 2015-02-02 22:15 - 00000000 ____D () C:\Users\Anja\Documents\smsniff-2.16_x64 2015-02-02 14:41 - 2015-02-02 14:41 - 00000000 ____D () C:\Program Files (x86)\AVM_update 2015-02-02 14:39 - 2015-02-02 14:39 - 00000000 ____D () C:\Users\Anja\AVM_Driver ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-06 21:40 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-06 21:39 - 2013-01-13 22:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2513446037-876431734-2113241799-1001 2015-02-06 21:32 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-06 21:32 - 2014-11-21 03:45 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-06 21:32 - 2014-11-21 03:45 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-06 21:31 - 2014-11-06 21:40 - 00007597 _____ () C:\Users\Anja\AppData\Local\Resmon.ResmonCfg 2015-02-06 21:27 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-06 21:26 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-06 21:17 - 2012-09-01 19:13 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-02-06 21:16 - 2013-03-02 17:14 - 00000000 ____D () C:\Users\Anja\AppData\Local\Cyberlink 2015-02-06 21:16 - 2013-01-15 19:17 - 00000000 ____D () C:\Users\Anja\AppData\Local\clear.fi 2015-02-06 21:16 - 2012-10-22 23:51 - 00000000 ____D () C:\ProgramData\CyberLink 2015-02-06 21:16 - 2012-09-01 19:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-06 21:14 - 2012-09-01 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-02-06 18:36 - 2013-01-13 17:41 - 00000000 ____D () C:\Users\Anja\AppData\Local\CrashDumps 2015-02-06 18:33 - 2012-10-22 23:43 - 00000000 ____D () C:\ProgramData\OEM 2015-02-06 18:33 - 2012-09-01 19:41 - 00000000 ___HD () C:\OEM 2015-02-06 18:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-06 18:21 - 2013-01-13 21:54 - 00000000 ____D () C:\Users\Anja\AppData\Local\Packages 2015-02-06 08:36 - 2013-11-12 10:28 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-02-05 23:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-02-04 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-03 20:31 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 16:30 - 2014-12-05 22:59 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-02-03 07:36 - 2013-01-13 21:55 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-02-03 00:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-03 00:49 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-02-03 00:48 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-02-03 00:32 - 2013-08-22 15:44 - 00362824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-03 00:30 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-02-03 00:29 - 2013-11-12 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron 2015-02-03 00:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-02-03 00:29 - 2013-01-20 18:13 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 2015-02-03 00:29 - 2012-10-22 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9 2015-02-03 00:29 - 2012-10-22 23:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-02-03 00:29 - 2012-09-01 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.5 2015-02-03 00:29 - 2012-09-01 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2015-02-03 00:29 - 2012-09-01 19:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-03 00:27 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-02-03 00:26 - 2014-11-21 11:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-02-03 00:26 - 2014-09-23 17:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\mflpro 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-02-03 00:25 - 2015-01-06 08:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-03 00:25 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-02-03 00:23 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-02-03 00:23 - 2013-03-02 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual 2015-02-03 00:23 - 2012-09-01 18:58 - 00000000 ____D () C:\ProgramData\PRICache 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-03 00:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-02-03 00:07 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-02-03 00:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-02-03 00:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-02-02 23:19 - 2014-09-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Brother 2015-02-02 14:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-02-02 14:49 - 2013-10-14 20:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-02 14:47 - 2013-10-14 20:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-11-06 21:40 - 2015-02-06 21:31 - 0007597 _____ () C:\Users\Anja\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Anja\AppData\Local\Temp\AcerDocsSetup.exe C:\Users\Anja\AppData\Local\Temp\AcerPortalSetup.exe C:\Users\Anja\AppData\Local\Temp\Quarantine.exe C:\Users\Anja\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 00:10 ==================== End Of Log ============================ --- --- --- Ja, die Probleme sind noch da, leider. Aber zumindest scheint das System sauber zu sein und ich kann mir die Sorgen schon mal beiseite stellen. Vermute das irgendwelche Treiberleichen eventuell das Problem sein könnten, oder die Adapter sich in irgendeiner Form beißen. Werde jetzt mal bei dem Drucker weitermachen, weil ich den damals falsch im Netz freigegeben hatte. Vielleicht wollen alle Rechner im Netz ja immer noch über meinen an den ran ... ich weiß ansonsten auch nicht mehr weiter. Vielen Dank Schrauber, wie immer Kompetent und zuverlässig !! 1A Geändert von Houseman (07.02.2015 um 01:05 Uhr) |
07.02.2015, 12:50 | #8 |
/// the machine /// TB-Ausbilder | Windows 8 W-LAN Laptop legt LAN Rechner lahm Der DNS ist immer noch da.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.02.2015, 19:44 | #9 |
| Windows Repair Version leicht abweichend Hallo Schrauber. Das Tweaking Tool Windows Repair ist bei Version 2.10.4 und weicht leicht von Deiner bebilderten Darstellung ab. Ich habe es dennoch nach Deinen Vorgaben durchgeführt und es läuft grade der Schritt 5. Eine Integritätsverletzung nach Schritt 2 wurde nicht festgestellt und es wird auch nicht auf ein Backup hingewiesen, oder durchgeführt. Da das Laptop keine wichtigen Daten beinhaltet, habe ich auf eigene Verantwortung, ohne Backup, weiter gemacht. <-- Schrauber ... Houseman Weiß ich ... Hab aber echt die Nase voll von diesem Acer Brauchst Du danach wieder ein frisches FRST ? LG Houseman So hier ein frisches FRST Log. Problem ist immer noch da FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015 Ran by Anja (administrator) on JESSICANB on 07-02-2015 19:33:17 Running from C:\Users\Anja\Desktop Loaded Profiles: Anja (Available profiles: Anja) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> services.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe Failed to access process -> MsMpEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [LManager] => [X] Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\MountPoints2: {eafd6177-aadd-11e4-bf5f-b888e3d1ce52} - "E:\pushinst.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2513446037-876431734-2113241799-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2513446037-876431734-2113241799-1001 -> {312C44B3-E40B-4721-A1BB-43DC49C7DBAA} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) S4 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) S4 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-22] (Dritek System INC.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-22] (Dritek System Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 19:33 - 2015-02-07 19:33 - 00008766 _____ () C:\Users\Anja\Desktop\FRST.txt 2015-02-07 19:33 - 2015-02-07 19:33 - 00000000 ____D () C:\Users\Anja\Desktop\FRST-OlderVersion 2015-02-07 17:49 - 2015-02-07 17:49 - 00000354 _____ () C:\WINDOWS\PFRO.log 2015-02-07 15:39 - 2015-02-07 15:39 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-JESSICANB-Windows-8.1-(64-bit).dat 2015-02-07 15:39 - 2015-02-07 15:39 - 00000000 ____D () C:\RegBackup 2015-02-07 14:56 - 2015-02-07 14:56 - 00002179 _____ () C:\Users\Anja\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2015-02-07 14:55 - 2015-02-07 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-02-07 14:55 - 2015-02-07 14:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2015-02-07 14:54 - 2015-02-07 19:22 - 00496251 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-07 14:54 - 2015-02-07 19:22 - 00016260 _____ () C:\WINDOWS\avmfwlanci.log 2015-02-07 14:54 - 2015-02-07 14:54 - 10318832 _____ () C:\Users\Anja\Downloads\tweaking.com_windows_repair_aio_setup.exe 2015-02-07 14:53 - 2015-02-07 17:50 - 00000308 _____ () C:\WINDOWS\setupact.log 2015-02-07 14:53 - 2015-02-07 14:53 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-02-07 00:56 - 2015-02-07 00:57 - 00029204 _____ () C:\Users\Anja\Desktop\Addition.txt 2015-02-07 00:49 - 2015-02-07 00:49 - 00852573 _____ () C:\Users\Anja\Desktop\SecurityCheck.exe 2015-02-06 23:23 - 2015-02-06 23:23 - 02347384 _____ (ESET) C:\Users\Anja\Downloads\esetsmartinstaller_deu.exe 2015-02-06 19:17 - 2015-02-06 19:17 - 00000000 ____D () C:\Users\Anja\AppData\Local\iGware 2015-02-06 18:32 - 2015-02-06 18:32 - 00000000 ____D () C:\Users\Anja\AppData\Local\AcerCloud 2015-02-06 18:31 - 2015-02-06 18:31 - 00000000 ____D () C:\Users\Anja\AppData\Local\Doc 2015-02-06 18:29 - 2015-02-06 21:23 - 00000000 ____D () C:\Users\Anja\AppData\Local\ClearfiMedia 2015-02-06 18:28 - 2015-02-06 18:30 - 00000000 ____D () C:\Users\Anja\AppData\Local\Acer 2015-02-06 18:28 - 2015-02-06 18:28 - 00000000 ____D () C:\Users\Anja\AppData\Local\AOP SDK 2015-02-06 18:25 - 2015-02-06 18:27 - 00000000 ____D () C:\Users\Anja\AppData\Local\ClearfiPhoto 2015-02-06 15:35 - 2015-02-06 15:39 - 00000000 ____D () C:\AdwCleaner 2015-02-06 15:35 - 2015-02-06 15:35 - 02112512 _____ () C:\Users\Anja\Downloads\adwcleaner_4.110.exe 2015-02-06 14:10 - 2010-10-22 02:00 - 00480632 ____N (AVM Berlin) C:\WINDOWS\instwcli.dex 2015-02-06 12:53 - 2015-02-07 19:33 - 02132992 _____ (Farbar) C:\Users\Anja\Desktop\FRST64.exe 2015-02-06 12:46 - 2015-02-06 12:47 - 01388274 _____ (Thisisu) C:\Users\Anja\Downloads\JRT.exe 2015-02-06 12:42 - 2015-02-06 12:42 - 02112512 _____ () C:\Users\Anja\Downloads\AdwCleaner_4.110 (1).exe 2015-02-06 11:53 - 2015-02-06 11:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-06 11:52 - 2015-02-06 11:52 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-06 11:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-06 11:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-06 11:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-06 11:50 - 2015-02-06 11:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anja\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-06 08:25 - 2015-02-07 19:25 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-06 08:25 - 2015-02-06 08:25 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-06 08:24 - 2015-02-06 08:25 - 00000000 ____D () C:\Users\Anja\AppData\Local\Adobe 2015-02-06 07:50 - 2015-02-06 07:50 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-02-06 07:50 - 2015-02-06 07:50 - 00000838 _____ () C:\Users\Anja\Desktop\CCleaner.lnk 2015-02-06 07:50 - 2015-02-06 07:50 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-06 07:50 - 2015-02-06 07:50 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-06 07:48 - 2015-02-06 07:48 - 04196968 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup502_slim (1).exe 2015-02-06 07:47 - 2015-02-06 07:47 - 04196968 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup502_slim.exe 2015-02-05 23:26 - 2015-02-06 12:53 - 00000000 ____D () C:\Users\Anja\Desktop\Trojaner-Board 2015-02-05 23:13 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-02-05 23:13 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-02-05 23:13 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-02-05 23:13 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-02-05 23:13 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-02-05 23:13 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-02-05 23:13 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-02-05 23:12 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-02-05 23:12 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-02-05 23:06 - 2015-02-07 19:33 - 00000000 ____D () C:\FRST 2015-02-04 21:45 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-02-04 21:45 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-02-04 21:45 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-02-04 21:45 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-02-04 21:38 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-02-04 21:38 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieUserList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieSiteList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieBrowserModeList 2015-02-03 07:34 - 2015-02-03 07:34 - 00000020 ___SH () C:\Users\Anja\ntuser.ini 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-02-03 00:47 - 2015-02-03 00:47 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-02-03 00:27 - 2015-02-03 00:27 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-02-03 00:21 - 2015-02-03 00:21 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-02-03 00:19 - 2015-02-03 07:34 - 00000000 ____D () C:\Users\Anja 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagwrn.xml 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagerr.xml 2015-02-03 00:19 - 2015-02-03 00:20 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Vorlagen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Startmenü 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Netzwerkumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Lokale Einstellungen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Eigene Dateien 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Druckumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Musik 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Bilder 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Verlauf 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Anwendungsdaten 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Anwendungsdaten 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-02-03 00:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\Program Files\Realtek 2015-02-03 00:11 - 2015-02-03 00:22 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-02-03 00:11 - 2015-02-03 00:11 - 00000000 ____D () C:\Program Files\Elantech 2015-02-03 00:08 - 2015-02-06 07:59 - 00000000 ___DC () C:\WINDOWS\Panther 2015-02-03 00:08 - 2015-02-03 00:08 - 00000000 __SHD () C:\Recovery 2015-02-03 00:07 - 2015-02-03 00:07 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-02-03 00:04 - 2015-02-03 00:04 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\MSBuild 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-03 00:02 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-02-02 22:27 - 2015-02-02 22:27 - 00002259 _____ () C:\WINDOWS\epplauncher.mif 2015-02-02 22:22 - 2015-02-02 22:24 - 00000000 ____D () C:\Users\Anja\Downloads\smsniff-2.16_x64 2015-02-02 22:22 - 2015-02-02 22:22 - 00127443 _____ () C:\Users\Anja\Downloads\smsniff-2.16_x64.zip 2015-02-02 21:55 - 2015-02-02 22:15 - 00000000 ____D () C:\Users\Anja\Documents\smsniff-2.16_x64 2015-02-02 14:41 - 2015-02-02 14:41 - 00000000 ____D () C:\Program Files (x86)\AVM_update 2015-02-02 14:39 - 2015-02-02 14:39 - 00000000 ____D () C:\Users\Anja\AVM_Driver ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-07 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-07 17:54 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-07 17:54 - 2014-11-21 03:45 - 00751874 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-07 17:54 - 2014-11-21 03:45 - 00155350 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-07 17:50 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-07 17:50 - 2013-08-22 15:44 - 00362824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-07 17:49 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-07 17:29 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-07 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-07 15:52 - 2012-07-26 06:26 - 00000160 _____ () C:\WINDOWS\win.ini 2015-02-07 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-07 15:27 - 2013-01-13 22:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2513446037-876431734-2113241799-1001 2015-02-06 21:31 - 2014-11-06 21:40 - 00007597 _____ () C:\Users\Anja\AppData\Local\Resmon.ResmonCfg 2015-02-06 21:17 - 2012-09-01 19:13 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-02-06 21:16 - 2013-03-02 17:14 - 00000000 ____D () C:\Users\Anja\AppData\Local\Cyberlink 2015-02-06 21:16 - 2013-01-15 19:17 - 00000000 ____D () C:\Users\Anja\AppData\Local\clear.fi 2015-02-06 21:16 - 2012-10-22 23:51 - 00000000 ____D () C:\ProgramData\CyberLink 2015-02-06 21:16 - 2012-09-01 19:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-06 21:14 - 2012-09-01 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-02-06 18:36 - 2013-01-13 17:41 - 00000000 ____D () C:\Users\Anja\AppData\Local\CrashDumps 2015-02-06 18:33 - 2012-10-22 23:43 - 00000000 ____D () C:\ProgramData\OEM 2015-02-06 18:33 - 2012-09-01 19:41 - 00000000 ___HD () C:\OEM 2015-02-06 18:21 - 2013-01-13 21:54 - 00000000 ____D () C:\Users\Anja\AppData\Local\Packages 2015-02-06 08:36 - 2013-11-12 10:28 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-02-05 23:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-02-04 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-03 20:31 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 16:30 - 2014-12-05 22:59 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-02-03 07:36 - 2013-01-13 21:55 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-02-03 00:49 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-02-03 00:48 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-02-03 00:30 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-02-03 00:29 - 2013-11-12 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron 2015-02-03 00:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-02-03 00:29 - 2013-01-20 18:13 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 2015-02-03 00:29 - 2012-10-22 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9 2015-02-03 00:29 - 2012-10-22 23:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-02-03 00:29 - 2012-09-01 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.5 2015-02-03 00:29 - 2012-09-01 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2015-02-03 00:29 - 2012-09-01 19:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-03 00:27 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-02-03 00:26 - 2014-11-21 11:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-02-03 00:26 - 2014-09-23 17:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\mflpro 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-02-03 00:25 - 2015-01-06 08:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-03 00:25 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-02-03 00:23 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-02-03 00:23 - 2013-03-02 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual 2015-02-03 00:23 - 2012-09-01 18:58 - 00000000 ____D () C:\ProgramData\PRICache 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-03 00:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-02-03 00:07 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-02-03 00:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-02-03 00:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-02-02 23:19 - 2014-09-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Brother 2015-02-02 14:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-02-02 14:49 - 2013-10-14 20:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-02 14:47 - 2013-10-14 20:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-11-06 21:40 - 2015-02-06 21:31 - 0007597 _____ () C:\Users\Anja\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Anja\AppData\Local\Temp\AcerDocsSetup.exe C:\Users\Anja\AppData\Local\Temp\AcerPortalSetup.exe C:\Users\Anja\AppData\Local\Temp\Quarantine.exe C:\Users\Anja\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 00:10 ==================== End Of Log ============================ --- --- --- --- --- --- Ich lasse grade das Repair Tool auf meinem Rechner scannen. Vielleicht ist der ja das Problem ... Nachtrag: Alles ok. Auch das System ist heile. Problem besteht weiterhin. Gruß Houseman Geändert von Houseman (07.02.2015 um 19:59 Uhr) |
08.02.2015, 11:29 | #10 | |
/// the machine /// TB-Ausbilder | Windows 8 W-LAN Laptop legt LAN Rechner lahmZitat:
Setz bitte mal den Router auf Werkseinstellungen zurück. Dann: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: ipconfig /flushdns Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Dann bitte nochmal ein frisches FRST log. Was besteht jetzt im Einzelnen noch an Problemen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.02.2015, 12:48 | #11 |
| Windows 8 W-LAN Laptop legt LAN Rechner lahmCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-02-2015 Ran by Anja at 2015-02-08 12:00:35 Run:2 Running from C:\Users\Anja\Desktop Loaded Profiles: Anja (Available profiles: Anja) Boot Mode: Normal ============================================== Content of fixlist: ***************** cmd: ipconfig /flushdns ***************** ========= ipconfig /flushdns ========= Windows-IP-Konfiguration Der DNS-Aufl�sungscache wurde geleert. ========= End of CMD: ========= ==== End of Fixlog 12:00:35 ==== FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015 Ran by Anja (administrator) on JESSICANB on 08-02-2015 12:02:06 Running from C:\Users\Anja\Desktop Loaded Profiles: Anja (Available profiles: Anja) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> services.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe Failed to access process -> MsMpEng.exe Failed to access process -> NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe Failed to access process -> csrss.exe (Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe Failed to access process -> svchost.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM-x32\...\Run: [LManager] => [X] Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications)) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-2513446037-876431734-2113241799-1001\...\MountPoints2: {eafd6177-aadd-11e4-bf5f-b888e3d1ce52} - "E:\pushinst.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2513446037-876431734-2113241799-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2513446037-876431734-2113241799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2513446037-876431734-2113241799-1001 -> {312C44B3-E40B-4721-A1BB-43DC49C7DBAA} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) S4 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation) S4 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-22] (Dritek System INC.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 FWLANUSB; C:\Windows\system32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) U5 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2014-11-21] (Microsoft Corporation) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-22] (Dritek System Inc.) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 11:59 - 2015-02-08 11:59 - 00000023 _____ () C:\Users\Anja\Documents\fixlist.txt 2015-02-07 19:33 - 2015-02-08 12:02 - 00009064 _____ () C:\Users\Anja\Desktop\FRST.txt 2015-02-07 19:33 - 2015-02-07 19:33 - 00000000 ____D () C:\Users\Anja\Desktop\FRST-OlderVersion 2015-02-07 17:49 - 2015-02-07 17:49 - 00000354 _____ () C:\WINDOWS\PFRO.log 2015-02-07 15:39 - 2015-02-07 15:39 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-JESSICANB-Windows-8.1-(64-bit).dat 2015-02-07 15:39 - 2015-02-07 15:39 - 00000000 ____D () C:\RegBackup 2015-02-07 14:56 - 2015-02-07 14:56 - 00002179 _____ () C:\Users\Anja\Desktop\Tweaking.com - Windows Repair (All in One).lnk 2015-02-07 14:55 - 2015-02-07 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2015-02-07 14:55 - 2015-02-07 14:55 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com 2015-02-07 14:54 - 2015-02-08 11:56 - 00018962 _____ () C:\WINDOWS\avmfwlanci.log 2015-02-07 14:54 - 2015-02-07 19:33 - 00524065 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-07 14:54 - 2015-02-07 14:54 - 10318832 _____ () C:\Users\Anja\Downloads\tweaking.com_windows_repair_aio_setup.exe 2015-02-07 14:53 - 2015-02-07 20:11 - 00000385 _____ () C:\WINDOWS\setupact.log 2015-02-07 14:53 - 2015-02-07 14:53 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-02-07 00:56 - 2015-02-07 00:57 - 00029204 _____ () C:\Users\Anja\Desktop\Addition.txt 2015-02-07 00:49 - 2015-02-07 00:49 - 00852573 _____ () C:\Users\Anja\Desktop\SecurityCheck.exe 2015-02-06 23:23 - 2015-02-06 23:23 - 02347384 _____ (ESET) C:\Users\Anja\Downloads\esetsmartinstaller_deu.exe 2015-02-06 19:17 - 2015-02-06 19:17 - 00000000 ____D () C:\Users\Anja\AppData\Local\iGware 2015-02-06 18:32 - 2015-02-06 18:32 - 00000000 ____D () C:\Users\Anja\AppData\Local\AcerCloud 2015-02-06 18:31 - 2015-02-06 18:31 - 00000000 ____D () C:\Users\Anja\AppData\Local\Doc 2015-02-06 18:29 - 2015-02-06 21:23 - 00000000 ____D () C:\Users\Anja\AppData\Local\ClearfiMedia 2015-02-06 18:28 - 2015-02-06 18:30 - 00000000 ____D () C:\Users\Anja\AppData\Local\Acer 2015-02-06 18:28 - 2015-02-06 18:28 - 00000000 ____D () C:\Users\Anja\AppData\Local\AOP SDK 2015-02-06 18:25 - 2015-02-06 18:27 - 00000000 ____D () C:\Users\Anja\AppData\Local\ClearfiPhoto 2015-02-06 15:35 - 2015-02-06 15:39 - 00000000 ____D () C:\AdwCleaner 2015-02-06 15:35 - 2015-02-06 15:35 - 02112512 _____ () C:\Users\Anja\Downloads\adwcleaner_4.110.exe 2015-02-06 14:10 - 2010-10-22 02:00 - 00480632 ____N (AVM Berlin) C:\WINDOWS\instwcli.dex 2015-02-06 12:53 - 2015-02-07 19:33 - 02132992 _____ (Farbar) C:\Users\Anja\Desktop\FRST64.exe 2015-02-06 12:46 - 2015-02-06 12:47 - 01388274 _____ (Thisisu) C:\Users\Anja\Downloads\JRT.exe 2015-02-06 12:42 - 2015-02-06 12:42 - 02112512 _____ () C:\Users\Anja\Downloads\AdwCleaner_4.110 (1).exe 2015-02-06 11:53 - 2015-02-06 11:53 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-06 11:52 - 2015-02-06 11:52 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-06 11:52 - 2015-02-06 11:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-06 11:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-06 11:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-06 11:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-06 11:50 - 2015-02-06 11:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anja\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-06 08:25 - 2015-02-07 19:25 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-06 08:25 - 2015-02-06 08:25 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-02-06 08:24 - 2015-02-06 08:25 - 00000000 ____D () C:\Users\Anja\AppData\Local\Adobe 2015-02-06 07:50 - 2015-02-06 07:50 - 00002770 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-02-06 07:50 - 2015-02-06 07:50 - 00000838 _____ () C:\Users\Anja\Desktop\CCleaner.lnk 2015-02-06 07:50 - 2015-02-06 07:50 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-06 07:50 - 2015-02-06 07:50 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-06 07:48 - 2015-02-06 07:48 - 04196968 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup502_slim (1).exe 2015-02-06 07:47 - 2015-02-06 07:47 - 04196968 _____ (Piriform Ltd) C:\Users\Anja\Downloads\ccsetup502_slim.exe 2015-02-05 23:26 - 2015-02-06 12:53 - 00000000 ____D () C:\Users\Anja\Desktop\Trojaner-Board 2015-02-05 23:13 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-02-05 23:13 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-02-05 23:13 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-02-05 23:13 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-02-05 23:13 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-02-05 23:13 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-02-05 23:13 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-02-05 23:12 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-02-05 23:12 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-02-05 23:06 - 2015-02-08 12:02 - 00000000 ____D () C:\FRST 2015-02-04 21:45 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-02-04 21:45 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-02-04 21:45 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-02-04 21:45 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-02-04 21:38 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-02-04 21:38 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieUserList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieSiteList 2015-02-03 12:24 - 2015-02-03 12:24 - 00000000 __SHD () C:\Users\Anja\AppData\Local\EmieBrowserModeList 2015-02-03 07:34 - 2015-02-03 07:34 - 00000020 ___SH () C:\Users\Anja\ntuser.ini 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-02-03 00:48 - 2015-02-03 00:48 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-02-03 00:47 - 2015-02-03 00:47 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-02-03 00:27 - 2015-02-03 00:27 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-02-03 00:21 - 2015-02-03 00:21 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-02-03 00:19 - 2015-02-03 07:34 - 00000000 ____D () C:\Users\Anja 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagwrn.xml 2015-02-03 00:19 - 2015-02-03 00:48 - 00020958 _____ () C:\WINDOWS\diagerr.xml 2015-02-03 00:19 - 2015-02-03 00:20 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Vorlagen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Startmenü 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Netzwerkumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Lokale Einstellungen 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Eigene Dateien 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Druckumgebung 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Musik 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Documents\Eigene Bilder 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Verlauf 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\AppData\Local\Anwendungsdaten 2015-02-03 00:19 - 2015-02-03 00:19 - 00000000 _SHDL () C:\Users\Anja\Anwendungsdaten 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-02-03 00:19 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-02-03 00:19 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-02-03 00:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-02-03 00:12 - 2015-02-03 00:12 - 00000000 ____D () C:\Program Files\Realtek 2015-02-03 00:11 - 2015-02-03 00:22 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-02-03 00:11 - 2015-02-03 00:11 - 00000000 ____D () C:\Program Files\Elantech 2015-02-03 00:08 - 2015-02-06 07:59 - 00000000 ___DC () C:\WINDOWS\Panther 2015-02-03 00:08 - 2015-02-03 00:08 - 00000000 __SHD () C:\Recovery 2015-02-03 00:07 - 2015-02-03 00:07 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-02-03 00:07 - 2015-02-03 00:07 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-02-03 00:07 - 2015-02-03 00:07 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-02-03 00:07 - 2015-02-03 00:07 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-02-03 00:07 - 2015-02-03 00:07 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-02-03 00:05 - 2015-02-03 00:05 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-02-03 00:05 - 2015-02-03 00:05 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-02-03 00:05 - 2015-02-03 00:05 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-02-03 00:04 - 2015-02-03 00:04 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files\MSBuild 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-02-03 00:02 - 2015-02-03 00:02 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-02-03 00:02 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-02-03 00:02 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-02-02 22:27 - 2015-02-02 22:27 - 00002259 _____ () C:\WINDOWS\epplauncher.mif 2015-02-02 22:22 - 2015-02-02 22:24 - 00000000 ____D () C:\Users\Anja\Downloads\smsniff-2.16_x64 2015-02-02 22:22 - 2015-02-02 22:22 - 00127443 _____ () C:\Users\Anja\Downloads\smsniff-2.16_x64.zip 2015-02-02 21:55 - 2015-02-02 22:15 - 00000000 ____D () C:\Users\Anja\Documents\smsniff-2.16_x64 2015-02-02 14:41 - 2015-02-02 14:41 - 00000000 ____D () C:\Program Files (x86)\AVM_update 2015-02-02 14:39 - 2015-02-02 14:39 - 00000000 ____D () C:\Users\Anja\AVM_Driver ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-07 20:15 - 2014-11-21 04:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-07 20:15 - 2014-11-21 03:45 - 00751874 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-07 20:15 - 2014-11-21 03:45 - 00155350 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-07 20:11 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-07 20:06 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-07 17:50 - 2013-08-22 15:44 - 00362824 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-07 17:49 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-07 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-07 15:52 - 2012-07-26 06:26 - 00000160 _____ () C:\WINDOWS\win.ini 2015-02-07 15:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-02-07 15:27 - 2013-01-13 22:01 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2513446037-876431734-2113241799-1001 2015-02-06 21:31 - 2014-11-06 21:40 - 00007597 _____ () C:\Users\Anja\AppData\Local\Resmon.ResmonCfg 2015-02-06 21:17 - 2012-09-01 19:13 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-02-06 21:16 - 2013-03-02 17:14 - 00000000 ____D () C:\Users\Anja\AppData\Local\Cyberlink 2015-02-06 21:16 - 2013-01-15 19:17 - 00000000 ____D () C:\Users\Anja\AppData\Local\clear.fi 2015-02-06 21:16 - 2012-10-22 23:51 - 00000000 ____D () C:\ProgramData\CyberLink 2015-02-06 21:16 - 2012-09-01 19:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-06 21:14 - 2012-09-01 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-02-06 18:36 - 2013-01-13 17:41 - 00000000 ____D () C:\Users\Anja\AppData\Local\CrashDumps 2015-02-06 18:33 - 2012-10-22 23:43 - 00000000 ____D () C:\ProgramData\OEM 2015-02-06 18:33 - 2012-09-01 19:41 - 00000000 ___HD () C:\OEM 2015-02-06 18:21 - 2013-01-13 21:54 - 00000000 ____D () C:\Users\Anja\AppData\Local\Packages 2015-02-06 08:36 - 2013-11-12 10:28 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-02-05 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-02-05 23:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-02-04 21:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-02-03 20:31 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-03 16:30 - 2014-12-05 22:59 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-02-03 07:36 - 2013-01-13 21:55 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD 2015-02-03 00:49 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-02-03 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-02-03 00:48 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-02-03 00:43 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-02-03 00:30 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-02-03 00:29 - 2013-11-12 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron 2015-02-03 00:29 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-02-03 00:29 - 2013-01-20 18:13 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 2015-02-03 00:29 - 2012-10-22 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9 2015-02-03 00:29 - 2012-10-22 23:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-02-03 00:29 - 2012-09-01 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink MediaEspresso 6.5 2015-02-03 00:29 - 2012-09-01 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec 2015-02-03 00:29 - 2012-09-01 19:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-02-03 00:27 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-02-03 00:26 - 2014-11-21 11:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-02-03 00:26 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-02-03 00:26 - 2014-09-23 17:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\mflpro 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-02-03 00:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-02-03 00:26 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-02-03 00:25 - 2015-01-06 08:45 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-02-03 00:25 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-02-03 00:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-02-03 00:23 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-02-03 00:23 - 2013-03-02 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InterActual 2015-02-03 00:23 - 2012-09-01 18:58 - 00000000 ____D () C:\ProgramData\PRICache 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-02-03 00:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-02-03 00:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-02-03 00:07 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-02-03 00:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-02-03 00:05 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-02-03 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-02-02 23:19 - 2014-09-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Brother 2015-02-02 14:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-02-02 14:49 - 2013-10-14 20:09 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-02 14:47 - 2013-10-14 20:09 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-11-06 21:40 - 2015-02-06 21:31 - 0007597 _____ () C:\Users\Anja\AppData\Local\Resmon.ResmonCfg Some content of TEMP: ==================== C:\Users\Anja\AppData\Local\Temp\AcerDocsSetup.exe C:\Users\Anja\AppData\Local\Temp\AcerPortalSetup.exe C:\Users\Anja\AppData\Local\Temp\Quarantine.exe C:\Users\Anja\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 00:10 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- Das Problem werde ich nach dem Mittagessen noch einmal testen. Das Laptop legt meinem Hauptrechner, welcher über Kabel am Router hängt, lahm, sobald der im Netz z.B. downloads tätigt. Das macht sich bemerkbar das ich z.B. die Maus nicht mehr bedienen kann, sich das System verhält als wenn es auf 120% Volllast läuft. Der Router ist erst ein paar Tage alt, und das Problem bestand schon seit Monaten mit dem alten Router, trotz Werkseinstellungen etc. Ich sag ja. Ich werde hier verrückt mit dem W-LAN Lappy Test durchgeführt. Ich habe auf dem Hauptrechner auch mal den dns-Speicher geleert. Kein Erfolg. Starte ich auf dem Laptop z.B den speedtest, verwandelt sich der i5 in ein nicht zu nutzendes Gerät. Andersherum funktioniert alles Tadelos. Die Aussage <--- Schrauber -----> Houseman bezog sich auf die Smileys und das nicht gemachte Backup ^^ Was ich einfach nicht verstehe ist, warum mein Rechner in die Knie geht, wenn das W-Lan Gerät nur ins Netz geht. Ich bemerk ja schon den Leistungsverlust wenn nur eine Webseite aufgemacht wird, welche Daten wie Bilder aktualisiert. Also im Grunde mini Downloads macht. Wieso also blockiert der Rechner meinen, wenn er nicht einmal Berechtigungen im Netz hat auf ihn zuzugreifen. Unter SmartSniff sieht man auch, das das Lappy regelrecht nach meinem sucht, auch wenn der nicht an ist !? Ich wünsche Dir erst einmal einen schönen Sonntag, geniesse das Wetter. Frische Luft und die Familie sind wichtig ! Geändert von Houseman (08.02.2015 um 13:08 Uhr) |
08.02.2015, 18:06 | #12 |
/// the machine /// TB-Ausbilder | Windows 8 W-LAN Laptop legt LAN Rechner lahm Merkwürdig. Treiber hast DU mal erneuert?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.02.2015, 19:14 | #13 |
| Windows 8 W-LAN Laptop legt LAN Rechner lahm Sind alle auf dem neuesten Stand. Vielleicht ist es ja mein Rechner. Vista 64 bit drauf. Du hattest diesen Rechner hier mal im Oktober 2013 überprüft, weil ich genau die selben Probleme hatte. Ca. 4 Wochen davor hat meine Frau ihr Laptop bekommen ... Ich warte eigentlich nur noch auf Windows 10 um mich hier von Vista zu verabschieden. Schade eigentlich, war ein treues System, wird aber leider nicht mehr vernünftig Supported. AMD hat schon Dezember 2013 den Support für meine 5870 eingestellt. Eigentlich auch ne Frechheit, wo das System von MS genauso wie Win7 bis 2017 im Support steht. Von Seiten AMDs kam ... "entweder neue Grafikkarte kaufen, oder auf Win7 umsteigen ..." Ich glaube ich werde mal eine externe LAN Karte für den Rechner besorgen und schauen ob nicht der Onboard-Chipsatz kaputt ist. Etwas anderes fällt mir nach Monaten der Suche echt nicht mehr ein Falls Dir noch etwas einfällt, oder Du noch etwas von dem Vistarechner gelogt haben möchtest, sag mir kurz Bescheid. Ich Danke Dir erstmal für Deine Mühe. Gruß Houseman |
09.02.2015, 06:38 | #14 |
/// the machine /// TB-Ausbilder | Windows 8 W-LAN Laptop legt LAN Rechner lahm Ein WLAN Stick sollte es zum Test auch tun.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.02.2015, 13:29 | #15 |
| Windows 8 W-LAN Laptop legt LAN Rechner lahm Damit teste ich aber nur das W-LAN. Mein Rechner darf aber nicht ins Funknetz Ich muss ja den LAN Adapter ausschließen können. Hab bestimmt noch irgendwo eine 100MBit im Keller liegen ^^ Halte Dich auf dem laufenden. |
Themen zu Windows 8 W-LAN Laptop legt LAN Rechner lahm |
adresse, anderen, arbeiten, benutzer, experten, firewall, gekauft, gen, internet, kabel, kennwort, kinder, lahm, laptop, netzwerk, nicht mehr, ram, rechner, regeln, router, sniff, super, verbindungen, virus, w-lan, windows, windows 7 |