| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: dhl link angeklickt angebliche bestellungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
16.03.2015, 14:10
| #1 |
| |  dhl link angeklickt angebliche bestellung ich bin mir ja nicht sicher, ob ich überhaupt einen Trojaner habe. habe FRST runtergeladen und den scan durchlaufen lassen hier die Resultate: FRST.txt: # FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Barbara (administrator) on BARBARASPC on 16-03-2015 14:03:03
Running from C:\Users\Barbara\Desktop
Loaded Profiles: Barbara (Available profiles: Barbara)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-09-24] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-10-17] (Realtek semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-28] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2612589001-371043359-174592487-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKU\S-1-5-21-2612589001-371043359-174592487-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-2612589001-371043359-174592487-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2612589001-371043359-174592487-1001 -> DefaultScope {9AFA79C2-261A-4D87-96DC-35F5D2C46920} URL =
SearchScopes: HKU\S-1-5-21-2612589001-371043359-174592487-1001 -> {9AFA79C2-261A-4D87-96DC-35F5D2C46920} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-09] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-09] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-18]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-09]
CHR Extension: (Google Drive) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-01]
CHR Extension: (YouTube) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-09]
CHR Extension: (Google Search) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-09]
CHR Extension: (Avast Online Security) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-01]
CHR Extension: (Google Wallet) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-09]
CHR Extension: (Gmail) - C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-09] (Avast Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-14] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [980184 2014-02-18] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-09-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-17] (Lenovo(beijing) Limited)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-06-03] (Lenovo)
S3 TESHelper; c:\Program Files\Common Files\Lenovo\Magic Transfer\x64\MagicTransferTESHelper.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-14] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7504560 2013-11-19] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-17] (Realtek Semiconductor Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-09] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 14:03 - 2015-03-16 14:03 - 00013166 _____ () C:\Users\Barbara\Desktop\FRST.txt
2015-03-16 14:02 - 2015-03-16 14:03 - 00000000 ____D () C:\FRST
2015-03-16 14:00 - 2015-03-16 14:00 - 02095616 _____ (Farbar) C:\Users\Barbara\Desktop\FRST64.exe
2015-03-16 13:59 - 2015-03-16 13:59 - 01135104 _____ (Farbar) C:\Users\Barbara\Desktop\FRST.exe
2015-03-16 11:28 - 2015-03-16 11:29 - 00023836 _____ () C:\Users\Barbara\Desktop\Australien.odt
2015-03-12 09:54 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-12 09:54 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-12 09:54 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-12 09:54 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-12 09:54 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-12 09:54 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-12 09:54 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-12 09:54 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-12 09:54 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-12 09:54 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-12 09:54 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-12 09:54 - 2014-10-29 02:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-12 09:53 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-11 19:37 - 2015-03-06 03:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 19:37 - 2015-03-06 03:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 19:37 - 2015-02-26 00:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 19:37 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 19:37 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 19:37 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 19:37 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 19:37 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 19:37 - 2015-01-28 16:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 19:37 - 2015-01-28 16:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 19:37 - 2015-01-28 16:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 19:37 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 19:37 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 19:37 - 2014-10-29 04:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-11 19:37 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-11 19:37 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-11 19:37 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-11 19:37 - 2014-10-29 03:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-11 19:37 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-11 19:37 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-11 19:37 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-03-11 19:36 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 19:36 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 19:36 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 19:36 - 2015-02-21 01:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 19:36 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 19:36 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 19:36 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 19:36 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 19:36 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 19:36 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 19:36 - 2015-02-20 03:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 19:36 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 19:36 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 19:36 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 19:36 - 2015-02-20 03:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 19:36 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 19:36 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 19:36 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 19:36 - 2015-02-20 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 19:36 - 2015-02-20 02:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 19:36 - 2015-02-20 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 19:36 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 19:36 - 2015-02-20 02:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 19:36 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 19:36 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 19:36 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 19:36 - 2015-02-20 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 19:36 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 19:36 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 19:36 - 2015-02-20 02:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 19:36 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 19:36 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 19:36 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 19:36 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 19:36 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 19:36 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 19:36 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 19:36 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 19:36 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 19:36 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 19:36 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 19:36 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 19:36 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 19:35 - 2015-01-21 06:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 19:35 - 2015-01-21 06:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-09 10:35 - 2015-03-09 11:37 - 00000000 ____D () C:\Users\Barbara\Desktop\CR
2015-03-04 21:30 - 2015-03-15 20:03 - 00020391 _____ () C:\Users\Barbara\Desktop\paper prinzenerziehung.odt
2015-03-01 16:27 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-01 16:27 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-01 16:27 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-01 16:27 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-01 16:27 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-03-01 16:27 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-03-01 16:27 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-03-01 16:27 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-03-01 16:27 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-03-01 16:26 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-01 16:26 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-01 16:26 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-01 16:26 - 2014-12-13 22:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-01 16:26 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-01 16:26 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-01 16:26 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-01 16:26 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-01 16:26 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-01 16:26 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-01 16:26 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-03-01 16:26 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-03-01 16:26 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-01 16:26 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-01 16:26 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-01 16:26 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-01 16:26 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-01 16:26 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-03-01 16:26 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-03-01 16:25 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-01 16:25 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-01 16:25 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-01 16:25 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-01 16:24 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-16 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-16 13:49 - 2014-12-09 20:34 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-16 13:45 - 2014-06-03 13:57 - 01554072 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-16 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-16 11:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-16 11:29 - 2014-10-28 19:04 - 00461824 ___SH () C:\Users\Barbara\Desktop\Thumbs.db
2015-03-16 11:01 - 2014-12-09 20:34 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-16 11:01 - 2014-10-18 22:49 - 00000000 ___DO () C:\Users\Barbara\OneDrive
2015-03-15 14:17 - 2014-10-18 22:52 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2612589001-371043359-174592487-1001
2015-03-15 14:08 - 2013-08-22 16:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-14 13:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-14 13:34 - 2014-10-18 23:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-14 13:32 - 2014-10-18 23:58 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-12 20:35 - 2014-06-03 14:48 - 00000000 ____D () C:\ProgramData\LU
2015-03-12 16:50 - 2014-12-09 20:34 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-12 09:54 - 2014-06-03 23:48 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-03-12 09:54 - 2014-06-03 23:48 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-03-12 09:54 - 2013-10-07 19:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-12 09:49 - 2013-08-22 15:46 - 00021599 _____ () C:\WINDOWS\setupact.log
2015-03-12 09:49 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-12 09:49 - 2013-08-22 15:44 - 00397984 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 22:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-11 22:22 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-04 22:24 - 2014-10-19 00:46 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 22:24 - 2014-10-19 00:46 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-06-03 14:24 - 2014-06-03 14:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Barbara\AppData\Local\Temp\COMAP.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-13 09:37
==================== End Of Log ============================
Addition.txt: #FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Barbara at 2015-03-16 14:03:46
Running from C:\Users\Barbara\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9350 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.1.0.59 - Lenovo)
Lenovo Updates (x32 Version: 1.1.0.59 - Lenovo) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.201 - Lenovo)
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Magic Transfer (HKLM\...\{AD2B2BD1-A1D7-4798-8FDD-B2A58FD94E68}) (Version: 1.1.1.11 - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-03-2015 16:45:20 Windows Update
08-03-2015 17:01:24 Geplanter Prüfpunkt
11-03-2015 19:40:29 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {20C3CD62-B57F-400B-BB05-99040EE238AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {2F10BC0A-B92B-4C6C-B004-72A3FC10019A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-14] (Microsoft Corporation)
Task: {3F5F253E-1A5B-438E-85E6-4ABCBAFD1C59} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {A29F5507-F970-4F2A-9588-6178F3855260} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-09] (AVAST Software)
Task: {A8B3D3B1-68ED-4645-B4E6-AAE4E51FF063} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {DFF8C91C-A0A0-461B-B245-CE76201D4453} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-09] (Google Inc.)
Task: {F74DD074-77E9-4A73-B3C9-1CAFE93A454A} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2612589001-371043359-174592487-1001
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-02-18 19:02 - 2014-02-18 19:02 - 00049368 _____ () C:\Program Files\Lenovo\Bluetooth Software\btwleapi.dll
2014-06-03 14:41 - 2012-04-24 11:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-06-03 14:37 - 2014-06-03 14:37 - 00061200 _____ () C:\ProgramData\LenovoTransition\Server\x64\dptf.dll
2014-12-09 20:28 - 2014-12-09 20:28 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-09 20:28 - 2014-12-09 20:28 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-26 17:33 - 2014-11-26 17:35 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-05-09 16:58 - 2013-05-09 16:58 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2014-06-03 14:23 - 2013-10-01 10:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-03-11 22:14 - 2015-03-11 22:14 - 02921984 _____ () C:\Program Files\AVAST Software\Avast\defs\15031101\algo.dll
2014-12-09 20:28 - 2014-12-09 20:28 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-03-12 09:49 - 2015-03-12 09:49 - 02921984 _____ () C:\Program Files\AVAST Software\Avast\defs\15031200\algo.dll
2015-03-15 19:55 - 2015-03-15 19:55 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031500\algo.dll
2015-03-16 13:33 - 2015-03-16 13:33 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031600\algo.dll
2014-06-03 14:22 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-12-09 20:28 - 2014-12-09 20:28 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-12-17 11:56 - 2010-12-17 11:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2013-03-07 11:53 - 2013-03-07 11:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2010-12-17 11:56 - 2010-12-17 11:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2010-12-17 11:56 - 2010-12-17 11:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2010-01-12 15:55 - 2010-01-12 15:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 15:55 - 2010-01-12 15:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2010-12-16 11:16 - 2010-12-16 11:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2010-01-17 22:34 - 2010-01-17 22:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 11:55 - 2013-03-07 11:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 11:58 - 2013-03-07 11:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 11:54 - 2013-03-07 11:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 11:56 - 2010-12-17 11:56 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 11:56 - 2010-12-17 11:56 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2010-12-17 11:56 - 2010-12-17 11:56 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Barbara\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2612589001-371043359-174592487-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "RtsFT"
==================== Accounts: =============================
Administrator (S-1-5-21-2612589001-371043359-174592487-500 - Administrator - Disabled)
Barbara (S-1-5-21-2612589001-371043359-174592487-1001 - Administrator - Enabled) => C:\Users\Barbara
Gast (S-1-5-21-2612589001-371043359-174592487-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2612589001-371043359-174592487-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/16/2015 11:35:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WINRE_DRV" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (03/16/2015 11:31:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0b171db0
ID des fehlerhaften Prozesses: 0x145c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/12/2015 07:39:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x07f1c490
ID des fehlerhaften Prozesses: 0x1604
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/10/2015 09:18:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WINRE_DRV" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (03/10/2015 06:28:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00a55440
ID des fehlerhaften Prozesses: 0x2024
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/09/2015 03:43:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WINRE_DRV" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (03/09/2015 11:21:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 20e0
Startzeit: 01d05a4c303054fa
Endzeit: 46
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID: efe9e17d-c645-11e4-8261-485ab6c7e26a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/08/2015 07:51:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x221b0658
ID des fehlerhaften Prozesses: 0x16e8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/07/2015 05:20:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: IEFRAME.dll, Version: 11.0.9600.17631, Zeitstempel: 0x54b31fd9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001369c7
ID des fehlerhaften Prozesses: 0x1ab8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (03/05/2015 11:37:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x77cf0309
ID des fehlerhaften Prozesses: 0x1010
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
System errors:
=============
Error: (03/13/2015 10:14:48 PM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (03/13/2015 03:12:55 PM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (03/12/2015 09:56:33 AM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/12/2015 09:56:33 AM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2015 10:22:31 PM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2015 10:22:31 PM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2015 09:25:33 AM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2015 09:25:33 AM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Error: (03/11/2015 09:25:29 AM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
Error: (03/10/2015 10:09:49 PM) (Source: DCOM) (EventID: 10010) (User: BARBARASPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
Microsoft Office Sessions:
=========================
Error: (03/16/2015 11:35:13 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINRE_DRVFalscher Parameter. (0x80070057)
Error: (03/16/2015 11:31:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9unknown0.0.0.000000000c00000050b171db0145c01d05fd3170a1e8cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown8cfba33e-cbc7-11e4-8262-485ab6c7e26a
Error: (03/12/2015 07:39:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9unknown0.0.0.000000000c000000507f1c490160401d05ce2e07c3414C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown2c668257-c8e7-11e4-8262-485ab6c7e26a
Error: (03/10/2015 09:18:13 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINRE_DRVFalscher Parameter. (0x80070057)
Error: (03/10/2015 06:28:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9unknown0.0.0.000000000c000000500a55440202401d05b52888772b7C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownd36a2876-c74a-11e4-8261-485ab6c7e26a
Error: (03/09/2015 03:43:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINRE_DRVFalscher Parameter. (0x80070057)
Error: (03/09/2015 11:21:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1741620e001d05a4c303054fa46C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEefe9e17d-c645-11e4-8261-485ab6c7e26a
Error: (03/08/2015 07:51:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9unknown0.0.0.000000000c0000005221b065816e801d059cd3f35b7b9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown1bf688a1-c5c4-11e4-8261-485ab6c7e26a
Error: (03/07/2015 05:20:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9IEFRAME.dll11.0.9600.1763154b31fd9c0000005001369c71ab801d058ee0c6e01e5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\IEFRAME.dllddf448fd-c4e5-11e4-8261-485ab6c7e26a
Error: (03/05/2015 11:37:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9unknown0.0.0.000000000c000000577cf0309101001d05729748d5c69C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknownace9a4f0-c323-11e4-8261-485ab6c7e26a
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 4004.01 MB
Available physical RAM: 1985.05 MB
Total Pagefile: 4708.01 MB
Available Pagefile: 2523.75 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:102.14 GB) (Free:59.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 9B7D1D24)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
| Themen zu dhl link angeklickt angebliche bestellung |
| angeklickt, anti, antivirus, avast, besten, computer, email, fenster, free, gefunde, link, löschen, nichts, problem, programm, reinigen, sendung, server, sofort, troja, trojaner, unterwegs, versuche, viren, öffnen |
Hybrid-Darstellung
