|
Plagegeister aller Art und deren Bekämpfung: Trojaner 'TR/Crypt.XPACK.Gen'Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.05.2015, 17:11 | #1 |
| Trojaner 'TR/Crypt.XPACK.Gen' Liebe Trojaner Bord Community, ich habe mir ein gebrauchtes Netbook gekauft, um am Wochenende rausfahren zu können. Dieses war zurückgesetzt worden. Es hat ein Windows Starter Programm. Allerdings habe ich keine CD davon. Es ist schon drauf. Als Schreibprogramm habe ich ich mir open office runtergeladen. Firefox für das Internet und als Virenschutz gestern AVIRA. Jetzt habe ich gerade folgende Meldung bekommen: Der Zugriff auf die Datei 'C:\Users\Petra\...\Firefox_37.0.1_einrichten.exe' mit dem Virus oder dem unerwünschten Programm 'TR/Crypt.XPACK.Gen' wurde blockiert. Ausserdem steht unten die Meldung, dass mein Firefox zu langsam arbeitet. Was kann, soll ich jetzt machen. Ich habe noch keine Erfahrung, weil ich das noch nie gemacht habe. Bisher befinden sich kaum Daten von mir auf dem PC. Ich habe lediglich fünf ODT Dateien, in die ich was reingeschrieben habe und die ich gerne behalten möchte. Ich traue mich aber nicht, sie auf einen Stick zu ziehen, weil ich fürchte, dann den Virus mitzunehmen. Wäre es eine Lösung, die Dateien mir selbst per Mail zuzusenden? Oder sende ich dann den Virus auch mit. Muss ich überhaupt die Dateien runterziehen, bevor ich angeleitet, durch Sie, den Virus entferne? Neben dem Netbook habe ich noch mein Notebook zur Verfügung. Zum Glück habe ich die beiden noch nie miteinander verbunden. Beim Notebook hängt sich neuerdings Firefox immer auf, wenn ich eine Seite anklicke. Vielleicht ist das auch ein Virus, aber dass sollte man lieber extra behandeln. Da sind auch viele Daten drauf an denen ich hänge. Ich danke Ihnen schon mal im Voraus Parim |
22.05.2015, 17:24 | #2 |
/// the machine /// TB-Ausbilder | Trojaner 'TR/Crypt.XPACK.Gen' hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.05.2015, 22:38 | #3 |
| Trojaner 'TR/Crypt.XPACK.Gen' Hallo schrauber,
__________________ersteinmal vielen Dank für die schnelle Antwort. Ich hoffe es klappt jetzt mit meiner Antwort. Ich habe den Scan laufen lassen und die Dateien liegen auf dem Desktop. Muss ich sie erst öffnen um sie zu senden, oder kann ich sie einfach so reinkopieren? Sorry schrauber, ich habe erst jetzt den Button für die direkte Antwort entdeckt. Bin heute das erste Mal hier unterwegs. Irgendwie aufgeregt und mit Freude was zu lernen. Vorher hatte ich den Antworten Button unter deiner Mail benutzt. Nun weiß ich gar nicht, ob das angekommen ist. Hatte die Scan-Ergebnis-Datein noch nicht mitgesandt, weil ich nicht weiß, ob ich sie vorher öffnen muss oder sie einfach so, mit pacet und copy hier reinkopieren kann. Hallo schrauber, bervor ich gleich ins Bette gehe, kopiere ich mal die Ergebnisse des Scan. FRST Editor: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01 Ran by Petra (administrator) on PETRA-PC on 22-05-2015 18:44:28 Running from C:\Users\Petra\Desktop Loaded Profiles: Petra (Available Profiles: Petra) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe () C:\Windows\System32\AsusService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotKeyMon.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\SHE\SuperHybridEngine.exe (ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-11] (AsusTek Computer Inc.) HKLM-x32\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS) HKLM-x32\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-07] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [141848 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe [173592 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe [150552 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor) HKLM-x32\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.) HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2015-05-14] () HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\...\RunOnce: [RunCanonMsetUp] => C:\Program Files\Canon\IJ_MSetup4\MCDCHK2.EXE Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-02] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] () ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1209219964-1995288155-3218319295-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1209219964-1995288155-3218319295-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Extension: Avira Browser Safety - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default\Extensions\abs@avira.com [2015-05-21] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] () R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH) S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-22 18:44 - 2015-05-22 18:46 - 00010846 _____ () C:\Users\Petra\Desktop\FRST.txt 2015-05-22 18:43 - 2015-05-22 18:44 - 00000000 ____D () C:\FRST 2015-05-22 18:40 - 2015-05-22 18:40 - 01147392 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe 2015-05-22 18:36 - 2015-05-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series 2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool 2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information 2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\ProgramData\CanonBJ 2015-05-22 18:30 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\windows\system32\CNMLMBA.DLL 2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ___HD () C:\Program Files\CanonBJ 2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ____D () C:\windows\system32\STRING 2015-05-22 18:29 - 2012-03-28 17:00 - 00366592 _____ (CANON INC.) C:\windows\system32\CNMNPPM.DLL 2015-05-22 18:29 - 2012-03-28 17:00 - 00035840 _____ (CANON INC.) C:\windows\system32\CNMNPUI.DLL 2015-05-22 18:28 - 2015-05-22 18:36 - 00000000 ____D () C:\Program Files\Canon 2015-05-22 18:26 - 2015-05-22 18:27 - 31423648 _____ () C:\Users\Petra\Downloads\mast-win-ip7200-1_0-mcd.exe 2015-05-21 22:53 - 2011-02-12 07:35 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\FXSCOVER.exe 2015-05-21 22:49 - 2015-04-20 04:55 - 01081344 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2015-05-21 22:49 - 2015-04-20 04:55 - 00811520 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2015-05-21 22:49 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-05-21 22:49 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2015-05-21 22:47 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe 2015-05-21 22:45 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2015-05-21 22:42 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2015-05-21 22:39 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2015-05-21 22:35 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2015-05-21 22:35 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2015-05-21 22:35 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2015-05-21 22:35 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2015-05-21 22:35 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll 2015-05-21 00:46 - 2015-05-21 00:46 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira 2015-05-21 00:40 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys 2015-05-21 00:34 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2015-05-21 00:34 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2015-05-21 00:33 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2015-05-21 00:33 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2015-05-21 00:33 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2015-05-21 00:33 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2015-05-21 00:33 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2015-05-21 00:33 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2015-05-21 00:33 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2015-05-21 00:33 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2015-05-21 00:33 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2015-05-21 00:33 - 2012-04-26 06:45 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\rdpwsx.dll 2015-05-21 00:33 - 2012-04-26 06:41 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\rdrmemptylst.exe 2015-05-21 00:32 - 2012-11-23 04:48 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe 2015-05-21 00:32 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll 2015-05-21 00:32 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll 2015-05-21 00:27 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\mfc42u.dll 2015-05-21 00:27 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\mfc42.dll 2015-05-21 00:23 - 2015-05-21 00:23 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-05-21 00:23 - 2011-02-23 06:47 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2015-05-21 00:23 - 2011-02-23 06:47 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2015-05-21 00:23 - 2011-02-23 06:47 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2015-05-21 00:23 - 2011-02-23 06:47 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys 2015-05-21 00:22 - 2015-05-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\ProgramData\Avira 2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\Program Files\Avira 2015-05-21 00:21 - 2015-05-21 00:21 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-21 00:21 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2015-05-21 00:20 - 2015-05-21 00:20 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\Petra\Downloads\avira_de_av_555d0838735c5__ws.exe 2015-05-21 00:20 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2015-05-21 00:20 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-05-21 00:20 - 2015-02-03 05:16 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-05-21 00:20 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys 2015-05-21 00:20 - 2015-02-03 05:16 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-05-21 00:20 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-05-21 00:20 - 2015-02-03 05:12 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2015-05-21 00:20 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2015-05-21 00:20 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe 2015-05-21 00:20 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll 2015-05-21 00:20 - 2015-02-03 05:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-05-21 00:20 - 2015-02-03 05:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-05-21 00:20 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2015-05-21 00:20 - 2015-02-03 05:08 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-05-21 00:20 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-05-21 00:20 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys 2015-05-21 00:20 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2015-05-21 00:20 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-05-21 00:20 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2015-05-21 00:20 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2015-05-21 00:20 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2015-05-21 00:19 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2015-05-21 00:19 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2015-05-21 00:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2015-05-21 00:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2015-05-21 00:18 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll 2015-05-21 00:18 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2015-05-20 23:56 - 2015-05-21 00:00 - 00004856 _____ () C:\windows\system32\TmInstall.log 2015-05-20 23:50 - 2015-05-21 00:09 - 00000000 ____D () C:\Users\Petra\AppData\Local\AviraResume 2015-05-20 23:17 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-20 22:50 - 2015-05-20 22:50 - 00000000 ____D () C:\Users\Petra\Documents\Fax 2015-05-20 22:49 - 2015-05-20 22:49 - 00001200 _____ () C:\Users\Petra\Desktop\iP7200 series _3B8506000000 - Verknüpfung.lnk 2015-05-20 22:39 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll 2015-05-20 22:39 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe 2015-05-16 19:24 - 2015-05-22 18:43 - 00000000 ____D () C:\Users\Petra\Documents\HA ASA 4-13 2015-05-14 04:55 - 2015-05-14 04:55 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\OpenOffice 2015-05-14 04:52 - 2015-05-14 04:52 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-05-14 04:52 - 2015-05-14 04:52 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-05-14 04:51 - 2015-05-14 04:51 - 00000000 ____D () C:\Program Files\OpenOffice 4 2015-05-14 04:45 - 2015-05-14 04:46 - 00000000 ____D () C:\Users\Petra\Desktop\OpenOffice 4.1.1 (de) Installation Files 2015-05-14 04:33 - 2015-05-14 04:39 - 164858324 _____ () C:\Users\Petra\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe 2015-05-14 04:24 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-14 04:24 - 2015-05-14 04:24 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-14 04:24 - 2015-05-14 04:24 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Mozilla 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Local\Mozilla 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\ProgramData\Mozilla 2015-05-14 04:21 - 2015-05-14 04:21 - 00243664 _____ () C:\Users\Petra\Downloads\Firefox Setup Stub 38.0.exe 2015-05-14 03:18 - 2015-05-14 03:18 - 00982696 _____ () C:\Users\Petra\Downloads\Firefox_37.0.1_einrichten.exe 2015-05-14 03:15 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-05-14 03:15 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-05-14 03:15 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-05-14 03:15 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-05-14 03:14 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-05-14 03:14 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2015-05-14 03:14 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-05-14 03:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-05-14 03:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-05-14 03:04 - 2015-05-14 03:04 - 00000059 _____ () C:\windows\system32\ȼ 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\windows\ConfigSetRoot 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boingo 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\GoBoingo 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\Program Files\Boingo 2015-05-14 03:03 - 2010-05-28 04:27 - 00005576 _____ () C:\windows\Language.ini 2015-05-14 03:01 - 2015-05-14 03:01 - 00001158 _____ () C:\Users\Public\Desktop\eBay.lnk 2015-05-14 03:01 - 2015-05-14 03:01 - 00001108 _____ () C:\Users\Public\Desktop\E-Manual.lnk 2015-05-14 02:59 - 2015-05-14 02:59 - 00000000 ____D () C:\windows\system32\Atheros_L1e 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\SRSLabs 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\RTCOM 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\Program Files\Elantech 2015-05-14 02:57 - 2015-05-14 02:58 - 00002119 _____ () C:\RHDSetup.log 2015-05-14 02:57 - 2015-05-14 02:58 - 00000000 ___HD () C:\Program Files\Temp 2015-05-14 02:57 - 2015-05-14 02:57 - 00000000 ____D () C:\Program Files\Realtek 2015-05-14 02:57 - 2010-04-27 10:57 - 03583008 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 01775136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkPgExt.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 01083936 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSndMgr.cpl 2015-05-14 02:57 - 2010-04-27 10:57 - 00367136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApoApi.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 00058400 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoInst.dll 2015-05-14 02:57 - 2010-04-27 10:12 - 03084256 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHDA.sys 2015-05-14 02:57 - 2010-04-27 07:50 - 00299424 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO.dll 2015-05-14 02:57 - 2010-04-06 08:58 - 00000008 _____ () C:\windows\system32\Drivers\rtkhdaud.dat 2015-05-14 02:57 - 2010-03-22 08:22 - 01247776 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll 2015-05-14 02:57 - 2010-01-26 05:38 - 00145760 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTACap.dll 2015-05-14 02:57 - 2009-12-30 11:58 - 00004692 _____ () C:\windows\system32\Drivers\SamSfPa.dat 2015-05-14 02:57 - 2009-12-15 12:26 - 00357576 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG32A.dll 2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT32.dll 2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA32.dll 2015-05-14 02:57 - 2009-11-17 12:13 - 00096160 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTARen.dll 2015-05-14 02:56 - 2015-05-21 00:17 - 00063568 _____ () C:\Users\Petra\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-14 02:56 - 2015-05-21 00:11 - 00000000 ____D () C:\Users\Petra\AppData\Local\Windows Live 2015-05-14 02:56 - 2015-05-20 23:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Adobe 2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Local\Adobe 2015-05-14 02:56 - 2015-05-14 03:03 - 00001413 _____ () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-14 02:56 - 2015-05-14 03:03 - 00000000 ____D () C:\Users\Petra\AppData\Local\VirtualStore 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Startmenü 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Netzwerkumgebung 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Druckumgebung 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Musik 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Bilder 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Local\Verlauf 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 ____D () C:\Users\Petra 2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\Documents\Asus WebStorage 2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\ASUS WebStorage 2015-05-14 02:56 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Macromedia 2015-05-14 02:56 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\E-Cam 2015-05-14 02:56 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-14 02:56 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Petra\Documents\Bluetooth Exchange Folder 2015-05-14 02:56 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\InstallShield 2015-05-14 02:56 - 2009-07-14 06:53 - 00000020 ___SH () C:\Users\Petra\ntuser.ini 2015-05-14 02:56 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-14 02:56 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-14 02:54 - 2015-05-14 02:54 - 00000000 __SHD () C:\Recovery 2015-05-08 06:33 - 2014-06-28 02:21 - 00391640 __RSH () C:\bootmgr 2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe 2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe 2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default\Desktop\Trend Micro Titanium.lnk 2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default User\Desktop\Trend Micro Titanium.lnk 2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\Documents\Asus WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ASUS WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\Documents\Asus WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ASUS WebStorage 2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live 2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live 2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\E-Cam 2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\E-Cam 2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\Documents\Bluetooth Exchange Folder 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Broadcom 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\Documents\Bluetooth Exchange Folder 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Broadcom 2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\InstallShield 2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\InstallShield 2015-05-08 05:37 - 2015-05-22 18:21 - 01320220 _____ () C:\windows\WindowsUpdate.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-22 17:18 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2015-05-22 17:00 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-22 17:00 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-22 16:44 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-05-22 16:44 - 2009-07-14 06:39 - 00053795 _____ () C:\windows\setupact.log 2015-05-22 16:44 - 2009-07-14 06:33 - 00284480 _____ () C:\windows\system32\FNTCACHE.DAT 2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\nl-NL 2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\it-IT 2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\fr-FR 2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2015-05-22 15:12 - 2011-02-16 17:44 - 00692768 _____ () C:\windows\system32\perfh013.dat 2015-05-22 15:12 - 2011-02-16 17:44 - 00133360 _____ () C:\windows\system32\perfc013.dat 2015-05-22 15:12 - 2011-02-16 17:39 - 00691422 _____ () C:\windows\system32\perfh010.dat 2015-05-22 15:12 - 2011-02-16 17:39 - 00127758 _____ () C:\windows\system32\perfc010.dat 2015-05-22 15:12 - 2009-07-27 12:11 - 03971856 _____ () C:\windows\system32\PerfStringBackup.INI 2015-05-22 15:10 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\LogFiles 2015-05-22 13:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender 2015-05-21 22:21 - 2011-04-02 04:30 - 00415588 _____ () C:\windows\PFRO.log 2015-05-20 23:52 - 2011-04-02 05:07 - 00000000 ____D () C:\ProgramData\Trend Micro 2015-05-20 23:07 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\FxsTmp 2015-05-17 09:01 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\WCN 2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts 2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\MUI 2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\com 2015-05-14 03:03 - 2011-04-02 04:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-05-14 03:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-14 03:01 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Asus 2015-05-14 02:59 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\restore 2015-05-14 02:58 - 2011-04-02 04:44 - 00014676 _____ () C:\windows\DPINST.LOG 2015-05-14 02:57 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2015-05-14 02:54 - 2009-07-27 12:56 - 00000000 ____D () C:\windows\panther 2015-05-14 02:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\Recovery 2015-05-08 06:33 - 2009-07-14 06:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG 2015-05-08 06:33 - 2009-07-14 06:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template 2015-05-08 05:38 - 2009-07-27 11:57 - 00008134 _____ () C:\windows\TSSysprep.log 2015-05-08 05:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2015-05-08 05:35 - 2009-07-14 06:34 - 00004822 _____ () C:\windows\DtcInstall.log ==================== Files in the root of some directories ======= 2011-04-02 04:49 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some files in TEMP: ==================== C:\Users\Petra\AppData\Local\Temp\avgnt.exe C:\Users\Petra\AppData\Local\Temp\MSETUP4.EXE ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-17 08:49 Addition Editor: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-05-2015 01 Ran by Petra at 2015-05-22 18:47:23 Running from C:\Users\Petra\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1209219964-1995288155-3218319295-500 - Administrator - Disabled) Gast (S-1-5-21-1209219964-1995288155-3218319295-501 - Limited - Disabled) Petra (S-1-5-21-1209219964-1995288155-3218319295-1000 - Administrator - Enabled) => C:\Users\Petra ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated) Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated) ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.) ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.) AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK) Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.) Avira (HKLM\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Avira (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG) Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.) Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.) Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.) CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer) Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media) Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave) Eee Docking 3.8.3 (HKLM\...\Eee Docking_is1) (Version: 3.8.3 - ASUSTek Computer Inc.) EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0011 - ASUS) EeeSplendid (Version: 5.1.2.0011 - ASUS) Hidden ETDWare PS/2-x86 7.0.5.13_WHQL (HKLM\...\Elantech) (Version: 7.0.5.13 - ELAN Microelectronics Corp.) FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek) FontResizer (Version: 1.01.0011 - ASUSTek) Hidden Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Game Park Console (HKLM\...\{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1) (Version: 6.2.0.3 - Oberon Media, Inc.) Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.37 - AsusTek Computer Inc.) InstantOn (HKLM\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 1.0.2 - ASUS) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.28 - AsusTek Computer Inc.) LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS) Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla) OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0159 - REALTEK Semiconductor Corp.) Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.17 - AsusTek Computer) Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom) Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 14-05-2015 04:46:27 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 14-05-2015 04:49:33 OpenOffice 4.1.1 wird installiert 17-05-2015 08:56:34 Sprachpaketdeinstallation 21-05-2015 22:28:23 Windows Update 22-05-2015 15:12:32 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Loaded Modules (Whitelisted) ============== 2011-04-02 04:53 - 2010-12-07 18:19 - 00224680 _____ () C:\windows\system32\AsusService.exe 2015-05-07 16:37 - 2015-05-07 16:37 - 00245760 _____ () C:\Program Files\Avira\Launcher\System.ComponentModel.Composition.dll 2010-09-02 13:08 - 2010-09-02 13:08 - 00118784 _____ () C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll 2009-03-02 04:08 - 2009-03-02 04:08 - 00003584 _____ () C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.PropSheetExtensionHelper.dll 2011-03-11 03:05 - 2011-03-11 03:05 - 00181664 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER Error getting == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F1B2F891-6884-44D8-886F-4B0BAC21F0DC}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A5AC6AF6-5D38-4B99-88B2-7778481F3F22}] => (Allow) LPort=2869 FirewallRules: [{33B61685-5528-4B59-BB27-250624D17D8D}] => (Allow) LPort=1900 FirewallRules: [{6ADDE698-A413-4F88-A103-6CDF853ED581}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{FA4570A9-B65F-4A0D-BCBF-39C158A5C94C}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe FirewallRules: [{B4843F82-6626-495B-8345-8F60E29A66F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{9354BC56-8D1B-4114-B4CC-D94DA8C86A92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/14/2015 03:03:39 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (3420) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error: (05/14/2015 02:59:09 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {fff6282d-29e8-49b1-825c-36115f2a4ee8} System errors: ============= Error: (05/22/2015 06:42:47 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/22/2015 06:42:05 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/22/2015 06:40:58 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/22/2015 06:35:34 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/22/2015 04:46:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (05/22/2015 04:44:35 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "PETRA-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/22/2015 04:44:35 PM) (Source: Server) (EventID: 2505) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{22D51E9B-6C03-4622-813E-07960C180CE7} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (05/22/2015 04:44:29 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/22/2015 04:41:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (05/22/2015 04:39:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB3046306) Microsoft Office: ========================= Error: (05/14/2015 03:03:39 AM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail3420WindowsMail0: Error: (05/14/2015 02:59:09 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {fff6282d-29e8-49b1-825c-36115f2a4ee8} ==================== Memory info =========================== Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz Percentage of memory in use: 81% Total physical RAM: 1014.18 MB Available physical RAM: 187.1 MB Total Pagefile: 2038.18 MB Available Pagefile: 812.46 MB Total Virtual: 2047.88 MB Available Virtual: 1895.1 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100 GB) (Free:74.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:117.87 GB) (Free:117.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3DA54736) Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=15 GB) - (Type=1B) Partition 3: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=16 MB) - (Type=EF) Liebe Grüße Parim |
23.05.2015, 19:49 | #4 |
/// the machine /// TB-Ausbilder | Trojaner 'TR/Crypt.XPACK.Gen'So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.05.2015, 22:35 | #5 |
| Trojaner 'TR/Crypt.XPACK.Gen' Hallo Schrauber, ich weiß nicht wie ich das mit der # machen soll. Wenn ich, wie jetzt, im Antwortenmodus bin, sehe ich keine Raute. Wenn ich nicht im Antwortenmodus bin, sehe ich rechts in der Ecke von deiner Antwort eine Raute und daneben eine Zahl. Die Zahl kann ich anklicken, aber die Raute nicht. Habe ich dich falsch verstanden oder mache ich was falsch? LG und Danke, Parim Hallo Schrauber, hier kommen die Antworten der ganzen Scans. Diesmal mit Rauteklick. Ich konnte das Bild gar nicht sehen, wenn ich mit dem kleinen Netbook auf Trojaner-Board gegangen bin. Als ich mit dem Notebook reingegangen bin, habe ich es gesehen. Gruß Parim [CODE] Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.05.2015 Suchlauf-Zeit: 20:02:08 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.27.04 Rootkit Datenbank: v2015.05.24.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Petra Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 303544 Verstrichene Zeit: 1 Std, 1 Min, 57 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 1 PUP.Optional.BundleInstaller.A, C:\Users\Petra\Downloads\Firefox_37.0.1_einrichten.exe, In Quarantäne, [4b551880f2985fd74934e36cd032c040], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end)[/CODE Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 27/05/2015 um 22:11:14 # Aktualisiert 21/05/2015 von Xplode # Datenbank : 2015-05-25.3 [Server] # Betriebssystem : Windows 7 Starter Service Pack 1 (x86) # Benutzername : Petra - PETRA-PC # Gestarted von : C:\Users\Petra\Downloads\AdwCleaner_4.205.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** -\\ Internet Explorer v9.0.8112.16421 -\\ Mozilla Firefox v38.0.1 (x86 de) ************************* AdwCleaner[R0].txt - [839 Bytes] - [27/05/2015 22:07:47] AdwCleaner[S0].txt - [760 Bytes] - [27/05/2015 22:11:14] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [818 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.8.1 (05.27.2015:1) OS: Windows 7 Starter x86 Ran by Petra on 27.05.2015 at 22:33:10,53 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27.05.2015 at 22:38:09,36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ran by Petra (administrator) on PETRA-PC on 27-05-2015 22:41:14 Running from C:\Users\Petra\Desktop Loaded Profiles: Petra (Available Profiles: Petra) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-11] (AsusTek Computer Inc.) HKLM-x32\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS) HKLM-x32\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-07] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [141848 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe [173592 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe [150552 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor) HKLM-x32\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.) HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2015-05-14] () HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-02] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] () ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Extension: Avira Browser Safety - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default\Extensions\abs@avira.com [2015-05-27] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG) S2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] () R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH) S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-27 22:38 - 2015-05-27 22:38 - 00000595 _____ () C:\Users\Petra\Desktop\JRT.txt 2015-05-27 22:33 - 2015-05-27 22:33 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PETRA-PC-Windows-7-Starter-(32-bit).dat 2015-05-27 22:33 - 2015-05-27 22:33 - 00000000 ____D () C:\RegBackup 2015-05-27 22:32 - 2015-05-27 22:32 - 02946603 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe 2015-05-27 22:15 - 2015-05-27 22:15 - 00000897 _____ () C:\Users\Petra\Desktop\AdwCleaner[S0].txt 2015-05-27 22:07 - 2015-05-27 22:11 - 00000000 ____D () C:\AdwCleaner 2015-05-27 22:06 - 2015-05-27 22:06 - 02222592 _____ () C:\Users\Petra\Downloads\AdwCleaner_4.205.exe 2015-05-27 21:26 - 2015-05-27 21:26 - 00001320 _____ () C:\Users\Petra\Desktop\mbam.txt 2015-05-27 20:01 - 2015-05-27 21:23 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-27 20:00 - 2015-05-27 20:00 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-05-27 20:00 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-05-27 20:00 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-05-27 20:00 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-05-27 19:55 - 2015-05-27 19:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-27 19:41 - 2015-05-27 19:41 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-05-23 00:02 - 2015-05-23 00:07 - 00009451 _____ () C:\windows\IE11_main.log 2015-05-22 18:47 - 2015-05-22 18:49 - 00017270 _____ () C:\Users\Petra\Desktop\Addition.txt 2015-05-22 18:44 - 2015-05-27 22:41 - 00009581 _____ () C:\Users\Petra\Desktop\FRST.txt 2015-05-22 18:43 - 2015-05-27 22:41 - 00000000 ____D () C:\FRST 2015-05-22 18:40 - 2015-05-22 18:40 - 01147392 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe 2015-05-22 18:36 - 2015-05-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series 2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool 2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information 2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\ProgramData\CanonBJ 2015-05-22 18:30 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\windows\system32\CNMLMBA.DLL 2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ___HD () C:\Program Files\CanonBJ 2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ____D () C:\windows\system32\STRING 2015-05-22 18:29 - 2012-03-28 17:00 - 00366592 _____ (CANON INC.) C:\windows\system32\CNMNPPM.DLL 2015-05-22 18:29 - 2012-03-28 17:00 - 00035840 _____ (CANON INC.) C:\windows\system32\CNMNPUI.DLL 2015-05-22 18:28 - 2015-05-22 18:36 - 00000000 ____D () C:\Program Files\Canon 2015-05-22 18:26 - 2015-05-22 18:27 - 31423648 _____ () C:\Users\Petra\Downloads\mast-win-ip7200-1_0-mcd.exe 2015-05-21 22:53 - 2011-02-12 07:35 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\FXSCOVER.exe 2015-05-21 22:49 - 2015-04-20 04:55 - 01081344 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2015-05-21 22:49 - 2015-04-20 04:55 - 00811520 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2015-05-21 22:49 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-05-21 22:49 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2015-05-21 22:47 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe 2015-05-21 22:45 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2015-05-21 22:42 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2015-05-21 22:39 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2015-05-21 22:35 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2015-05-21 22:35 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2015-05-21 22:35 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2015-05-21 22:35 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2015-05-21 22:35 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll 2015-05-21 00:46 - 2015-05-21 00:46 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira 2015-05-21 00:40 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys 2015-05-21 00:34 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2015-05-21 00:34 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2015-05-21 00:33 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2015-05-21 00:33 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2015-05-21 00:33 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2015-05-21 00:33 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2015-05-21 00:33 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2015-05-21 00:33 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2015-05-21 00:33 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2015-05-21 00:33 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2015-05-21 00:33 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2015-05-21 00:33 - 2012-04-26 06:45 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\rdpwsx.dll 2015-05-21 00:33 - 2012-04-26 06:41 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\rdrmemptylst.exe 2015-05-21 00:32 - 2012-11-23 04:48 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe 2015-05-21 00:32 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll 2015-05-21 00:32 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll 2015-05-21 00:27 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-05-21 00:27 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2015-05-21 00:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2015-05-21 00:27 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2015-05-21 00:27 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2015-05-21 00:27 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-21 00:27 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll 2015-05-21 00:27 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll 2015-05-21 00:27 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\mfc42u.dll 2015-05-21 00:27 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\mfc42.dll 2015-05-21 00:23 - 2015-05-21 00:23 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-05-21 00:23 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2015-05-21 00:23 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys 2015-05-21 00:23 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll 2015-05-21 00:23 - 2012-11-29 00:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2015-05-21 00:23 - 2011-02-23 06:47 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2015-05-21 00:23 - 2011-02-23 06:47 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2015-05-21 00:23 - 2011-02-23 06:47 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2015-05-21 00:23 - 2011-02-23 06:47 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys 2015-05-21 00:22 - 2015-05-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\ProgramData\Avira 2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\Program Files\Avira 2015-05-21 00:21 - 2015-05-21 00:21 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-21 00:21 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll 2015-05-21 00:21 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-05-21 00:21 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2015-05-21 00:20 - 2015-05-21 00:20 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\Petra\Downloads\avira_de_av_555d0838735c5__ws.exe 2015-05-21 00:20 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2015-05-21 00:20 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-05-21 00:20 - 2015-02-03 05:16 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-05-21 00:20 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys 2015-05-21 00:20 - 2015-02-03 05:16 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-05-21 00:20 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-05-21 00:20 - 2015-02-03 05:12 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2015-05-21 00:20 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2015-05-21 00:20 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe 2015-05-21 00:20 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll 2015-05-21 00:20 - 2015-02-03 05:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-05-21 00:20 - 2015-02-03 05:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-05-21 00:20 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2015-05-21 00:20 - 2015-02-03 05:08 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-05-21 00:20 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-05-21 00:20 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys 2015-05-21 00:20 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2015-05-21 00:20 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-05-21 00:20 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2015-05-21 00:20 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2015-05-21 00:20 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2015-05-21 00:19 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2015-05-21 00:19 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2015-05-21 00:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2015-05-21 00:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2015-05-21 00:18 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll 2015-05-21 00:18 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2015-05-20 23:56 - 2015-05-21 00:00 - 00004856 _____ () C:\windows\system32\TmInstall.log 2015-05-20 23:50 - 2015-05-21 00:09 - 00000000 ____D () C:\Users\Petra\AppData\Local\AviraResume 2015-05-20 23:17 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-20 22:50 - 2015-05-20 22:50 - 00000000 ____D () C:\Users\Petra\Documents\Fax 2015-05-20 22:49 - 2015-05-20 22:49 - 00001200 _____ () C:\Users\Petra\Desktop\iP7200 series _3B8506000000 - Verknüpfung.lnk 2015-05-20 22:39 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll 2015-05-20 22:39 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe 2015-05-16 19:24 - 2015-05-22 23:56 - 00000000 ____D () C:\Users\Petra\Documents\HA ASA 4-13 2015-05-14 04:55 - 2015-05-14 04:55 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\OpenOffice 2015-05-14 04:52 - 2015-05-14 04:52 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-05-14 04:52 - 2015-05-14 04:52 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-05-14 04:51 - 2015-05-14 04:51 - 00000000 ____D () C:\Program Files\OpenOffice 4 2015-05-14 04:45 - 2015-05-14 04:46 - 00000000 ____D () C:\Users\Petra\Desktop\OpenOffice 4.1.1 (de) Installation Files 2015-05-14 04:33 - 2015-05-14 04:39 - 164858324 _____ () C:\Users\Petra\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe 2015-05-14 04:24 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-14 04:24 - 2015-05-14 04:24 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-14 04:24 - 2015-05-14 04:24 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Mozilla 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Local\Mozilla 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\ProgramData\Mozilla 2015-05-14 04:21 - 2015-05-14 04:21 - 00243664 _____ () C:\Users\Petra\Downloads\Firefox Setup Stub 38.0.exe 2015-05-14 03:15 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-05-14 03:15 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-05-14 03:15 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-05-14 03:15 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-05-14 03:14 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-05-14 03:14 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2015-05-14 03:14 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-05-14 03:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-05-14 03:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-05-14 03:04 - 2015-05-14 03:04 - 00000059 _____ () C:\windows\system32\ȼ 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\windows\ConfigSetRoot 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boingo 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\GoBoingo 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\Program Files\Boingo 2015-05-14 03:03 - 2010-05-28 04:27 - 00005576 _____ () C:\windows\Language.ini 2015-05-14 03:01 - 2015-05-14 03:01 - 00001108 _____ () C:\Users\Public\Desktop\E-Manual.lnk 2015-05-14 02:59 - 2015-05-14 02:59 - 00000000 ____D () C:\windows\system32\Atheros_L1e 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\SRSLabs 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\RTCOM 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\Program Files\Elantech 2015-05-14 02:57 - 2015-05-14 02:58 - 00002119 _____ () C:\RHDSetup.log 2015-05-14 02:57 - 2015-05-14 02:58 - 00000000 ___HD () C:\Program Files\Temp 2015-05-14 02:57 - 2015-05-14 02:57 - 00000000 ____D () C:\Program Files\Realtek 2015-05-14 02:57 - 2010-04-27 10:57 - 03583008 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 01775136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkPgExt.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 01083936 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSndMgr.cpl 2015-05-14 02:57 - 2010-04-27 10:57 - 00367136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApoApi.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 00058400 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoInst.dll 2015-05-14 02:57 - 2010-04-27 10:12 - 03084256 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHDA.sys 2015-05-14 02:57 - 2010-04-27 07:50 - 00299424 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO.dll 2015-05-14 02:57 - 2010-04-06 08:58 - 00000008 _____ () C:\windows\system32\Drivers\rtkhdaud.dat 2015-05-14 02:57 - 2010-03-22 08:22 - 01247776 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll 2015-05-14 02:57 - 2010-01-26 05:38 - 00145760 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTACap.dll 2015-05-14 02:57 - 2009-12-30 11:58 - 00004692 _____ () C:\windows\system32\Drivers\SamSfPa.dat 2015-05-14 02:57 - 2009-12-15 12:26 - 00357576 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG32A.dll 2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT32.dll 2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA32.dll 2015-05-14 02:57 - 2009-11-17 12:13 - 00096160 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTARen.dll 2015-05-14 02:56 - 2015-05-21 00:17 - 00063568 _____ () C:\Users\Petra\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-14 02:56 - 2015-05-21 00:11 - 00000000 ____D () C:\Users\Petra\AppData\Local\Windows Live 2015-05-14 02:56 - 2015-05-20 23:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Adobe 2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Local\Adobe 2015-05-14 02:56 - 2015-05-14 03:03 - 00001413 _____ () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-14 02:56 - 2015-05-14 03:03 - 00000000 ____D () C:\Users\Petra\AppData\Local\VirtualStore 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Startmenü 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Netzwerkumgebung 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Druckumgebung 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Musik 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Bilder 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Local\Verlauf 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 ____D () C:\Users\Petra 2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\Documents\Asus WebStorage 2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\ASUS WebStorage 2015-05-14 02:56 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Macromedia 2015-05-14 02:56 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\E-Cam 2015-05-14 02:56 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-14 02:56 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Petra\Documents\Bluetooth Exchange Folder 2015-05-14 02:56 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\InstallShield 2015-05-14 02:56 - 2009-07-14 06:53 - 00000020 ___SH () C:\Users\Petra\ntuser.ini 2015-05-14 02:56 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-14 02:56 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-14 02:54 - 2015-05-14 02:54 - 00000000 __SHD () C:\Recovery 2015-05-08 06:33 - 2014-06-28 02:21 - 00391640 __RSH () C:\bootmgr 2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe 2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe 2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default\Desktop\Trend Micro Titanium.lnk 2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default User\Desktop\Trend Micro Titanium.lnk 2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\Documents\Asus WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ASUS WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\Documents\Asus WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ASUS WebStorage 2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live 2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live 2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\E-Cam 2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\E-Cam 2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\Documents\Bluetooth Exchange Folder 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Broadcom 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\Documents\Bluetooth Exchange Folder 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Broadcom 2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\InstallShield 2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\InstallShield 2015-05-08 05:37 - 2015-05-27 22:34 - 01904613 _____ () C:\windows\WindowsUpdate.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-27 22:22 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-27 22:22 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-27 22:13 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-05-27 22:13 - 2009-07-14 06:39 - 00053963 _____ () C:\windows\setupact.log 2015-05-27 22:12 - 2011-04-02 04:30 - 00416556 _____ () C:\windows\PFRO.log 2015-05-27 21:07 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2015-05-27 19:53 - 2011-02-16 17:44 - 00702604 _____ () C:\windows\system32\perfh013.dat 2015-05-27 19:53 - 2011-02-16 17:44 - 00136692 _____ () C:\windows\system32\perfc013.dat 2015-05-27 19:53 - 2011-02-16 17:39 - 00700520 _____ () C:\windows\system32\perfh010.dat 2015-05-27 19:53 - 2011-02-16 17:39 - 00130896 _____ () C:\windows\system32\perfc010.dat 2015-05-27 19:53 - 2009-07-27 12:11 - 04060570 _____ () C:\windows\system32\PerfStringBackup.INI 2015-05-27 19:53 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2015-05-22 21:19 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2015-05-22 16:44 - 2009-07-14 06:33 - 00284480 _____ () C:\windows\system32\FNTCACHE.DAT 2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\nl-NL 2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\it-IT 2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\fr-FR 2015-05-22 15:10 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\LogFiles 2015-05-22 13:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender 2015-05-20 23:52 - 2011-04-02 05:07 - 00000000 ____D () C:\ProgramData\Trend Micro 2015-05-20 23:07 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\FxsTmp 2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\WCN 2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts 2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\MUI 2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\com 2015-05-14 03:03 - 2011-04-02 04:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-05-14 03:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-14 03:01 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Asus 2015-05-14 02:59 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\restore 2015-05-14 02:58 - 2011-04-02 04:44 - 00014676 _____ () C:\windows\DPINST.LOG 2015-05-14 02:57 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2015-05-14 02:54 - 2009-07-27 12:56 - 00000000 ____D () C:\windows\panther 2015-05-14 02:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\Recovery 2015-05-08 06:33 - 2009-07-14 06:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG 2015-05-08 06:33 - 2009-07-14 06:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template 2015-05-08 05:38 - 2009-07-27 11:57 - 00008134 _____ () C:\windows\TSSysprep.log 2015-05-08 05:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2015-05-08 05:35 - 2009-07-14 06:34 - 00004822 _____ () C:\windows\DtcInstall.log ==================== Files in the root of some directories ======= 2011-04-02 04:49 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some files in TEMP: ==================== C:\Users\Petra\AppData\Local\Temp\avgnt.exe C:\Users\Petra\AppData\Local\Temp\MSETUP4.EXE C:\Users\Petra\AppData\Local\Temp\Quarantine.exe C:\Users\Petra\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-17 08:49 ==================== End of log ============================[CODE] Geändert von Parim (27.05.2015 um 22:31 Uhr) |
28.05.2015, 19:54 | #6 |
/// the machine /// TB-Ausbilder | Trojaner 'TR/Crypt.XPACK.Gen' IN dem Screenshot ist doch die Schnell-Antwortenbox unterhalb dieses Themas zu sehen. Dort ist oben bei den ganzen Auswahlelementen eine Raute dabei ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Trojaner 'TR/Crypt.XPACK.Gen' |
29.05.2015, 22:11 | #7 |
| Trojaner 'TR/Crypt.XPACK.Gen' Hallo Schrauber, vielen Dank für die Hilfe. Heute versuche ich es mal richtig zu machen, mit der Raute. LG Parim Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=47a63949400f1a4dad7c70dda77b564c # engine=24089 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-05-29 08:07:07 # local_time=2015-05-29 10:07:07 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 66 85 636203 184561217 0 0 # scanned=4671 # found=0 # cleaned=0 # scan_time=610 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=47a63949400f1a4dad7c70dda77b564c # engine=24089 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-05-29 08:30:32 # local_time=2015-05-29 10:30:32 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776574 66 85 637609 184562623 0 0 # scanned=7611 # found=0 # cleaned=0 # scan_time=733 Code:
ATTFilter Results of screen317's Security Check version 1.002 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (38.0.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Avira Antivirus sched.exe Avira Antivirus avshadow.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01 Ran by Petra (administrator) on PETRA-PC on 29-05-2015 22:51:56 Running from C:\Users\Petra\Desktop Loaded Profiles: Petra (Available Profiles: Petra) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe () C:\Windows\System32\AsusService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\SHE\SuperHybridEngine.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotkeyService.exe (Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-11] (AsusTek Computer Inc.) HKLM-x32\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS) HKLM-x32\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-07] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme) HKLM-x32\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [141848 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe [173592 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe [150552 2010-05-10] (Intel Corporation) HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor) HKLM-x32\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.) HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2015-05-14] () HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-02] ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] () ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Extension: Avira Browser Safety - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default\Extensions\abs@avira.com [2015-05-29] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG) R2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] () R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] () R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] () R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG) R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.) R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( ) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation) R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH) S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-29 22:47 - 2015-05-29 22:47 - 00000895 _____ () C:\Users\Petra\Desktop\checkup.txt 2015-05-29 22:34 - 2015-05-29 22:34 - 00852639 _____ () C:\Users\Petra\Downloads\SecurityCheck.exe 2015-05-29 21:32 - 2015-05-29 21:32 - 00000000 ____D () C:\Program Files\ESET 2015-05-29 21:30 - 2015-05-29 21:31 - 02347384 _____ (ESET) C:\Users\Petra\Downloads\esetsmartinstaller_deu.exe 2015-05-29 20:34 - 2015-05-29 20:34 - 00000000 ___SD () C:\windows\system32\CompatTel 2015-05-29 20:34 - 2015-05-29 20:34 - 00000000 ____D () C:\windows\system32\appraiser 2015-05-28 01:28 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-28 00:56 - 2015-01-09 01:44 - 00419936 _____ () C:\windows\system32\locale.nls 2015-05-28 00:02 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe 2015-05-28 00:02 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll 2015-05-28 00:02 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll 2015-05-28 00:02 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll 2015-05-28 00:02 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll 2015-05-28 00:02 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys 2015-05-28 00:02 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys 2015-05-28 00:02 - 2012-06-02 16:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2015-05-27 23:59 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2015-05-27 23:59 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2015-05-27 23:59 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2015-05-27 23:59 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll 2015-05-27 23:57 - 2012-03-01 07:46 - 00019824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fs_rec.sys 2015-05-27 23:57 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\wmi.dll 2015-05-27 22:48 - 2015-05-27 22:48 - 00052030 _____ () C:\Users\Petra\Desktop\FRST II.txt 2015-05-27 22:38 - 2015-05-27 22:38 - 00000595 _____ () C:\Users\Petra\Desktop\JRT.txt 2015-05-27 22:33 - 2015-05-27 22:33 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PETRA-PC-Windows-7-Starter-(32-bit).dat 2015-05-27 22:33 - 2015-05-27 22:33 - 00000000 ____D () C:\RegBackup 2015-05-27 22:32 - 2015-05-27 22:32 - 02946603 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe 2015-05-27 22:15 - 2015-05-27 22:15 - 00000897 _____ () C:\Users\Petra\Desktop\AdwCleaner[S0].txt 2015-05-27 22:07 - 2015-05-27 22:11 - 00000000 ____D () C:\AdwCleaner 2015-05-27 22:06 - 2015-05-27 22:06 - 02222592 _____ () C:\Users\Petra\Downloads\AdwCleaner_4.205.exe 2015-05-27 21:26 - 2015-05-27 21:26 - 00001320 _____ () C:\Users\Petra\Desktop\mbam.txt 2015-05-27 20:09 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys 2015-05-27 20:01 - 2015-05-27 21:23 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-27 20:00 - 2015-05-27 20:00 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-05-27 20:00 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-05-27 20:00 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-05-27 20:00 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-05-27 19:55 - 2015-05-27 19:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.1.6.1022.exe 2015-05-27 19:41 - 2015-05-27 19:41 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-05-23 00:02 - 2015-05-27 23:43 - 00018399 _____ () C:\windows\IE11_main.log 2015-05-22 18:47 - 2015-05-22 18:49 - 00017270 _____ () C:\Users\Petra\Desktop\Addition.txt 2015-05-22 18:44 - 2015-05-29 22:51 - 00010640 _____ () C:\Users\Petra\Desktop\FRST.txt 2015-05-22 18:43 - 2015-05-29 22:52 - 00000000 ____D () C:\FRST 2015-05-22 18:40 - 2015-05-22 18:40 - 01147392 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe 2015-05-22 18:36 - 2015-05-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series 2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool 2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information 2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\ProgramData\CanonBJ 2015-05-22 18:30 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\windows\system32\CNMLMBA.DLL 2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ___HD () C:\Program Files\CanonBJ 2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ____D () C:\windows\system32\STRING 2015-05-22 18:29 - 2012-03-28 17:00 - 00366592 _____ (CANON INC.) C:\windows\system32\CNMNPPM.DLL 2015-05-22 18:29 - 2012-03-28 17:00 - 00035840 _____ (CANON INC.) C:\windows\system32\CNMNPUI.DLL 2015-05-22 18:28 - 2015-05-22 18:36 - 00000000 ____D () C:\Program Files\Canon 2015-05-22 18:26 - 2015-05-22 18:27 - 31423648 _____ () C:\Users\Petra\Downloads\mast-win-ip7200-1_0-mcd.exe 2015-05-22 18:20 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll 2015-05-22 18:20 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll 2015-05-22 18:20 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll 2015-05-22 18:16 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe 2015-05-22 18:16 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll 2015-05-22 18:15 - 2015-02-03 05:12 - 01011200 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2015-05-22 18:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL 2015-05-22 18:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL 2015-05-22 18:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL 2015-05-22 18:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL 2015-05-22 18:15 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL 2015-05-22 18:15 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll 2015-05-22 18:15 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2015-05-22 18:15 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2015-05-22 18:15 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll 2015-05-22 18:15 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys 2015-05-22 18:15 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys 2015-05-22 18:15 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys 2015-05-22 18:15 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl 2015-05-22 18:14 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll 2015-05-22 18:14 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys 2015-05-22 18:14 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll 2015-05-22 18:14 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll 2015-05-22 18:14 - 2012-08-22 19:16 - 00712048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2015-05-22 18:14 - 2012-07-04 21:45 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys 2015-05-22 18:14 - 2011-04-29 04:46 - 00311808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys 2015-05-22 18:14 - 2011-04-29 04:46 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2015-05-22 18:14 - 2011-04-29 04:46 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2015-05-22 18:13 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2015-05-22 18:13 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2015-05-22 18:13 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2015-05-22 18:13 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2015-05-22 18:13 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2015-05-22 18:13 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2015-05-22 18:13 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2015-05-22 18:13 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2015-05-22 18:13 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2015-05-22 18:13 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll 2015-05-22 18:13 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\xmllite.dll 2015-05-22 18:13 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\prevhost.exe 2015-05-22 18:12 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll 2015-05-22 18:12 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2015-05-22 18:12 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll 2015-05-22 18:12 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2015-05-22 18:12 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll 2015-05-22 18:12 - 2011-03-03 07:38 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll 2015-05-22 18:12 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\dnscacheugc.exe 2015-05-22 18:11 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2015-05-22 18:11 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL 2015-05-22 18:11 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2015-05-22 18:10 - 2014-10-04 03:42 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2015-05-22 18:10 - 2014-10-04 03:42 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2015-05-22 18:10 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\oleacc.dll 2015-05-22 18:10 - 2011-05-24 12:44 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\umpnpmgr.dll 2015-05-22 18:08 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys 2015-05-22 18:08 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll 2015-05-22 18:08 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2015-05-22 18:08 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll 2015-05-22 18:06 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll 2015-05-22 18:06 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll 2015-05-22 18:05 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2015-05-22 18:05 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-05-22 18:05 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2015-05-22 18:05 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-05-22 18:05 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-05-22 18:05 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-05-22 18:05 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-05-22 18:05 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-05-22 18:05 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-05-22 18:05 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys 2015-05-22 18:05 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys 2015-05-22 18:05 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys 2015-05-22 18:05 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll 2015-05-22 18:04 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2015-05-22 18:04 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys 2015-05-22 18:04 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll 2015-05-22 18:04 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2015-05-22 18:04 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS 2015-05-22 18:04 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys 2015-05-22 17:55 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2015-05-22 17:44 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll 2015-05-22 17:44 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\psisdecd.dll 2015-05-22 17:44 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\psisrndr.ax 2015-05-22 17:43 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll 2015-05-22 17:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll 2015-05-22 17:43 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll 2015-05-22 17:43 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2015-05-22 17:43 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll 2015-05-22 17:43 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll 2015-05-22 17:43 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll 2015-05-22 17:43 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll 2015-05-22 17:43 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll 2015-05-22 17:43 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll 2015-05-22 17:43 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx 2015-05-22 17:43 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll 2015-05-22 17:43 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe 2015-05-22 17:43 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe 2015-05-22 17:43 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll 2015-05-22 17:43 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll 2015-05-22 17:43 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll 2015-05-22 17:43 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll 2015-05-22 17:43 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys 2015-05-22 17:43 - 2012-08-21 22:12 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe 2015-05-22 17:42 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-05-22 17:42 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-05-22 17:42 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-05-22 17:42 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-05-22 17:42 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-05-22 17:42 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-05-22 17:42 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-05-22 17:42 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-05-22 17:42 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-05-22 17:42 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2015-05-22 17:42 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-05-22 17:42 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-05-22 17:42 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-05-22 17:42 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-05-22 17:42 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-05-22 17:42 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2015-05-22 17:42 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2015-05-22 17:42 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2015-05-22 17:42 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll 2015-05-22 17:42 - 2011-07-09 04:30 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2015-05-22 17:42 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2015-05-22 17:42 - 2011-04-27 04:17 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2015-05-22 17:42 - 2011-04-27 04:17 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2015-05-22 17:41 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-05-22 17:41 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-05-22 17:41 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-05-22 17:41 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-05-22 17:40 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\netapi32.dll 2015-05-22 17:40 - 2012-07-04 23:14 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\browser.dll 2015-05-22 17:40 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\browcli.dll 2015-05-21 22:55 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2015-05-21 22:54 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll 2015-05-21 22:54 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll 2015-05-21 22:54 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll 2015-05-21 22:54 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll 2015-05-21 22:54 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll 2015-05-21 22:54 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll 2015-05-21 22:54 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll 2015-05-21 22:54 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe 2015-05-21 22:54 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe 2015-05-21 22:54 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe 2015-05-21 22:53 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2015-05-21 22:53 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll 2015-05-21 22:53 - 2011-02-12 07:35 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\FXSCOVER.exe 2015-05-21 22:49 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-05-21 22:49 - 2015-04-20 04:55 - 01081344 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2015-05-21 22:49 - 2015-04-20 04:55 - 00811520 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2015-05-21 22:49 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-05-21 22:49 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2015-05-21 22:49 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-05-21 22:49 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-05-21 22:49 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-05-21 22:49 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-05-21 22:49 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-05-21 22:49 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-05-21 22:49 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-05-21 22:49 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-05-21 22:49 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-05-21 22:49 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2015-05-21 22:49 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys 2015-05-21 22:49 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2015-05-21 22:48 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\windows\system32\sbe.dll 2015-05-21 22:48 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll 2015-05-21 22:48 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\mpg2splt.ax 2015-05-21 22:47 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe 2015-05-21 22:47 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys 2015-05-21 22:47 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys 2015-05-21 22:46 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2015-05-21 22:46 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2015-05-21 22:46 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll 2015-05-21 22:45 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2015-05-21 22:42 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll 2015-05-21 22:39 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll 2015-05-21 22:35 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll 2015-05-21 00:46 - 2015-05-21 00:46 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira 2015-05-21 00:46 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2015-05-21 00:42 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2015-05-21 00:42 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2015-05-21 00:42 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2015-05-21 00:41 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll 2015-05-21 00:41 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll 2015-05-21 00:41 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs 2015-05-21 00:41 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs 2015-05-21 00:40 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2015-05-21 00:40 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys 2015-05-21 00:40 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs 2015-05-21 00:40 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs 2015-05-21 00:40 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs 2015-05-21 00:40 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs 2015-05-21 00:38 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll 2015-05-21 00:38 - 2014-12-11 19:47 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe 2015-05-21 00:37 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2015-05-21 00:37 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2015-05-21 00:37 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2015-05-21 00:37 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2015-05-21 00:37 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2015-05-21 00:37 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2015-05-21 00:37 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2015-05-21 00:37 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2015-05-21 00:37 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2015-05-21 00:37 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2015-05-21 00:37 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll 2015-05-21 00:37 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll 2015-05-21 00:37 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll 2015-05-21 00:37 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll 2015-05-21 00:37 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe 2015-05-21 00:37 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll 2015-05-21 00:37 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2015-05-21 00:36 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll 2015-05-21 00:36 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll 2015-05-21 00:36 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll 2015-05-21 00:36 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\msvcrt.dll 2015-05-21 00:36 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\webio.dll 2015-05-21 00:36 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\windows\system32\odbcjt32.dll 2015-05-21 00:36 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\odbctrac.dll 2015-05-21 00:36 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\odbccp32.dll 2015-05-21 00:36 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\odbccu32.dll 2015-05-21 00:36 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\odbccr32.dll 2015-05-21 00:35 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll 2015-05-21 00:35 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll 2015-05-21 00:35 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\synceng.dll 2015-05-21 00:35 - 2012-03-17 09:27 - 00056176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys 2015-05-21 00:34 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2015-05-21 00:34 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2015-05-21 00:34 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2015-05-21 00:34 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2015-05-21 00:34 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe 2015-05-21 00:34 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll 2015-05-21 00:34 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL 2015-05-21 00:34 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL 2015-05-21 00:34 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys 2015-05-21 00:33 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2015-05-21 00:33 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2015-05-21 00:33 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2015-05-21 00:33 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2015-05-21 00:33 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2015-05-21 00:33 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2015-05-21 00:33 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2015-05-21 00:33 - 2012-04-26 06:45 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\rdpwsx.dll 2015-05-21 00:33 - 2012-04-26 06:41 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\rdrmemptylst.exe 2015-05-21 00:33 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll 2015-05-21 00:32 - 2012-11-23 04:48 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe 2015-05-21 00:32 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll 2015-05-21 00:32 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll 2015-05-21 00:31 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys 2015-05-21 00:31 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys 2015-05-21 00:27 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll 2015-05-21 00:27 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2015-05-21 00:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll 2015-05-21 00:27 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2015-05-21 00:27 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-21 00:27 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-21 00:27 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll 2015-05-21 00:27 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll 2015-05-21 00:27 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\mfc42u.dll 2015-05-21 00:27 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\mfc42.dll 2015-05-21 00:23 - 2015-05-21 00:23 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-05-21 00:23 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys 2015-05-21 00:23 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys 2015-05-21 00:23 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll 2015-05-21 00:23 - 2012-11-29 00:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2015-05-21 00:23 - 2011-02-23 06:47 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys 2015-05-21 00:22 - 2015-05-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\ProgramData\Avira 2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\Program Files\Avira 2015-05-21 00:21 - 2015-05-21 00:21 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-21 00:21 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll 2015-05-21 00:21 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2015-05-21 00:21 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2015-05-21 00:21 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2015-05-21 00:20 - 2015-05-21 00:20 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\Petra\Downloads\avira_de_av_555d0838735c5__ws.exe 2015-05-21 00:20 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys 2015-05-21 00:20 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2015-05-21 00:20 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2015-05-21 00:20 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe 2015-05-21 00:20 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe 2015-05-21 00:20 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll 2015-05-21 00:20 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2015-05-21 00:20 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys 2015-05-21 00:20 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2015-05-21 00:20 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2015-05-21 00:20 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2015-05-21 00:20 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2015-05-21 00:20 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll 2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll 2015-05-21 00:19 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll 2015-05-21 00:19 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe 2015-05-21 00:19 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe 2015-05-21 00:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2015-05-21 00:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2015-05-21 00:18 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll 2015-05-21 00:18 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2015-05-20 23:56 - 2015-05-21 00:00 - 00004856 _____ () C:\windows\system32\TmInstall.log 2015-05-20 23:50 - 2015-05-21 00:09 - 00000000 ____D () C:\Users\Petra\AppData\Local\AviraResume 2015-05-20 23:17 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-20 22:50 - 2015-05-20 22:50 - 00000000 ____D () C:\Users\Petra\Documents\Fax 2015-05-20 22:49 - 2015-05-20 22:49 - 00001200 _____ () C:\Users\Petra\Desktop\iP7200 series _3B8506000000 - Verknüpfung.lnk 2015-05-20 22:48 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll 2015-05-20 22:48 - 2012-02-17 06:13 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdtcp.sys 2015-05-20 22:39 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll 2015-05-20 22:39 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll 2015-05-20 22:39 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe 2015-05-16 19:24 - 2015-05-22 23:56 - 00000000 ____D () C:\Users\Petra\Documents\HA ASA 4-13 2015-05-14 04:55 - 2015-05-14 04:55 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\OpenOffice 2015-05-14 04:52 - 2015-05-14 04:52 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-05-14 04:52 - 2015-05-14 04:52 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-05-14 04:51 - 2015-05-14 04:51 - 00000000 ____D () C:\Program Files\OpenOffice 4 2015-05-14 04:45 - 2015-05-14 04:46 - 00000000 ____D () C:\Users\Petra\Desktop\OpenOffice 4.1.1 (de) Installation Files 2015-05-14 04:33 - 2015-05-14 04:39 - 164858324 _____ () C:\Users\Petra\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe 2015-05-14 04:24 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-14 04:24 - 2015-05-14 04:24 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-05-14 04:24 - 2015-05-14 04:24 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Mozilla 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Local\Mozilla 2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\ProgramData\Mozilla 2015-05-14 04:21 - 2015-05-14 04:21 - 00243664 _____ () C:\Users\Petra\Downloads\Firefox Setup Stub 38.0.exe 2015-05-14 03:04 - 2015-05-14 03:04 - 00000059 _____ () C:\windows\system32\ȼ 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\windows\ConfigSetRoot 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boingo 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\GoBoingo 2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\Program Files\Boingo 2015-05-14 03:03 - 2010-05-28 04:27 - 00005576 _____ () C:\windows\Language.ini 2015-05-14 03:01 - 2015-05-14 03:01 - 00001108 _____ () C:\Users\Public\Desktop\E-Manual.lnk 2015-05-14 02:59 - 2015-05-14 02:59 - 00000000 ____D () C:\windows\system32\Atheros_L1e 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\SRSLabs 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\RTCOM 2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\Program Files\Elantech 2015-05-14 02:57 - 2015-05-14 02:58 - 00002119 _____ () C:\RHDSetup.log 2015-05-14 02:57 - 2015-05-14 02:58 - 00000000 ___HD () C:\Program Files\Temp 2015-05-14 02:57 - 2015-05-14 02:57 - 00000000 ____D () C:\Program Files\Realtek 2015-05-14 02:57 - 2010-04-27 10:57 - 03583008 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 01775136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkPgExt.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 01083936 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSndMgr.cpl 2015-05-14 02:57 - 2010-04-27 10:57 - 00367136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApoApi.dll 2015-05-14 02:57 - 2010-04-27 10:57 - 00058400 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoInst.dll 2015-05-14 02:57 - 2010-04-27 10:12 - 03084256 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHDA.sys 2015-05-14 02:57 - 2010-04-27 07:50 - 00299424 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO.dll 2015-05-14 02:57 - 2010-04-06 08:58 - 00000008 _____ () C:\windows\system32\Drivers\rtkhdaud.dat 2015-05-14 02:57 - 2010-03-22 08:22 - 01247776 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll 2015-05-14 02:57 - 2010-01-26 05:38 - 00145760 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTACap.dll 2015-05-14 02:57 - 2009-12-30 11:58 - 00004692 _____ () C:\windows\system32\Drivers\SamSfPa.dat 2015-05-14 02:57 - 2009-12-15 12:26 - 00357576 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL32A.dll 2015-05-14 02:57 - 2009-12-15 12:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG32A.dll 2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT32.dll 2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA32.dll 2015-05-14 02:57 - 2009-11-17 12:13 - 00096160 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTARen.dll 2015-05-14 02:56 - 2015-05-29 20:48 - 00064024 _____ () C:\Users\Petra\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-14 02:56 - 2015-05-21 00:11 - 00000000 ____D () C:\Users\Petra\AppData\Local\Windows Live 2015-05-14 02:56 - 2015-05-20 23:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Adobe 2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Local\Adobe 2015-05-14 02:56 - 2015-05-14 03:03 - 00001413 _____ () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-05-14 02:56 - 2015-05-14 03:03 - 00000000 ____D () C:\Users\Petra\AppData\Local\VirtualStore 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Startmenü 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Netzwerkumgebung 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Druckumgebung 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Musik 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Bilder 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Local\Verlauf 2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 ____D () C:\Users\Petra 2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\Documents\Asus WebStorage 2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\ASUS WebStorage 2015-05-14 02:56 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Macromedia 2015-05-14 02:56 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\E-Cam 2015-05-14 02:56 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-14 02:56 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Petra\Documents\Bluetooth Exchange Folder 2015-05-14 02:56 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\InstallShield 2015-05-14 02:56 - 2009-07-14 06:53 - 00000020 ___SH () C:\Users\Petra\ntuser.ini 2015-05-14 02:56 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-14 02:56 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-05-14 02:54 - 2015-05-14 02:54 - 00000000 __SHD () C:\Recovery 2015-05-08 06:33 - 2014-06-28 02:21 - 00391640 __RSH () C:\bootmgr 2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe 2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe 2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default\Desktop\Trend Micro Titanium.lnk 2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default User\Desktop\Trend Micro Titanium.lnk 2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\Documents\Asus WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ASUS WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\Documents\Asus WebStorage 2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ASUS WebStorage 2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live 2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live 2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\E-Cam 2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\E-Cam 2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\Documents\Bluetooth Exchange Folder 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Broadcom 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\Documents\Bluetooth Exchange Folder 2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Broadcom 2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\InstallShield 2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\InstallShield 2015-05-08 05:37 - 2015-05-29 22:02 - 01875453 _____ () C:\windows\WindowsUpdate.log ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-29 22:03 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2015-05-29 21:00 - 2011-02-16 17:44 - 00702604 _____ () C:\windows\system32\perfh013.dat 2015-05-29 21:00 - 2011-02-16 17:44 - 00136692 _____ () C:\windows\system32\perfc013.dat 2015-05-29 21:00 - 2011-02-16 17:39 - 00700520 _____ () C:\windows\system32\perfh010.dat 2015-05-29 21:00 - 2011-02-16 17:39 - 00130896 _____ () C:\windows\system32\perfc010.dat 2015-05-29 21:00 - 2009-07-27 12:11 - 04036802 _____ () C:\windows\system32\PerfStringBackup.INI 2015-05-29 20:57 - 2009-07-14 06:39 - 00054926 _____ () C:\windows\setupact.log 2015-05-29 20:56 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-29 20:56 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-29 20:43 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-05-29 20:38 - 2009-07-14 06:33 - 00286688 _____ () C:\windows\system32\FNTCACHE.DAT 2015-05-29 20:34 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\tracing 2015-05-29 20:34 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\AppCompat 2015-05-29 20:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System 2015-05-29 20:33 - 2011-02-16 17:44 - 00000000 ____D () C:\windows\system32\Drivers\nl-NL 2015-05-29 20:33 - 2011-02-16 17:39 - 00000000 ____D () C:\windows\system32\Drivers\it-IT 2015-05-29 20:33 - 2011-02-16 17:34 - 00000000 ____D () C:\windows\system32\Drivers\fr-FR 2015-05-29 20:33 - 2011-02-16 17:29 - 00000000 ____D () C:\windows\system32\Drivers\de-DE 2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\nl-NL 2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\it-IT 2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\fr-FR 2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\AdvancedInstallers 2015-05-27 22:12 - 2011-04-02 04:30 - 00416556 _____ () C:\windows\PFRO.log 2015-05-22 21:19 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2015-05-22 15:10 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\LogFiles 2015-05-22 13:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender 2015-05-20 23:52 - 2011-04-02 05:07 - 00000000 ____D () C:\ProgramData\Trend Micro 2015-05-20 23:07 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\FxsTmp 2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\WCN 2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts 2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\MUI 2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\com 2015-05-14 03:03 - 2011-04-02 04:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-05-14 03:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-05-14 03:01 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Asus 2015-05-14 02:59 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\restore 2015-05-14 02:58 - 2011-04-02 04:44 - 00014676 _____ () C:\windows\DPINST.LOG 2015-05-14 02:57 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Common Files\InstallShield 2015-05-14 02:54 - 2009-07-27 12:56 - 00000000 ____D () C:\windows\panther 2015-05-14 02:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\Recovery 2015-05-08 06:33 - 2009-07-14 06:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG 2015-05-08 06:33 - 2009-07-14 06:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template 2015-05-08 05:38 - 2009-07-27 11:57 - 00008134 _____ () C:\windows\TSSysprep.log 2015-05-08 05:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2015-05-08 05:35 - 2009-07-14 06:34 - 00004822 _____ () C:\windows\DtcInstall.log ==================== Files in the root of some directories ======= 2011-04-02 04:49 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Some files in TEMP: ==================== C:\Users\Petra\AppData\Local\Temp\avgnt.exe C:\Users\Petra\AppData\Local\Temp\MSETUP4.EXE C:\Users\Petra\AppData\Local\Temp\Quarantine.exe C:\Users\Petra\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-17 08:49 ==================== End of log ============================ Nochmal LG Parim |
30.05.2015, 14:19 | #8 |
/// the machine /// TB-Ausbilder | Trojaner 'TR/Crypt.XPACK.Gen' Flash Player und Adobe Reader updaten. Poste mal FRST Logs von dem Laptop, ich schau mal Für diesen Rechner hier: Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.05.2015, 23:21 | #9 |
| Trojaner 'TR/Crypt.XPACK.Gen' Hallo Schrauber, das Folgende verstehe ich nicht: Falls Defogger verwendet wurde: Falls Combofix verwendet wurde: Was soll ich machen? Wer hat das verwendet? Woher weiß ich das? Zu dem Anderen: Eine Spende bekommt ihr auf jeden Fall, denn was wären wir Laien ohne eure wunderbare ehrenamtliche Hilfe? Außerdem macht es irgendwie auch Spaß, den PC mit eurer Unterstützung zu untersuchen. Auch wenn ich von den Ergebnissen nur Bahnhof verstehe. Also eigentlich nicht nur, denn ich habe die rote Markierung auch gelesen und die Aktualisierungen gleich vorgestern noch vorgenommen. Nur heute weiß ich nicht, was ich eigentlich machen soll. LG Parim |
31.05.2015, 14:07 | #10 |
/// the machine /// TB-Ausbilder | Trojaner 'TR/Crypt.XPACK.Gen' Haben wir nicht benutzt, kannst gleich Delfix nutzen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.06.2015, 20:41 | #11 |
| Trojaner 'TR/Crypt.XPACK.Gen' Hallo Schrauber, meinst du jetzt ist alles wieder ok mit meinem Netbook? Habe Delfix benutzt und nun weiß ich nicht weiter. Kann ich die langen "Ergebnisfahnen", die ich hier produziert hatte, weil ich das mit der Raute anfangs nicht begriff, einfach Löschen? Dann muss ich nicht immer so viel scrollen. Heute habe ich bei meinem Notebook mal ein FRST gemacht. Es ist wahnsinnig langsam geworden und Firefox friert öfter mal ein, wenn ich auf manche Seiten klicke. Jetzt erst mal das Ergebnis des FRST. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015 Ran by Petra (administrator) on PETRA-PC on 02-06-2015 21:09:14 Running from C:\Users\Petra\Downloads Loaded Profiles: Petra (Available Profiles: Petra) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Devguru Co., Ltd.) C:\Windows\System32\dgdersvc.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) C:\Users\Petra\Downloads\FRST(1).exe (Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] () HKLM\...\Run: [UpdateP2GShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.) HKU\S-1-5-21-2556273383-626926974-2087105738-1003\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3365176 2010-11-11] (Samsung Electronics Co., Ltd.) HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation) Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-05-22] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-2556273383-626926974-2087105738-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com/ SearchScopes: HKLM -> DefaultScope value is missing BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-30] (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-30] (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.) Toolbar: HKU\S-1-5-21-2556273383-626926974-2087105738-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKU\S-1-5-21-2556273383-626926974-2087105738-1003 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default FF NewTab: google.de FF SelectedSearchEngine: webssearches FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-30] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2556273383-626926974-2087105738-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll [2012-10-30] (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-05-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-05-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-05-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-05-14] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-05-14] (Apple Inc.) FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\englische-ergebnisse.xml [2012-08-10] FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\gmx-suche.xml [2012-08-10] FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\google-images.xml [2015-04-14] FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\google-maps.xml [2015-04-14] FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\lastminute.xml [2012-08-10] FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\webde-suche.xml [2012-08-10] FF Extension: Avira Browser Safety - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\Extensions\abs@avira.com [2015-05-28] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-01-07] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-11-28] FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack FF HKU\S-1-5-21-2556273383-626926974-2087105738-1003\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\extensions\cliqz@cliqz.com FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-18] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-07] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG) R2 dgdersvc; C:\windows\system32\dgdersvc.exe [95568 2010-10-25] (Devguru Co., Ltd.) R2 FsUsbExService; C:\windows\system32\FsUsbExService.Exe [217088 2010-09-06] (Teruten) [File not signed] R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited) S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation) S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited) S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 vosr; C:\Users\Petra\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATTENTION <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation) R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-05-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-05] (Avira Operations GmbH & Co. KG) S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo) R3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] () [File not signed] R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2010-05-15] () S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-09-01] (Malwarebytes Corporation) R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH) R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R3 usbsmi; C:\windows\System32\DRIVERS\SMIksdrv.sys [171776 2009-10-16] (SMI) R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider) S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X] S4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X] S3 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X] S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 21:08 - 2015-06-02 21:08 - 01147392 _____ (Farbar) C:\Users\Petra\Downloads\FRST(1).exe 2015-06-02 21:03 - 2015-06-02 21:03 - 00064512 _____ () C:\Users\Petra\Downloads\Projekt 1+2 - Bewertung Muster.xls 2015-06-02 16:19 - 2015-06-02 16:19 - 00000000 ____D () C:\Users\Petra\AppData\Local\GWX 2015-05-30 00:21 - 2015-05-30 00:21 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Petra\Downloads\flashplayer17_ha_install.exe 2015-05-26 20:08 - 2015-05-26 20:40 - 00060416 _____ () C:\Users\Petra\Downloads\RS-GR-Form - ASA 3+4-13.xls 2015-05-26 19:09 - 2015-05-26 22:25 - 00060416 _____ () C:\Users\Petra\Downloads\LF 1+5 - Notenber. 2015 NEU.xls 2015-05-25 22:43 - 2015-05-25 22:43 - 00027136 _____ () C:\Users\Petra\Downloads\LF 5 - Notenberechnung.xls 2015-05-23 00:03 - 2015-05-23 00:03 - 00050176 _____ () C:\Users\Petra\Downloads\ENB 3+4-13 - LF 1 und LF 5(1).xls 2015-05-18 21:08 - 2015-06-02 16:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-05-18 08:53 - 2015-05-18 08:53 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Petra\Downloads\flashplayer17au_ha_install.exe 2015-05-17 20:44 - 2015-05-17 20:44 - 00050176 _____ () C:\Users\Petra\Downloads\ENB 3+4-13 - LF 1 und LF 5.xls 2015-05-17 20:39 - 2015-05-17 20:39 - 00000000 ____D () C:\Users\Petra\6.0 2015-05-17 20:38 - 2015-05-17 20:39 - 00000000 ____D () C:\Users\Petra\.tfo6 2015-05-17 20:38 - 2015-05-17 20:38 - 00000000 ____D () C:\Users\Petra\.thinkfree 2015-05-14 08:58 - 2015-05-14 08:58 - 00018944 _____ () C:\Users\Petra\Downloads\Bewertung LF 5 Hausarbeit.xls 2015-05-14 03:46 - 2015-05-14 03:46 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-05-14 03:46 - 2015-05-14 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-05-14 03:45 - 2015-05-14 03:46 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB 2015-05-14 03:45 - 2015-05-14 03:46 - 00000000 ____D () C:\Program Files\iTunes 2015-05-14 03:45 - 2015-05-14 03:45 - 00000000 ____D () C:\Program Files\iPod 2015-05-14 03:35 - 2015-05-14 03:35 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2015-05-13 18:47 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 17:06 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2015-05-13 17:06 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe 2015-05-13 17:06 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2015-05-13 17:06 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2015-05-13 17:06 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2015-05-13 17:06 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2015-05-13 17:06 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2015-05-13 17:06 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2015-05-13 17:06 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2015-05-13 17:06 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2015-05-13 17:06 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe 2015-05-13 17:06 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2015-05-13 17:06 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe 2015-05-13 17:06 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2015-05-13 17:06 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe 2015-05-13 17:06 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2015-05-13 17:06 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe 2015-05-13 17:06 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2015-05-13 17:06 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2015-05-13 17:06 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2015-05-13 17:06 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe 2015-05-13 17:06 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2015-05-13 17:06 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2015-05-13 17:06 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2015-05-13 17:06 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2015-05-13 17:06 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll 2015-05-13 17:06 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2015-05-13 17:06 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll 2015-05-13 17:06 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2015-05-13 17:06 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2015-05-13 17:06 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll 2015-05-13 17:05 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2015-05-13 17:05 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2015-05-13 17:05 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2015-05-13 17:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2015-05-13 17:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2015-05-13 17:05 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2015-05-13 17:05 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2015-05-13 17:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2015-05-13 17:05 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2015-05-13 17:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2015-05-13 17:05 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2015-05-13 17:05 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2015-05-13 17:05 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2015-05-13 17:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2015-05-13 17:05 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2015-05-13 17:05 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2015-05-13 17:05 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2015-05-13 17:05 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2015-05-13 17:05 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2015-05-13 17:05 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 17:05 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2015-05-13 17:05 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2015-05-13 17:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2015-05-13 17:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2015-05-13 17:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2015-05-13 17:05 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2015-05-13 17:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2015-05-13 17:05 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2015-05-13 17:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2015-05-13 17:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2015-05-13 17:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2015-05-13 17:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2015-05-13 17:05 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe 2015-05-13 17:04 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll 2015-05-13 17:04 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll 2015-05-13 17:04 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll 2015-05-13 17:04 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll 2015-05-13 17:04 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll 2015-05-13 17:04 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe 2015-05-13 17:04 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2015-05-13 01:11 - 2015-05-13 01:28 - 446874704 _____ () C:\Users\Petra\Downloads\Leschs Kosmos - Die Macht der Musik - Magie und Manipulation [HD].mp4 2015-05-12 22:48 - 2015-05-12 22:53 - 145381283 _____ () C:\Users\Petra\Downloads\Der Marshmallow-Test von Walter Mischel (Sternstunde Philosophie, 22.3.2015).flv 2015-05-12 22:18 - 2015-05-12 22:38 - 532047035 _____ () C:\Users\Petra\Downloads\Der Marshmallow-Test von Walter Mischel (Sternstunde Philosophie, 22.3.2015)(1).mp4 2015-05-12 22:10 - 2015-05-12 22:15 - 161218075 _____ () C:\Users\Petra\Downloads\Der Marshmallow-Test von Walter Mischel (Sternstunde Philosophie, 22.3.2015).mp4 2015-05-11 22:45 - 2015-05-11 22:45 - 00007597 _____ () C:\Users\Petra\AppData\Local\Resmon.ResmonCfg 2015-05-09 10:32 - 2015-05-09 10:33 - 13367515 _____ () C:\Users\Petra\Downloads\Meditation verändert das Gehirn.mp4.mp4 2015-05-09 10:05 - 2015-05-09 10:12 - 174710232 _____ () C:\Users\Petra\Downloads\Terra X Supertalent Mensch Geistesgiganten.mp4 2015-05-09 09:54 - 2015-05-09 10:02 - 202037109 _____ () C:\Users\Petra\Downloads\Doku 2014 Supertalent Mensch - Körperbeherrscher [Dokumentation Deutsch].mp4 2015-05-06 20:30 - 2015-05-06 20:30 - 00001170 _____ () C:\Users\Public\Desktop\FinanzmanagerV8.lnk 2015-05-06 20:30 - 2015-05-06 20:30 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\AckiSoft 2015-05-06 20:30 - 2015-05-06 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinanzmanagerV8 2015-05-06 20:30 - 2015-05-06 20:30 - 00000000 ____D () C:\Program Files\AckiSoft 2015-05-06 20:25 - 2015-05-06 20:29 - 97187572 _____ (AckiSoft ) C:\Users\Petra\Downloads\FinanzmanagerV8-Setup.exe 2015-05-06 20:10 - 2015-05-06 20:10 - 07281664 _____ () C:\Users\Petra\Downloads\MyMicroBalance_3.0.3_DE.msi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-02 21:09 - 2014-04-18 23:37 - 00017456 _____ () C:\Users\Petra\Downloads\FRST.txt 2015-06-02 21:09 - 2014-04-18 23:37 - 00000000 ____D () C:\FRST 2015-06-02 21:08 - 2013-02-20 00:41 - 00000000 ____D () C:\Users\Petra\Documents\Gitarre 2015-06-02 21:01 - 2013-06-19 14:15 - 00000000 ____D () C:\Users\Petra\Documents\D&B 2015-06-02 20:54 - 2012-08-23 19:27 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-06-02 19:29 - 2009-07-14 06:34 - 00018512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-02 19:29 - 2009-07-14 06:34 - 00018512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-02 16:22 - 2010-05-15 05:32 - 01295933 _____ () C:\windows\WindowsUpdate.log 2015-06-02 16:18 - 2013-01-30 04:33 - 00119557 _____ () C:\windows\setupact.log 2015-06-02 16:18 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-06-01 07:16 - 2010-01-18 19:03 - 01812226 _____ () C:\windows\system32\PerfStringBackup.INI 2015-05-31 01:19 - 2012-01-07 22:52 - 00000000 ____D () C:\Users\Petra\Documents\Lied Texte 2015-05-30 23:36 - 2013-04-29 21:30 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\vlc 2015-05-30 00:22 - 2012-08-23 19:27 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe 2015-05-30 00:22 - 2011-06-13 22:19 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl 2015-05-30 00:21 - 2010-09-14 08:31 - 00000000 ____D () C:\Users\Petra\AppData\Local\Adobe 2015-05-25 22:30 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT 2015-05-22 20:05 - 2010-09-11 16:50 - 00000000 ____D () C:\Users\Petra\Documents\OneNote-Notizbücher 2015-05-21 00:48 - 2015-04-05 22:19 - 00000000 ___SD () C:\windows\system32\GWX 2015-05-19 15:10 - 2013-08-07 21:06 - 00320918 _____ () C:\windows\PFRO.log 2015-05-19 15:10 - 2012-05-04 17:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-05-18 12:38 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF 2015-05-17 20:39 - 2010-09-11 14:47 - 00000000 ____D () C:\Users\Petra 2015-05-14 09:34 - 2009-07-29 12:50 - 00000000 ____D () C:\Program Files\Windows Journal 2015-05-14 06:14 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache 2015-05-14 03:45 - 2014-08-18 18:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2015-05-14 03:45 - 2010-12-12 21:43 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-05-14 03:36 - 2011-12-25 14:02 - 00000000 ____D () C:\Program Files\QuickTime 2015-05-14 03:35 - 2011-12-25 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-05-14 03:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET 2015-05-14 03:09 - 2009-07-14 06:33 - 00433808 _____ () C:\windows\system32\FNTCACHE.DAT 2015-05-14 03:06 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE 2015-05-14 03:06 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\AdvancedInstallers 2015-05-13 18:48 - 2010-01-18 18:57 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-05-13 18:44 - 2013-08-16 00:14 - 00000000 ____D () C:\windows\system32\MRT 2015-05-13 18:34 - 2010-09-12 21:52 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-05-13 18:27 - 2010-09-15 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 18:27 - 2010-01-18 19:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-12 13:40 - 2015-04-12 16:07 - 00000000 ____D () C:\Users\Petra\Documents\Bewerbungen 2015 2015-05-07 16:59 - 2013-08-07 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-05-07 16:57 - 2013-08-07 21:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2015-05-07 16:57 - 2013-08-07 21:13 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2015-05-07 16:57 - 2013-08-07 21:13 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys 2015-05-06 21:30 - 2014-02-09 01:17 - 00000000 ____D () C:\Users\Petra\MediathekView 2015-05-03 21:28 - 2014-06-14 00:47 - 00086528 ___SH () C:\Users\Petra\Thumbs.db ==================== Files in the root of some directories ======= 2014-04-18 21:14 - 2014-04-18 21:15 - 0000322 _____ () C:\Users\Petra\AppData\Roaming\aps.uninstall.scan.results 2012-04-15 15:04 - 2014-11-02 20:54 - 0007168 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-18 21:11 - 2014-04-18 21:11 - 1097384 _____ (AnyProtect.com) C:\Users\Petra\AppData\Local\nsfE1B8.tmp 2015-05-11 22:45 - 2015-05-11 22:45 - 0007597 _____ () C:\Users\Petra\AppData\Local\Resmon.ResmonCfg 2011-01-13 22:40 - 2011-12-16 00:38 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt Files to move or delete: ==================== C:\Users\Petra\X16-42929_W2MM3-DVRRH-3CY23-482JG-WWTGW.exe Some files in TEMP: ==================== C:\Users\Petra\AppData\Local\Temp\avgnt.exe C:\Users\Petra\AppData\Local\Temp\BackupSetup.exe C:\Users\Petra\AppData\Local\Temp\FileSystemView.dll C:\Users\Petra\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Petra\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Petra\AppData\Local\Temp\Mobogenie_Setup_2.1.23_515.exe C:\Users\Petra\AppData\Local\Temp\MSETUP4.EXE C:\Users\Petra\AppData\Local\Temp\ochelper.exe C:\Users\Petra\AppData\Local\Temp\Quarantine.exe C:\Users\Petra\AppData\Local\Temp\uninstall.exe C:\Users\Petra\AppData\Local\Temp\vcredist_x86.exe C:\Users\Petra\AppData\Local\Temp\vlc-2.1.3-win32.exe C:\Users\Petra\AppData\Local\Temp\vlc-2.1.5-win32.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\windows\explorer.exe => File is digitally signed C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-26 10:11 ==================== End of log ============================ Parim |
03.06.2015, 11:54 | #12 |
/// the machine /// TB-Ausbilder | Trojaner 'TR/Crypt.XPACK.Gen' Einfach das Cleanup durchführen wie oben beschrieben, dann ist der Rechner fertig. Logs kann man nachträglich nicht löschen. Addition.txt fehlt noch vom Laptop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.06.2015, 20:30 | #13 |
| Trojaner 'TR/Crypt.XPACK.Gen' Hallo Schrauber, du hast geschrieben: "Addition.txt fehlt noch vom Laptop" meinst du das Netbook oder das Notebook. Was ich dir gestern geschickt hatte war vom Notebook. LG Parim |
04.06.2015, 11:13 | #14 |
/// the machine /// TB-Ausbilder | Trojaner 'TR/Crypt.XPACK.Gen' Den neuen Rechner, den wir jetzt machen, da haste ne FRST.txt gepostet, ich brauch aber noch die Addition.txt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.06.2015, 20:14 | #15 |
| Trojaner 'TR/Crypt.XPACK.Gen' Hallo Schrauber, hier kommt die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014 01 Ran by Petra at 2014-04-18 23:38:57 Running from C:\Users\Petra\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated) Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation) Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - ) Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation) Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0 - Microsoft Corporation) Hidden Business Contact Manager für Microsoft Outlook 2010 (HKLM\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation) CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.0 - Conexant) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft) DMUninstaller (HKLM\...\DMUninstaller) (Version: - ) <==== ATTENTION EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.1015 - Lenovo) ElsterFormular für Privatanwender (HKLM\...\ElsterFormular für Privatanwender 12.0.0.5880p) (Version: 12.0.0.5880p - Landesfinanzdirektion Thüringen) Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo) Foxit Reader 5.1 (HKLM\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation) Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Freeven Pro 1.3 (HKLM\...\Freeven Pro 1.3) (Version: 1.34.4.10 - Freeven) <==== ATTENTION GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan) Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kies (HKLM\...\InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}) (Version: 1.5.3 - Ihr Firmenname) Kies (Version: 1.5.3 - Ihr Firmenname) Hidden Lenovo EasyCamera (HKLM\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion) Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo) Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited) MediaPlayerplus (HKLM\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu (HKLM\...\{742D41A9-B3BF-3A65-806E-F8372FB3E492}) (Version: 3.5.0.0 - Microsoft Corporation) Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 (Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 Native Client (HKLM\...\{1C2B3CEA-482E-4453-B3E2-C9731337828A}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010) (Version: 4.0.11308.0 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) MyFreeCodec (HKLM\...\MyFreeCodec) (Version: - ) MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger) OutlookAddInNet3Setup (HKLM\...\{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}) (Version: 1.0.0 - Samsung) Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.) QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.) Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80601 - Samsung Electronics Co., Ltd.) Samsung PC Studio 3 (Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1600.0 - SAMSUNG Electronics Co., Ltd.) Scribus 1.4.0rc1 (HKLM\...\Scribus 1.4.0) (Version: 1.4.0rc1 - The Scribus Team) Service Pack 1 für SQL Server 2008 (KB 968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{877B3198-1C6B-4A9A-8D28-BE4F6040987F}) (Version: 10.1.2531.0 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN) VO Package (HKLM\...\VOPackage) (Version: 1.0.0.0 - ) webssearches uninstaller (HKLM\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) ==================== Restore Points ========================= 12-03-2014 20:17:21 Geplanter Prüfpunkt 12-03-2014 23:15:48 Windows Update 19-03-2014 01:09:04 Windows Update 26-03-2014 19:56:12 Geplanter Prüfpunkt 03-04-2014 15:13:48 Geplanter Prüfpunkt 10-04-2014 20:06:06 Geplanter Prüfpunkt 10-04-2014 22:38:19 Windows Update 17-04-2014 15:35:21 Installed Java 7 Update 55 18-04-2014 19:10:57 Uniblue SpeedUpMyPC installation ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0C619C25-3594-4CF4-98D4-BFCB38687419} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.) Task: {5F491368-7C6B-4E12-A4AA-5F7D162ED1B3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {6C7B3B26-8FB3-4AF4-957D-53E3446E114A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.) Task: {6D5A1B58-0188-4D07-B2B9-94D67EF3C52A} - System32\Tasks\SUPERAntiSpyware Scheduled Task 838c08ba-a7ce-410e-8ab3-8dd08dfca0f4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: {93C36170-3734-4CA1-9399-73FFF6B60CF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {C0856EAC-112A-471A-849B-345D0E3A65E3} - System32\Tasks\f7ad95ee-5d85-4b26-b76f-25e90ce6de26-5 => C:\Program Files\Freeven Pro 1.3\f7ad95ee-5d85-4b26-b76f-25e90ce6de26-5.exe [2014-04-18] (Freeven) Task: {F3403976-F602-400B-86E2-39F142140EA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd) Task: {FC9D6715-0845-45F3-87D2-9106B3C2A8B3} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3acab02a-3688-4eaf-854d-29a38cee6ff3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\f7ad95ee-5d85-4b26-b76f-25e90ce6de26-5.job => C:\Program Files\Freeven Pro 1.3\f7ad95ee-5d85-4b26-b76f-25e90ce6de26-5.exe <==== ATTENTION Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3acab02a-3688-4eaf-854d-29a38cee6ff3.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 838c08ba-a7ce-410e-8ab3-8dd08dfca0f4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-07 21:13 - 2013-08-07 21:02 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-12-25 21:33 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll 2014-04-15 13:05 - 2014-04-15 13:05 - 00355328 _____ () C:\Users\Petra\AppData\Roaming\VOPackage\VOsrv.exe 2010-05-15 05:42 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll 2010-05-15 05:42 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll 2014-03-14 16:06 - 2014-03-14 16:06 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll 2014-03-14 16:00 - 2014-03-14 16:00 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll 2014-03-29 12:40 - 2014-03-29 12:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2014-03-12 20:54 - 2014-03-12 20:54 - 16276872 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files\AVG\AVG2012\avgtray.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/18/2014 09:10:49 PM) (Source: VSS) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {0001b3fb-912b-46da-bd4a-72c809414b11} Error: (03/27/2014 00:42:09 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c3873 ID des fehlerhaften Prozesses: 0xac0 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (03/04/2014 10:01:51 PM) (Source: Application Hang) (User: ) Description: Programm OUTLOOK.EXE, Version 14.0.7113.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4a4 Startzeit: 01cf37e32752683a Endzeit: 30 Anwendungspfad: C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE Berichts-ID: c7ef3825-a3d7-11e3-afdc-88ae1d2590b4 Error: (03/02/2014 08:18:27 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1d731 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0015f211 ID des fehlerhaften Prozesses: 0x988 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (02/02/2014 01:29:51 AM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 99c Startzeit: 01cf1fa2d04c9876 Endzeit: 515 Anwendungspfad: C:\windows\Explorer.EXE Berichts-ID: bac1c727-8b98-11e3-b836-88ae1d2590b4 Error: (01/30/2014 05:20:36 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273 Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0014e1a8 ID des fehlerhaften Prozesses: 0x64c Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (12/17/2013 11:08:09 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: i_view32.exe, Version: 4.2.8.0, Zeitstempel: 0x4d08e831 Name des fehlerhaften Moduls: VIDEO.DLL, Version: 4.2.8.0, Zeitstempel: 0x4d0634d6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001e3e ID des fehlerhaften Prozesses: 0xc50 Startzeit der fehlerhaften Anwendung: 0xi_view32.exe0 Pfad der fehlerhaften Anwendung: i_view32.exe1 Pfad des fehlerhaften Moduls: i_view32.exe2 Berichtskennung: i_view32.exe3 Error: (12/14/2013 01:20:52 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204 Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00118f87 ID des fehlerhaften Prozesses: 0xb70 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (12/11/2013 04:14:26 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204 Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00118f87 ID des fehlerhaften Prozesses: 0x844 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 Error: (12/09/2013 11:41:43 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204 Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00118f87 ID des fehlerhaften Prozesses: 0x618 Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0 Pfad der fehlerhaften Anwendung: firefox.exe1 Pfad des fehlerhaften Moduls: firefox.exe2 Berichtskennung: firefox.exe3 System errors: ============= Error: (04/18/2014 10:55:45 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/18/2014 10:55:45 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Error: (04/15/2014 10:39:24 PM) (Source: DCOM) (User: ) Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58} Error: (04/11/2014 03:26:07 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b Error: (03/30/2014 00:52:29 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (02/17/2014 08:51:37 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (02/16/2014 01:40:53 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht. Error: (02/02/2014 00:46:36 AM) (Source: cdrom) (User: ) Description: Fehlerhafter Block bei Gerät \Device\CdRom0. Error: (01/24/2014 08:57:50 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (01/24/2014 08:57:49 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Microsoft Office Sessions: ========================= Error: (04/18/2014 09:10:49 PM) (Source: VSS)(User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {0001b3fb-912b-46da-bd4a-72c809414b11} Error: (03/27/2014 00:42:09 AM) (Source: Application Error)(User: ) Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.18247521ea91cc0000374000c3873ac001cf49195e0b8f8fC:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dlldd20e7bb-b537-11e3-8fbb-88ae1d2590b4 Error: (03/04/2014 10:01:51 PM) (Source: Application Hang)(User: ) Description: OUTLOOK.EXE14.0.7113.50004a401cf37e32752683a30C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXEc7ef3825-a3d7-11e3-afdc-88ae1d2590b4 Error: (03/02/2014 08:18:27 PM) (Source: Application Error)(User: ) Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1822251f1d731c00000050015f21198801cf36434db09eedC:\windows\Explorer.EXEC:\windows\system32\SHELL32.dll0c0f850a-a237-11e3-9e90-88ae1d2590b4 Error: (02/02/2014 01:29:51 AM) (Source: Application Hang)(User: ) Description: Explorer.EXE6.1.7601.1756799c01cf1fa2d04c9876515C:\windows\Explorer.EXEbac1c727-8b98-11e3-b836-88ae1d2590b4 Error: (01/30/2014 05:20:36 PM) (Source: Application Error)(User: ) Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a864c01cf1dc48985c8fbC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll1117938b-89c2-11e3-8238-88ae1d2590b4 Error: (12/17/2013 11:08:09 PM) (Source: Application Error)(User: ) Description: i_view32.exe4.2.8.04d08e831VIDEO.DLL4.2.8.04d0634d6c000000500001e3ec5001cefb679a17c07aC:\Program Files\IrfanView\i_view32.exeC:\Program Files\IrfanView\Plugins\VIDEO.DLL5405f6c1-675f-11e3-b8ec-88ae1d2590b4 Error: (12/14/2013 01:20:52 AM) (Source: Application Error)(User: ) Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87b7001cef8452c267daeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll35373e7f-644d-11e3-94ea-88ae1d2590b4 Error: (12/11/2013 04:14:26 PM) (Source: Application Error)(User: ) Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f8784401cef67265b155d1C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll8a4cd2a4-626e-11e3-975f-88ae1d2590b4 Error: (12/09/2013 11:41:43 PM) (Source: Application Error)(User: ) Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f8761801cef51676b25c0bC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dllb122277d-611a-11e3-988f-88ae1d2590b4 |
Themen zu Trojaner 'TR/Crypt.XPACK.Gen' |
datei, dateien, daten, folge, folgende, gekauft, hängt, internet, langsam, lösung, mail, meldung, notebook, office, schutz, seite, stick, tr/crypt.xpack.gen, trojaner, trojaner 'tr/crypt.xpack.gen', virenschutz, virus, windows, woche, ziehen, zugriff |