| |
| |||||||
Log-Analyse und Auswertung: PUA/iLivid.Gen auf Win7x64 NotebookWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.06.2015, 21:42
| #1 |
 |  PUA/iLivid.Gen auf Win7x64 Notebook Hallo! Ich habe mir auf diesem Rechner vor einiger Zeit einen Schädling eingefangen. Ich wollte mir ein Update für den DVDvideosoft youtube to mp3 converter herunterladen. Auf der Downloadseite habe ich dann wohl versehentlich auf einen dieser Downloader-Werbebuttons geklickt und der Schaden war angerichtet...   Über Antivir kam die Meldung rein --> 'Adware/SeaSuite.inze'. Den Download habe ich dann nicht mehr ausgeführt.AntiVir Ereignis-Report: Code:
ATTFilter Exportierte Ereignisse:
20.01.2015 17:35 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Andreas\AppData\Local\Opera\Opera\cache\g_0012\opr00EFC.tmp'
enthielt einen Virus oder unerwünschtes Programm 'Adware/SeaSuite.inze'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '502228c3.qua'
verschoben!
Kernel-Power Shutdown: Code:
ATTFilter Protokollname: System
Quelle: Microsoft-Windows-Kernel-Power
Datum: 20.01.2015 17:58:05
Ereignis-ID: 41
Aufgabenkategorie:(63)
Ebene: Kritisch
Schlüsselwörter:(2)
Benutzer: SYSTEM
Computer: Andreas-PC
Beschreibung:
Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde.
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2015-01-20T16:58:05.513619300Z" />
<EventRecordID>518966</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>Andreas-PC</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">0</Data>
</EventData>
</Event>
Da es nicht mein primäres Notebook ist, habe ich es dann seither unbenutzt liegen gelassen. Ich brauche es aber jetzt, weil ich nun darauf eine Abschlussarbeit schreiben muss.  Nach einem Update auf aktuellen Stand habe ich Antivir nochmal über die betreffende Datei drüber laufen lassen. Antivir aktuell: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 29. Mai 2015 08:04
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Andreas
Computername : ANDREAS-PC
Versionsinformationen:
BUILD.DAT : 15.0.8.656 91858 Bytes 17.03.2015 13:02:00
AVSCAN.EXE : 15.0.8.652 1014064 Bytes 28.05.2015 21:20:50
AVSCANRC.DLL : 15.0.8.652 63792 Bytes 28.05.2015 21:20:50
LUKE.DLL : 15.0.8.652 60664 Bytes 28.05.2015 21:21:46
AVSCPLR.DLL : 15.0.8.652 93488 Bytes 28.05.2015 21:20:51
REPAIR.DLL : 15.0.8.652 365360 Bytes 28.05.2015 21:20:49
REPAIR.RDF : 1.0.8.6 896183 Bytes 28.05.2015 21:23:42
AVREG.DLL : 15.0.8.652 265464 Bytes 28.05.2015 21:20:48
AVLODE.DLL : 15.0.8.656 645368 Bytes 28.05.2015 21:20:47
AVLODE.RDF : 14.0.4.70 79227 Bytes 28.05.2015 21:20:40
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00191.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00192.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00193.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00194.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00195.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00196.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:59
XBV00197.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:59
XBV00198.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:59
XBV00199.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:59
XBV00200.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00201.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00202.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00203.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00204.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00205.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00206.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00207.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00208.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00209.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00210.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00211.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00212.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00213.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00214.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00215.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00216.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00217.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00218.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00219.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00220.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00221.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00222.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00223.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00224.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00225.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00226.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:05
XBV00227.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:05
XBV00228.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:05
XBV00229.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:05
XBV00230.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00231.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00232.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00233.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00234.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00235.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00236.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00237.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00238.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00239.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00240.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:08
XBV00241.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:08
XBV00242.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:08
XBV00243.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:08
XBV00244.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00245.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00246.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00247.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00248.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00249.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:10
XBV00250.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:10
XBV00251.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:10
XBV00252.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:10
XBV00253.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:11
XBV00254.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:11
XBV00255.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:11
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:00:13
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 22:07:20
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 22:07:23
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 22:07:25
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 17:08:38
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:35:57
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 20:25:00
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 13:00:34
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 19:52:12
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 19:19:17
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 10:36:13
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 18:30:10
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 10:44:31
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 21:58:35
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 21:22:18
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 21:22:21
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 21:22:22
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 21:22:25
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 21:22:28
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 21:22:30
XBV00042.VDF : 8.11.230.210 93184 Bytes 13.05.2015 21:22:30
XBV00043.VDF : 8.11.230.212 2048 Bytes 13.05.2015 21:22:30
XBV00044.VDF : 8.11.230.254 3072 Bytes 13.05.2015 21:22:30
XBV00045.VDF : 8.11.231.22 39936 Bytes 13.05.2015 21:22:30
XBV00046.VDF : 8.11.231.44 8192 Bytes 13.05.2015 21:22:31
XBV00047.VDF : 8.11.231.46 2048 Bytes 13.05.2015 21:22:31
XBV00048.VDF : 8.11.231.66 10240 Bytes 13.05.2015 21:22:31
XBV00049.VDF : 8.11.231.88 43520 Bytes 14.05.2015 21:22:31
XBV00050.VDF : 8.11.231.108 18432 Bytes 14.05.2015 21:22:31
XBV00051.VDF : 8.11.231.128 2048 Bytes 14.05.2015 21:22:32
XBV00052.VDF : 8.11.231.150 30208 Bytes 14.05.2015 21:22:32
XBV00053.VDF : 8.11.231.188 23552 Bytes 14.05.2015 21:22:32
XBV00054.VDF : 8.11.231.206 10240 Bytes 14.05.2015 21:22:33
XBV00055.VDF : 8.11.231.224 11776 Bytes 14.05.2015 21:22:33
XBV00056.VDF : 8.11.231.244 98304 Bytes 14.05.2015 21:22:33
XBV00057.VDF : 8.11.231.246 2048 Bytes 14.05.2015 21:22:33
XBV00058.VDF : 8.11.231.250 91136 Bytes 15.05.2015 21:22:33
XBV00059.VDF : 8.11.232.34 2048 Bytes 15.05.2015 21:22:34
XBV00060.VDF : 8.11.232.52 70656 Bytes 15.05.2015 21:22:34
XBV00061.VDF : 8.11.232.72 9216 Bytes 15.05.2015 21:22:34
XBV00062.VDF : 8.11.232.90 2048 Bytes 15.05.2015 21:22:34
XBV00063.VDF : 8.11.232.108 52224 Bytes 15.05.2015 21:22:34
XBV00064.VDF : 8.11.232.126 2048 Bytes 15.05.2015 21:22:34
XBV00065.VDF : 8.11.232.144 8704 Bytes 15.05.2015 21:22:34
XBV00066.VDF : 8.11.232.162 18944 Bytes 15.05.2015 21:22:35
XBV00067.VDF : 8.11.232.178 2048 Bytes 15.05.2015 21:22:35
XBV00068.VDF : 8.11.232.210 97280 Bytes 16.05.2015 21:22:35
XBV00069.VDF : 8.11.232.224 33280 Bytes 16.05.2015 21:22:35
XBV00070.VDF : 8.11.232.238 2048 Bytes 16.05.2015 21:22:35
XBV00071.VDF : 8.11.232.252 106496 Bytes 17.05.2015 21:22:36
XBV00072.VDF : 8.11.233.10 22016 Bytes 17.05.2015 21:22:36
XBV00073.VDF : 8.11.233.24 108544 Bytes 18.05.2015 21:22:36
XBV00074.VDF : 8.11.233.38 11776 Bytes 18.05.2015 21:22:37
XBV00075.VDF : 8.11.233.52 7168 Bytes 18.05.2015 21:22:37
XBV00076.VDF : 8.11.233.66 12800 Bytes 18.05.2015 21:22:37
XBV00077.VDF : 8.11.233.68 11264 Bytes 18.05.2015 21:22:37
XBV00078.VDF : 8.11.233.70 10752 Bytes 18.05.2015 21:22:37
XBV00079.VDF : 8.11.233.72 8704 Bytes 18.05.2015 21:22:38
XBV00080.VDF : 8.11.233.74 13824 Bytes 18.05.2015 21:22:38
XBV00081.VDF : 8.11.233.76 2048 Bytes 18.05.2015 21:22:38
XBV00082.VDF : 8.11.233.78 12800 Bytes 18.05.2015 21:22:38
XBV00083.VDF : 8.11.233.84 34816 Bytes 18.05.2015 21:22:38
XBV00084.VDF : 8.11.233.86 4096 Bytes 19.05.2015 21:22:39
XBV00085.VDF : 8.11.233.100 208384 Bytes 19.05.2015 21:22:39
XBV00086.VDF : 8.11.233.112 20480 Bytes 19.05.2015 21:22:39
XBV00087.VDF : 8.11.233.126 60928 Bytes 19.05.2015 21:22:39
XBV00088.VDF : 8.11.233.138 13312 Bytes 19.05.2015 21:22:39
XBV00089.VDF : 8.11.233.140 48128 Bytes 19.05.2015 21:22:39
XBV00090.VDF : 8.11.233.142 2048 Bytes 19.05.2015 21:22:40
XBV00091.VDF : 8.11.233.144 2048 Bytes 19.05.2015 21:22:40
XBV00092.VDF : 8.11.233.158 51712 Bytes 19.05.2015 21:22:40
XBV00093.VDF : 8.11.233.170 17920 Bytes 20.05.2015 21:22:40
XBV00094.VDF : 8.11.233.182 24064 Bytes 20.05.2015 21:22:40
XBV00095.VDF : 8.11.233.184 68096 Bytes 20.05.2015 21:22:40
XBV00096.VDF : 8.11.233.196 2048 Bytes 20.05.2015 21:22:40
XBV00097.VDF : 8.11.233.208 36352 Bytes 20.05.2015 21:22:41
XBV00098.VDF : 8.11.233.220 2048 Bytes 20.05.2015 21:22:41
XBV00099.VDF : 8.11.233.232 92672 Bytes 20.05.2015 21:22:41
XBV00100.VDF : 8.11.233.242 14336 Bytes 20.05.2015 21:22:41
XBV00101.VDF : 8.11.233.252 8704 Bytes 20.05.2015 21:22:41
XBV00102.VDF : 8.11.234.6 33792 Bytes 20.05.2015 21:22:41
XBV00103.VDF : 8.11.234.16 14336 Bytes 20.05.2015 21:22:42
XBV00104.VDF : 8.11.234.18 2048 Bytes 21.05.2015 21:22:42
XBV00105.VDF : 8.11.234.38 38912 Bytes 21.05.2015 21:22:42
XBV00106.VDF : 8.11.234.58 3584 Bytes 21.05.2015 21:22:42
XBV00107.VDF : 8.11.234.68 4096 Bytes 21.05.2015 21:22:42
XBV00108.VDF : 8.11.234.76 34304 Bytes 21.05.2015 21:22:43
XBV00109.VDF : 8.11.234.78 11264 Bytes 21.05.2015 21:22:43
XBV00110.VDF : 8.11.234.84 44032 Bytes 21.05.2015 21:22:43
XBV00111.VDF : 8.11.234.86 2048 Bytes 21.05.2015 21:22:43
XBV00112.VDF : 8.11.234.88 29184 Bytes 21.05.2015 21:22:43
XBV00113.VDF : 8.11.234.90 16896 Bytes 21.05.2015 21:22:44
XBV00114.VDF : 8.11.234.92 21504 Bytes 22.05.2015 21:22:44
XBV00115.VDF : 8.11.234.94 32768 Bytes 22.05.2015 21:22:44
XBV00116.VDF : 8.11.234.96 2048 Bytes 22.05.2015 21:22:44
XBV00117.VDF : 8.11.234.104 10240 Bytes 22.05.2015 21:22:44
XBV00118.VDF : 8.11.234.112 30208 Bytes 22.05.2015 21:22:44
XBV00119.VDF : 8.11.234.120 13824 Bytes 22.05.2015 21:22:45
XBV00120.VDF : 8.11.234.128 11264 Bytes 22.05.2015 21:22:45
XBV00121.VDF : 8.11.234.130 2048 Bytes 22.05.2015 21:22:45
XBV00122.VDF : 8.11.234.138 2048 Bytes 22.05.2015 21:22:45
XBV00123.VDF : 8.11.234.146 14848 Bytes 22.05.2015 21:22:45
XBV00124.VDF : 8.11.234.154 15872 Bytes 22.05.2015 21:22:45
XBV00125.VDF : 8.11.234.164 27136 Bytes 22.05.2015 21:22:46
XBV00126.VDF : 8.11.234.166 2048 Bytes 22.05.2015 21:22:46
XBV00127.VDF : 8.11.234.168 10240 Bytes 22.05.2015 21:22:46
XBV00128.VDF : 8.11.234.170 2048 Bytes 22.05.2015 21:22:46
XBV00129.VDF : 8.11.234.172 13312 Bytes 22.05.2015 21:22:46
XBV00130.VDF : 8.11.234.174 15872 Bytes 22.05.2015 21:22:47
XBV00131.VDF : 8.11.234.184 68096 Bytes 23.05.2015 21:22:47
XBV00132.VDF : 8.11.234.186 2048 Bytes 23.05.2015 21:22:47
XBV00133.VDF : 8.11.234.196 2048 Bytes 23.05.2015 21:22:47
XBV00134.VDF : 8.11.234.206 12800 Bytes 23.05.2015 21:22:47
XBV00135.VDF : 8.11.234.216 70144 Bytes 24.05.2015 21:22:47
XBV00136.VDF : 8.11.234.226 2560 Bytes 24.05.2015 21:22:48
XBV00137.VDF : 8.11.234.228 79360 Bytes 25.05.2015 21:22:48
XBV00138.VDF : 8.11.234.238 6656 Bytes 25.05.2015 21:22:48
XBV00139.VDF : 8.11.234.248 7168 Bytes 25.05.2015 21:22:48
XBV00140.VDF : 8.11.235.2 6144 Bytes 25.05.2015 21:22:48
XBV00141.VDF : 8.11.235.4 6656 Bytes 25.05.2015 21:22:49
XBV00142.VDF : 8.11.235.14 5632 Bytes 25.05.2015 21:22:49
XBV00143.VDF : 8.11.235.16 4608 Bytes 25.05.2015 21:22:49
XBV00144.VDF : 8.11.235.18 3072 Bytes 25.05.2015 21:22:49
XBV00145.VDF : 8.11.235.20 3584 Bytes 25.05.2015 21:22:49
XBV00146.VDF : 8.11.235.22 3584 Bytes 25.05.2015 21:22:49
XBV00147.VDF : 8.11.235.24 5120 Bytes 25.05.2015 21:22:50
XBV00148.VDF : 8.11.235.26 6144 Bytes 25.05.2015 21:22:50
XBV00149.VDF : 8.11.235.28 8704 Bytes 25.05.2015 21:22:50
XBV00150.VDF : 8.11.235.30 15872 Bytes 25.05.2015 21:22:50
XBV00151.VDF : 8.11.235.32 15360 Bytes 25.05.2015 21:22:50
XBV00152.VDF : 8.11.235.34 7168 Bytes 25.05.2015 21:22:51
XBV00153.VDF : 8.11.235.36 4608 Bytes 25.05.2015 21:22:51
XBV00154.VDF : 8.11.235.38 13312 Bytes 25.05.2015 21:22:51
XBV00155.VDF : 8.11.235.40 7680 Bytes 26.05.2015 21:22:51
XBV00156.VDF : 8.11.235.42 29696 Bytes 26.05.2015 21:22:51
XBV00157.VDF : 8.11.235.44 8704 Bytes 26.05.2015 21:22:52
XBV00158.VDF : 8.11.235.46 9728 Bytes 26.05.2015 21:22:52
XBV00159.VDF : 8.11.235.48 6656 Bytes 26.05.2015 21:22:52
XBV00160.VDF : 8.11.235.50 5632 Bytes 26.05.2015 21:22:52
XBV00161.VDF : 8.11.235.52 15360 Bytes 26.05.2015 21:22:52
XBV00162.VDF : 8.11.235.54 5632 Bytes 26.05.2015 21:22:52
XBV00163.VDF : 8.11.235.58 26624 Bytes 26.05.2015 21:22:52
XBV00164.VDF : 8.11.235.60 2048 Bytes 26.05.2015 21:22:53
XBV00165.VDF : 8.11.235.70 2048 Bytes 26.05.2015 21:22:53
XBV00166.VDF : 8.11.235.78 4608 Bytes 26.05.2015 21:22:53
XBV00167.VDF : 8.11.235.80 2560 Bytes 26.05.2015 21:22:53
XBV00168.VDF : 8.11.235.88 39936 Bytes 26.05.2015 21:22:53
XBV00169.VDF : 8.11.235.96 9728 Bytes 27.05.2015 21:22:53
XBV00170.VDF : 8.11.235.104 31232 Bytes 27.05.2015 21:22:54
XBV00171.VDF : 8.11.235.106 46592 Bytes 27.05.2015 21:22:54
XBV00172.VDF : 8.11.235.108 2048 Bytes 27.05.2015 21:22:54
XBV00173.VDF : 8.11.235.110 2048 Bytes 27.05.2015 21:22:54
XBV00174.VDF : 8.11.235.112 18432 Bytes 27.05.2015 21:22:55
XBV00175.VDF : 8.11.235.114 18944 Bytes 27.05.2015 21:22:55
XBV00176.VDF : 8.11.235.116 6656 Bytes 27.05.2015 21:22:55
XBV00177.VDF : 8.11.235.118 9216 Bytes 27.05.2015 21:22:55
XBV00178.VDF : 8.11.235.120 6656 Bytes 27.05.2015 21:22:55
XBV00179.VDF : 8.11.235.130 34304 Bytes 27.05.2015 21:22:56
XBV00180.VDF : 8.11.235.132 2048 Bytes 27.05.2015 21:22:56
XBV00181.VDF : 8.11.235.140 12288 Bytes 27.05.2015 21:22:56
XBV00182.VDF : 8.11.235.148 4096 Bytes 27.05.2015 21:22:56
XBV00183.VDF : 8.11.235.160 15872 Bytes 28.05.2015 21:22:56
XBV00184.VDF : 8.11.235.162 5120 Bytes 28.05.2015 21:22:57
XBV00185.VDF : 8.11.235.168 2048 Bytes 28.05.2015 21:22:57
XBV00186.VDF : 8.11.235.170 10752 Bytes 28.05.2015 21:22:57
XBV00187.VDF : 8.11.235.172 2048 Bytes 28.05.2015 21:22:57
XBV00188.VDF : 8.11.235.176 7168 Bytes 28.05.2015 21:22:57
XBV00189.VDF : 8.11.235.178 14336 Bytes 28.05.2015 21:22:57
XBV00190.VDF : 8.11.235.182 51200 Bytes 28.05.2015 21:22:58
LOCAL000.VDF : 8.11.235.182 131931136 Bytes 28.05.2015 21:24:56
Engineversion : 8.3.30.38
AEVDF.DLL : 8.3.1.6 133992 Bytes 29.09.2014 19:19:08
AESCRIPT.DLL : 8.2.2.66 572272 Bytes 28.05.2015 21:20:36
AESCN.DLL : 8.3.2.10 142456 Bytes 28.05.2015 21:20:36
AESBX.DLL : 8.2.21.0 1622072 Bytes 28.05.2015 21:20:37
AERDL.DLL : 8.2.1.20 731040 Bytes 28.05.2015 21:20:36
AEPACK.DLL : 8.4.0.80 793728 Bytes 28.05.2015 21:20:35
AEOFFICE.DLL : 8.3.1.22 363376 Bytes 28.05.2015 21:20:35
AEMOBILE.DLL : 8.1.7.2 281720 Bytes 28.05.2015 21:20:39
AEHEUR.DLL : 8.1.4.1702 8398760 Bytes 28.05.2015 21:20:34
AEHELP.DLL : 8.3.2.0 281456 Bytes 28.05.2015 21:20:30
AEGEN.DLL : 8.1.7.40 456608 Bytes 31.12.2014 10:43:08
AEEXP.DLL : 8.4.2.88 266296 Bytes 28.05.2015 21:20:37
AEEMU.DLL : 8.1.3.4 399264 Bytes 19.08.2014 19:50:37
AEDROID.DLL : 8.4.3.116 1050536 Bytes 28.05.2015 21:20:38
AECORE.DLL : 8.3.6.2 243624 Bytes 28.05.2015 21:20:30
AEBB.DLL : 8.1.2.0 60448 Bytes 19.08.2014 19:50:36
AVWINLL.DLL : 15.0.8.652 25904 Bytes 28.05.2015 21:20:29
AVPREF.DLL : 15.0.8.652 53248 Bytes 28.05.2015 21:20:48
AVREP.DLL : 15.0.8.652 221432 Bytes 28.05.2015 21:20:49
AVARKT.DLL : 15.0.8.652 228088 Bytes 28.05.2015 21:20:41
AVEVTLOG.DLL : 15.0.8.652 183600 Bytes 28.05.2015 21:20:44
SQLITE3.DLL : 15.0.8.652 456440 Bytes 28.05.2015 21:22:12
AVSMTP.DLL : 15.0.8.652 79360 Bytes 28.05.2015 21:20:51
NETNT.DLL : 15.0.8.652 17352 Bytes 28.05.2015 21:21:48
RCIMAGE.DLL : 15.0.8.652 4864816 Bytes 28.05.2015 21:20:29
RCTEXT.DLL : 15.0.8.652 75056 Bytes 28.05.2015 21:20:29
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Andreas\AppData\Local\Temp\43034b9c.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 29. Mai 2015 08:04
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Andreas\AppData\Local\Opera\Opera\cache\g_0012\opr00EFC.tmp'
C:\Users\Andreas\AppData\Local\Opera\Opera\cache\g_0012\opr00EFC.tmp
[FUND] Enthält Muster der Software PUA/iLivid.Gen
Beginne mit der Desinfektion:
C:\Users\Andreas\AppData\Local\Opera\Opera\cache\g_0012\opr00EFC.tmp
[FUND] Enthält Muster der Software PUA/iLivid.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50fcae82.qua' verschoben!
Ende des Suchlaufs: Freitag, 29. Mai 2015 08:04
Benötigte Zeit: 00:00 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
0 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
 Antivir Systemscan: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 29. Mai 2015 06:39
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ANDREAS-PC
Versionsinformationen:
BUILD.DAT : 15.0.8.656 91858 Bytes 17.03.2015 13:02:00
AVSCAN.EXE : 15.0.8.652 1014064 Bytes 28.05.2015 21:20:50
AVSCANRC.DLL : 15.0.8.652 63792 Bytes 28.05.2015 21:20:50
LUKE.DLL : 15.0.8.652 60664 Bytes 28.05.2015 21:21:46
AVSCPLR.DLL : 15.0.8.652 93488 Bytes 28.05.2015 21:20:51
REPAIR.DLL : 15.0.8.652 365360 Bytes 28.05.2015 21:20:49
REPAIR.RDF : 1.0.8.6 896183 Bytes 28.05.2015 21:23:42
AVREG.DLL : 15.0.8.652 265464 Bytes 28.05.2015 21:20:48
AVLODE.DLL : 15.0.8.656 645368 Bytes 28.05.2015 21:20:47
AVLODE.RDF : 14.0.4.70 79227 Bytes 28.05.2015 21:20:40
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:13
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 19:52:14
XBV00191.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00192.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00193.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00194.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00195.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:58
XBV00196.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:59
XBV00197.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:59
XBV00198.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:59
XBV00199.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:22:59
XBV00200.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00201.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00202.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00203.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00204.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:00
XBV00205.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00206.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00207.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00208.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00209.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:01
XBV00210.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00211.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00212.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00213.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00214.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:02
XBV00215.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00216.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00217.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00218.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00219.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00220.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:03
XBV00221.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00222.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00223.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00224.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00225.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:04
XBV00226.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:05
XBV00227.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:05
XBV00228.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:05
XBV00229.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:05
XBV00230.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00231.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00232.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00233.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00234.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:06
XBV00235.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00236.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00237.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00238.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00239.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:07
XBV00240.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:08
XBV00241.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:08
XBV00242.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:08
XBV00243.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:08
XBV00244.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00245.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00246.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00247.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00248.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:09
XBV00249.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:10
XBV00250.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:10
XBV00251.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:10
XBV00252.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:10
XBV00253.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:11
XBV00254.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:11
XBV00255.VDF : 8.11.230.186 2048 Bytes 13.05.2015 21:23:11
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:00:13
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 22:07:20
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 22:07:23
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 22:07:25
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 17:08:38
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:35:57
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 20:25:00
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 13:00:34
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 19:52:12
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 19:19:17
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 10:36:13
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 18:30:10
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 10:44:31
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 21:58:35
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 21:22:18
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 21:22:21
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 21:22:22
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 21:22:25
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 21:22:28
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 21:22:30
XBV00042.VDF : 8.11.230.210 93184 Bytes 13.05.2015 21:22:30
XBV00043.VDF : 8.11.230.212 2048 Bytes 13.05.2015 21:22:30
XBV00044.VDF : 8.11.230.254 3072 Bytes 13.05.2015 21:22:30
XBV00045.VDF : 8.11.231.22 39936 Bytes 13.05.2015 21:22:30
XBV00046.VDF : 8.11.231.44 8192 Bytes 13.05.2015 21:22:31
XBV00047.VDF : 8.11.231.46 2048 Bytes 13.05.2015 21:22:31
XBV00048.VDF : 8.11.231.66 10240 Bytes 13.05.2015 21:22:31
XBV00049.VDF : 8.11.231.88 43520 Bytes 14.05.2015 21:22:31
XBV00050.VDF : 8.11.231.108 18432 Bytes 14.05.2015 21:22:31
XBV00051.VDF : 8.11.231.128 2048 Bytes 14.05.2015 21:22:32
XBV00052.VDF : 8.11.231.150 30208 Bytes 14.05.2015 21:22:32
XBV00053.VDF : 8.11.231.188 23552 Bytes 14.05.2015 21:22:32
XBV00054.VDF : 8.11.231.206 10240 Bytes 14.05.2015 21:22:33
XBV00055.VDF : 8.11.231.224 11776 Bytes 14.05.2015 21:22:33
XBV00056.VDF : 8.11.231.244 98304 Bytes 14.05.2015 21:22:33
XBV00057.VDF : 8.11.231.246 2048 Bytes 14.05.2015 21:22:33
XBV00058.VDF : 8.11.231.250 91136 Bytes 15.05.2015 21:22:33
XBV00059.VDF : 8.11.232.34 2048 Bytes 15.05.2015 21:22:34
XBV00060.VDF : 8.11.232.52 70656 Bytes 15.05.2015 21:22:34
XBV00061.VDF : 8.11.232.72 9216 Bytes 15.05.2015 21:22:34
XBV00062.VDF : 8.11.232.90 2048 Bytes 15.05.2015 21:22:34
XBV00063.VDF : 8.11.232.108 52224 Bytes 15.05.2015 21:22:34
XBV00064.VDF : 8.11.232.126 2048 Bytes 15.05.2015 21:22:34
XBV00065.VDF : 8.11.232.144 8704 Bytes 15.05.2015 21:22:34
XBV00066.VDF : 8.11.232.162 18944 Bytes 15.05.2015 21:22:35
XBV00067.VDF : 8.11.232.178 2048 Bytes 15.05.2015 21:22:35
XBV00068.VDF : 8.11.232.210 97280 Bytes 16.05.2015 21:22:35
XBV00069.VDF : 8.11.232.224 33280 Bytes 16.05.2015 21:22:35
XBV00070.VDF : 8.11.232.238 2048 Bytes 16.05.2015 21:22:35
XBV00071.VDF : 8.11.232.252 106496 Bytes 17.05.2015 21:22:36
XBV00072.VDF : 8.11.233.10 22016 Bytes 17.05.2015 21:22:36
XBV00073.VDF : 8.11.233.24 108544 Bytes 18.05.2015 21:22:36
XBV00074.VDF : 8.11.233.38 11776 Bytes 18.05.2015 21:22:37
XBV00075.VDF : 8.11.233.52 7168 Bytes 18.05.2015 21:22:37
XBV00076.VDF : 8.11.233.66 12800 Bytes 18.05.2015 21:22:37
XBV00077.VDF : 8.11.233.68 11264 Bytes 18.05.2015 21:22:37
XBV00078.VDF : 8.11.233.70 10752 Bytes 18.05.2015 21:22:37
XBV00079.VDF : 8.11.233.72 8704 Bytes 18.05.2015 21:22:38
XBV00080.VDF : 8.11.233.74 13824 Bytes 18.05.2015 21:22:38
XBV00081.VDF : 8.11.233.76 2048 Bytes 18.05.2015 21:22:38
XBV00082.VDF : 8.11.233.78 12800 Bytes 18.05.2015 21:22:38
XBV00083.VDF : 8.11.233.84 34816 Bytes 18.05.2015 21:22:38
XBV00084.VDF : 8.11.233.86 4096 Bytes 19.05.2015 21:22:39
XBV00085.VDF : 8.11.233.100 208384 Bytes 19.05.2015 21:22:39
XBV00086.VDF : 8.11.233.112 20480 Bytes 19.05.2015 21:22:39
XBV00087.VDF : 8.11.233.126 60928 Bytes 19.05.2015 21:22:39
XBV00088.VDF : 8.11.233.138 13312 Bytes 19.05.2015 21:22:39
XBV00089.VDF : 8.11.233.140 48128 Bytes 19.05.2015 21:22:39
XBV00090.VDF : 8.11.233.142 2048 Bytes 19.05.2015 21:22:40
XBV00091.VDF : 8.11.233.144 2048 Bytes 19.05.2015 21:22:40
XBV00092.VDF : 8.11.233.158 51712 Bytes 19.05.2015 21:22:40
XBV00093.VDF : 8.11.233.170 17920 Bytes 20.05.2015 21:22:40
XBV00094.VDF : 8.11.233.182 24064 Bytes 20.05.2015 21:22:40
XBV00095.VDF : 8.11.233.184 68096 Bytes 20.05.2015 21:22:40
XBV00096.VDF : 8.11.233.196 2048 Bytes 20.05.2015 21:22:40
XBV00097.VDF : 8.11.233.208 36352 Bytes 20.05.2015 21:22:41
XBV00098.VDF : 8.11.233.220 2048 Bytes 20.05.2015 21:22:41
XBV00099.VDF : 8.11.233.232 92672 Bytes 20.05.2015 21:22:41
XBV00100.VDF : 8.11.233.242 14336 Bytes 20.05.2015 21:22:41
XBV00101.VDF : 8.11.233.252 8704 Bytes 20.05.2015 21:22:41
XBV00102.VDF : 8.11.234.6 33792 Bytes 20.05.2015 21:22:41
XBV00103.VDF : 8.11.234.16 14336 Bytes 20.05.2015 21:22:42
XBV00104.VDF : 8.11.234.18 2048 Bytes 21.05.2015 21:22:42
XBV00105.VDF : 8.11.234.38 38912 Bytes 21.05.2015 21:22:42
XBV00106.VDF : 8.11.234.58 3584 Bytes 21.05.2015 21:22:42
XBV00107.VDF : 8.11.234.68 4096 Bytes 21.05.2015 21:22:42
XBV00108.VDF : 8.11.234.76 34304 Bytes 21.05.2015 21:22:43
XBV00109.VDF : 8.11.234.78 11264 Bytes 21.05.2015 21:22:43
XBV00110.VDF : 8.11.234.84 44032 Bytes 21.05.2015 21:22:43
XBV00111.VDF : 8.11.234.86 2048 Bytes 21.05.2015 21:22:43
XBV00112.VDF : 8.11.234.88 29184 Bytes 21.05.2015 21:22:43
XBV00113.VDF : 8.11.234.90 16896 Bytes 21.05.2015 21:22:44
XBV00114.VDF : 8.11.234.92 21504 Bytes 22.05.2015 21:22:44
XBV00115.VDF : 8.11.234.94 32768 Bytes 22.05.2015 21:22:44
XBV00116.VDF : 8.11.234.96 2048 Bytes 22.05.2015 21:22:44
XBV00117.VDF : 8.11.234.104 10240 Bytes 22.05.2015 21:22:44
XBV00118.VDF : 8.11.234.112 30208 Bytes 22.05.2015 21:22:44
XBV00119.VDF : 8.11.234.120 13824 Bytes 22.05.2015 21:22:45
XBV00120.VDF : 8.11.234.128 11264 Bytes 22.05.2015 21:22:45
XBV00121.VDF : 8.11.234.130 2048 Bytes 22.05.2015 21:22:45
XBV00122.VDF : 8.11.234.138 2048 Bytes 22.05.2015 21:22:45
XBV00123.VDF : 8.11.234.146 14848 Bytes 22.05.2015 21:22:45
XBV00124.VDF : 8.11.234.154 15872 Bytes 22.05.2015 21:22:45
XBV00125.VDF : 8.11.234.164 27136 Bytes 22.05.2015 21:22:46
XBV00126.VDF : 8.11.234.166 2048 Bytes 22.05.2015 21:22:46
XBV00127.VDF : 8.11.234.168 10240 Bytes 22.05.2015 21:22:46
XBV00128.VDF : 8.11.234.170 2048 Bytes 22.05.2015 21:22:46
XBV00129.VDF : 8.11.234.172 13312 Bytes 22.05.2015 21:22:46
XBV00130.VDF : 8.11.234.174 15872 Bytes 22.05.2015 21:22:47
XBV00131.VDF : 8.11.234.184 68096 Bytes 23.05.2015 21:22:47
XBV00132.VDF : 8.11.234.186 2048 Bytes 23.05.2015 21:22:47
XBV00133.VDF : 8.11.234.196 2048 Bytes 23.05.2015 21:22:47
XBV00134.VDF : 8.11.234.206 12800 Bytes 23.05.2015 21:22:47
XBV00135.VDF : 8.11.234.216 70144 Bytes 24.05.2015 21:22:47
XBV00136.VDF : 8.11.234.226 2560 Bytes 24.05.2015 21:22:48
XBV00137.VDF : 8.11.234.228 79360 Bytes 25.05.2015 21:22:48
XBV00138.VDF : 8.11.234.238 6656 Bytes 25.05.2015 21:22:48
XBV00139.VDF : 8.11.234.248 7168 Bytes 25.05.2015 21:22:48
XBV00140.VDF : 8.11.235.2 6144 Bytes 25.05.2015 21:22:48
XBV00141.VDF : 8.11.235.4 6656 Bytes 25.05.2015 21:22:49
XBV00142.VDF : 8.11.235.14 5632 Bytes 25.05.2015 21:22:49
XBV00143.VDF : 8.11.235.16 4608 Bytes 25.05.2015 21:22:49
XBV00144.VDF : 8.11.235.18 3072 Bytes 25.05.2015 21:22:49
XBV00145.VDF : 8.11.235.20 3584 Bytes 25.05.2015 21:22:49
XBV00146.VDF : 8.11.235.22 3584 Bytes 25.05.2015 21:22:49
XBV00147.VDF : 8.11.235.24 5120 Bytes 25.05.2015 21:22:50
XBV00148.VDF : 8.11.235.26 6144 Bytes 25.05.2015 21:22:50
XBV00149.VDF : 8.11.235.28 8704 Bytes 25.05.2015 21:22:50
XBV00150.VDF : 8.11.235.30 15872 Bytes 25.05.2015 21:22:50
XBV00151.VDF : 8.11.235.32 15360 Bytes 25.05.2015 21:22:50
XBV00152.VDF : 8.11.235.34 7168 Bytes 25.05.2015 21:22:51
XBV00153.VDF : 8.11.235.36 4608 Bytes 25.05.2015 21:22:51
XBV00154.VDF : 8.11.235.38 13312 Bytes 25.05.2015 21:22:51
XBV00155.VDF : 8.11.235.40 7680 Bytes 26.05.2015 21:22:51
XBV00156.VDF : 8.11.235.42 29696 Bytes 26.05.2015 21:22:51
XBV00157.VDF : 8.11.235.44 8704 Bytes 26.05.2015 21:22:52
XBV00158.VDF : 8.11.235.46 9728 Bytes 26.05.2015 21:22:52
XBV00159.VDF : 8.11.235.48 6656 Bytes 26.05.2015 21:22:52
XBV00160.VDF : 8.11.235.50 5632 Bytes 26.05.2015 21:22:52
XBV00161.VDF : 8.11.235.52 15360 Bytes 26.05.2015 21:22:52
XBV00162.VDF : 8.11.235.54 5632 Bytes 26.05.2015 21:22:52
XBV00163.VDF : 8.11.235.58 26624 Bytes 26.05.2015 21:22:52
XBV00164.VDF : 8.11.235.60 2048 Bytes 26.05.2015 21:22:53
XBV00165.VDF : 8.11.235.70 2048 Bytes 26.05.2015 21:22:53
XBV00166.VDF : 8.11.235.78 4608 Bytes 26.05.2015 21:22:53
XBV00167.VDF : 8.11.235.80 2560 Bytes 26.05.2015 21:22:53
XBV00168.VDF : 8.11.235.88 39936 Bytes 26.05.2015 21:22:53
XBV00169.VDF : 8.11.235.96 9728 Bytes 27.05.2015 21:22:53
XBV00170.VDF : 8.11.235.104 31232 Bytes 27.05.2015 21:22:54
XBV00171.VDF : 8.11.235.106 46592 Bytes 27.05.2015 21:22:54
XBV00172.VDF : 8.11.235.108 2048 Bytes 27.05.2015 21:22:54
XBV00173.VDF : 8.11.235.110 2048 Bytes 27.05.2015 21:22:54
XBV00174.VDF : 8.11.235.112 18432 Bytes 27.05.2015 21:22:55
XBV00175.VDF : 8.11.235.114 18944 Bytes 27.05.2015 21:22:55
XBV00176.VDF : 8.11.235.116 6656 Bytes 27.05.2015 21:22:55
XBV00177.VDF : 8.11.235.118 9216 Bytes 27.05.2015 21:22:55
XBV00178.VDF : 8.11.235.120 6656 Bytes 27.05.2015 21:22:55
XBV00179.VDF : 8.11.235.130 34304 Bytes 27.05.2015 21:22:56
XBV00180.VDF : 8.11.235.132 2048 Bytes 27.05.2015 21:22:56
XBV00181.VDF : 8.11.235.140 12288 Bytes 27.05.2015 21:22:56
XBV00182.VDF : 8.11.235.148 4096 Bytes 27.05.2015 21:22:56
XBV00183.VDF : 8.11.235.160 15872 Bytes 28.05.2015 21:22:56
XBV00184.VDF : 8.11.235.162 5120 Bytes 28.05.2015 21:22:57
XBV00185.VDF : 8.11.235.168 2048 Bytes 28.05.2015 21:22:57
XBV00186.VDF : 8.11.235.170 10752 Bytes 28.05.2015 21:22:57
XBV00187.VDF : 8.11.235.172 2048 Bytes 28.05.2015 21:22:57
XBV00188.VDF : 8.11.235.176 7168 Bytes 28.05.2015 21:22:57
XBV00189.VDF : 8.11.235.178 14336 Bytes 28.05.2015 21:22:57
XBV00190.VDF : 8.11.235.182 51200 Bytes 28.05.2015 21:22:58
LOCAL000.VDF : 8.11.235.182 131931136 Bytes 28.05.2015 21:24:56
Engineversion : 8.3.30.38
AEVDF.DLL : 8.3.1.6 133992 Bytes 29.09.2014 19:19:08
AESCRIPT.DLL : 8.2.2.66 572272 Bytes 28.05.2015 21:20:36
AESCN.DLL : 8.3.2.10 142456 Bytes 28.05.2015 21:20:36
AESBX.DLL : 8.2.21.0 1622072 Bytes 28.05.2015 21:20:37
AERDL.DLL : 8.2.1.20 731040 Bytes 28.05.2015 21:20:36
AEPACK.DLL : 8.4.0.80 793728 Bytes 28.05.2015 21:20:35
AEOFFICE.DLL : 8.3.1.22 363376 Bytes 28.05.2015 21:20:35
AEMOBILE.DLL : 8.1.7.2 281720 Bytes 28.05.2015 21:20:39
AEHEUR.DLL : 8.1.4.1702 8398760 Bytes 28.05.2015 21:20:34
AEHELP.DLL : 8.3.2.0 281456 Bytes 28.05.2015 21:20:30
AEGEN.DLL : 8.1.7.40 456608 Bytes 31.12.2014 10:43:08
AEEXP.DLL : 8.4.2.88 266296 Bytes 28.05.2015 21:20:37
AEEMU.DLL : 8.1.3.4 399264 Bytes 19.08.2014 19:50:37
AEDROID.DLL : 8.4.3.116 1050536 Bytes 28.05.2015 21:20:38
AECORE.DLL : 8.3.6.2 243624 Bytes 28.05.2015 21:20:30
AEBB.DLL : 8.1.2.0 60448 Bytes 19.08.2014 19:50:36
AVWINLL.DLL : 15.0.8.652 25904 Bytes 28.05.2015 21:20:29
AVPREF.DLL : 15.0.8.652 53248 Bytes 28.05.2015 21:20:48
AVREP.DLL : 15.0.8.652 221432 Bytes 28.05.2015 21:20:49
AVARKT.DLL : 15.0.8.652 228088 Bytes 28.05.2015 21:20:41
AVEVTLOG.DLL : 15.0.8.652 183600 Bytes 28.05.2015 21:20:44
SQLITE3.DLL : 15.0.8.652 456440 Bytes 28.05.2015 21:22:12
AVSMTP.DLL : 15.0.8.652 79360 Bytes 28.05.2015 21:20:51
NETNT.DLL : 15.0.8.652 17352 Bytes 28.05.2015 21:21:48
RCIMAGE.DLL : 15.0.8.652 4864816 Bytes 28.05.2015 21:20:29
RCTEXT.DLL : 15.0.8.652 75056 Bytes 28.05.2015 21:20:29
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20150529-063305-BB3EF31A.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 29. Mai 2015 06:39
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTS.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'ibmpmsvc.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKSVC.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPHKLOAD.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcPrfMgrSvc.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcSvc.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTHSAmpPalService.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'tposdsvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '196' Modul(e) wurden durchsucht
Durchsuche Prozess 'shtctky.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPONSCR.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpScrex.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTHSSecurityMgr.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpShocks.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'TpKnrres.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPLpr.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RCIMGDIR.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'SCHTASK.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SvcGuiHlpr.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '178' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'CAMMUTE.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TPKNRSVC.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'lvvsst.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'virtscrl.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'PassThruSvr.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ScrybeUpdater.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlbrowser.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'rrservice.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'scheduler_proxy.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'PWMDBSVC.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'tvt_reg_monitor_svc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'uts.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUService.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Ende des Suchlaufs: Freitag, 29. Mai 2015 07:54
Benötigte Zeit: 1:14:03 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
5663 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
5663 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
1 Hinweise
1622893 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Die weiteren Daten von Defogger, FRST und GMER folgen im 2. Post (zu viele Zeichen) |
|
01.06.2015, 21:44
| #2 |
| | PUA/iLivid.Gen auf Win7x64 Notebook Teil 2 Defogger:
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:22 on 01/06/2015 (Andreas)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Andreas (administrator) on ANDREAS-PC on 01-06-2015 21:28:17
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available Profiles: Andreas & TEST)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\xpsrchvw.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-10-21] (AuthenTec, Inc.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-10-21] (AuthenTec)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\RotateImage\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-05-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\RunOnce: [Uninstall C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: {7d517441-7729-11e1-936b-001fe2e855a4} - F:\Startme.exe
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: {b632db5f-2dcd-11df-89ad-806e6f6e6963} - F:\AutoRun.exe
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: {b632db97-2dcd-11df-89ad-001fe2e855a4} - F:\AutoRun.exe
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\MountPoints2: {b632dc39-2dcd-11df-89ad-001fe2e855a4} - F:\AutoRun.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2013-06-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001 -> {0DAD6D0C-0E15-4156-BA95-9D9E8E157B43} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\eb4qzeqm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-06-01] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-06-01] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-26]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-06-30]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-10-21] () [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-05-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-05-28] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Windows\system32\ATService.exe [2715456 2010-10-21] (AuthenTec, Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-10-21] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-09-14] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-11] (Synaptics, Inc.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2009-09-25] (Lenovo Group Limited) [File not signed]
R3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 5U875UVC; C:\Windows\System32\DRIVERS\RCUVCMNP.sys [220032 2009-10-23] (Ricoh co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-05-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-02] (Avira Operations GmbH & Co. KG)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2011-05-09] (Google Inc)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [11776 2010-10-20] (HandSet Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-27] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2010-10-18] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [127056 2010-10-18] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2010-10-18] (ZTE Incorporated)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 21:28 - 2015-06-01 21:30 - 00019969 _____ () C:\Users\Andreas\Desktop\FRST.txt
2015-06-01 21:27 - 2015-06-01 21:28 - 00000000 ____D () C:\FRST
2015-06-01 21:26 - 2015-06-01 21:26 - 02108928 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2015-06-01 20:53 - 2015-06-01 21:03 - 00000000 ___SD () C:\Windows\system32\GWX
2015-06-01 20:53 - 2015-06-01 20:53 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-29 08:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:36 - 2015-05-29 08:36 - 00767664 _____ () C:\Users\Andreas\Desktop\Trojanerboard_Anleitung.xps
2015-05-29 08:10 - 2015-06-01 21:22 - 00000528 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2015-05-29 08:10 - 2015-05-29 08:10 - 00000020 _____ () C:\Users\Andreas\defogger_reenable
2015-05-29 08:09 - 2015-05-29 08:09 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2015-05-29 00:10 - 2015-05-29 00:10 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422026928
2015-05-28 23:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-28 23:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-28 23:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-28 23:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-28 23:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-28 23:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-28 23:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-28 23:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-28 23:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-28 23:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-28 23:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-28 23:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-28 23:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-28 23:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-28 23:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-28 23:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-28 23:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-28 23:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-28 23:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-28 23:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-28 23:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-28 23:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-28 23:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-28 23:51 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-28 23:51 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-28 23:51 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-28 23:51 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-28 23:51 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-28 23:51 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-28 23:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-28 23:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-28 23:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-28 23:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-28 23:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-28 23:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-28 23:49 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-28 23:49 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-28 23:49 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-28 23:49 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-28 23:49 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-28 23:49 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-28 23:49 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-28 23:49 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-28 23:49 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-28 23:49 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-28 23:49 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-28 23:49 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-28 23:49 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-28 23:48 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-28 23:48 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-28 23:48 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-28 23:48 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-28 23:48 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-28 23:48 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-28 23:33 - 2015-05-28 23:33 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-01 21:27 - 2010-01-20 01:12 - 01795489 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 21:21 - 2011-07-29 08:38 - 00003500 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-01 21:21 - 2011-07-29 08:38 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-01 21:21 - 2011-07-29 08:38 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-01 21:14 - 2013-02-13 17:18 - 00000550 _____ () C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2015-06-01 21:13 - 2009-07-14 06:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:13 - 2009-07-14 06:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 21:03 - 2013-06-13 09:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-01 21:03 - 2013-06-13 09:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 21:03 - 2012-04-08 13:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-01 21:03 - 2011-06-08 08:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 20:59 - 2015-01-21 00:32 - 00004795 _____ () C:\Windows\setupact.log
2015-06-01 20:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 20:58 - 2009-07-14 06:45 - 00541624 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-06-01 20:56 - 2009-07-14 19:58 - 00751858 _____ () C:\Windows\system32\perfh007.dat
2015-06-01 20:56 - 2009-07-14 19:58 - 00170598 _____ () C:\Windows\system32\perfc007.dat
2015-06-01 20:56 - 2009-07-14 07:13 - 01768306 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 20:54 - 2014-12-13 15:13 - 00000000 ____D () C:\Windows\system32\appraiser
2015-06-01 20:54 - 2014-05-06 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-06-01 20:54 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2015-06-01 20:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-29 09:02 - 2010-01-20 01:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-29 09:01 - 2010-06-15 16:53 - 01742586 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-29 09:00 - 2013-08-18 12:49 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-29 08:48 - 2013-09-09 21:10 - 00000000 ____D () C:\ProgramData\Skype
2015-05-29 08:43 - 2012-05-20 11:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-29 08:35 - 2012-10-15 19:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-29 08:10 - 2010-01-20 01:18 - 00000000 ____D () C:\Users\Andreas
2015-05-29 08:07 - 2015-01-20 23:00 - 00000000 ____D () C:\Users\Andreas\Desktop\Adware Infizierung
2015-05-29 08:07 - 2010-10-27 22:18 - 00000000 ____D () C:\Users\Andreas\Johanna
2015-05-29 07:54 - 2010-02-15 13:56 - 00000000 ____D () C:\ProgramData\Lenovo
2015-05-29 07:45 - 2011-02-16 20:04 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-05-29 07:45 - 2010-04-15 21:17 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2015-05-29 07:45 - 2010-01-20 02:32 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-05-29 07:43 - 2010-01-20 03:06 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-05-29 02:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-29 00:10 - 2010-04-15 21:12 - 00000000 ____D () C:\SWSHARE
2015-05-29 00:10 - 2010-01-20 01:38 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-28 23:57 - 2014-12-14 13:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-28 23:42 - 2010-12-10 16:47 - 00000000 ____D () C:\Users\Andreas\Geschäftlich
2015-05-28 23:33 - 2014-09-26 13:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-28 23:33 - 2013-06-27 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-28 23:33 - 2013-06-27 00:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-28 23:20 - 2013-06-27 00:07 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-28 23:20 - 2013-06-27 00:06 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-28 23:20 - 2013-06-27 00:06 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-28 23:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-28 23:04 - 2014-09-24 10:51 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
==================== Files in the root of some directories =======
2013-05-08 23:14 - 2013-06-26 22:41 - 0000697 _____ () C:\Users\Andreas\AppData\Roaming\ConvAPIPlugin.log
2011-01-30 15:38 - 2011-05-06 14:35 - 0038423 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-05-06 14:49 - 2011-05-06 14:49 - 0012955 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-06-14 15:05 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Roaming\winscp.rnd
2010-05-05 00:50 - 2015-03-21 01:16 - 0021504 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 15:52 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Local\PUTTY.RND
2011-10-21 16:26 - 2011-10-21 16:26 - 0001472 _____ () C:\Users\Andreas\AppData\Local\RecConfig.xml
2014-05-23 13:31 - 2014-05-23 13:31 - 0000857 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2011-03-03 18:27 - 2013-11-22 10:21 - 0007608 _____ () C:\Users\Andreas\AppData\Local\resmon.resmoncfg
2010-01-21 21:16 - 2014-02-08 22:32 - 0038412 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-29 02:00
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Andreas at 2015-06-01 21:31:08
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2103261752-1737089908-2043903725-500 - Administrator - Disabled)
Andreas (S-1-5-21-2103261752-1737089908-2043903725-1001 - Administrator - Enabled) => C:\Users\Andreas
Gast (S-1-5-21-2103261752-1737089908-2043903725-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2103261752-1737089908-2043903725-1002 - Limited - Enabled)
TEST (S-1-5-21-2103261752-1737089908-2043903725-1006 - Limited - Enabled) => C:\Users\TEST
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agenda (HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Agenda) (Version: - Leonardo Javier Alassia)
AMD Catalyst Install Manager (HKLM\...\{72DECC0F-58E0-0618-C857-43B4D3DB7B75}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
ATI Uninstaller (HKLM\...\ATI Uninstaller) (Version: 8.792.5.2-120504a-138564C-Lenovo - ATI Technologies, Inc.)
AuthenTec TrueSuite (HKLM\...\{E6C44758-FF49-47D1-8182-65E3818ACE23}) (Version: 2.0.0.57 - AuthenTec, Inc.)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
B110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
ccc-core-static (x32 Version: 2012.0504.2334.40448 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ChemSep 6.96 (HKLM-x32\...\ChemSepL6v96) (Version: 6.96 - ChemSep)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
COCO (HKLM\...\COCO) (Version: 2.7 - AmsterCHEM)
Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.10.0 - Conexant)
COSMOthermCO-LITE-C30-1201 (HKLM-x32\...\COSMOthermCO-LITE-C30-1201) (Version: - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DocMgr (x32 Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Dropbox) (Version: 2.6.7 - Dropbox, Inc.)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.65.1 - Lenovo Group Limited)
Excel CAPE-OPEN Unit Operation (HKLM-x32\...\ExcelUO) (Version: - AmsterCHEM)
FastSum 1.7 Standard Edition and FastSum 1.9 Command-Line Editi (HKLM-x32\...\FastSum_is1) (Version: - Kirill Zinov)
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.6.8.0 - Androxyde)
Foxit Reader 5.1 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
Free YouTube Download version 3.0.20.1228 (HKLM-x32\...\Free YouTube Download_is1) (Version: - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.56.301 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.56.301 - DVDVideoSoft Ltd.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GO Contact Sync Mod (HKLM-x32\...\{82126A52-6AB6-4D1B-A89C-8F1C7790B55A}) (Version: 3.5.1 - WebGear, Create Software, Stru.be, saller.NET)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.09) (Version: 9.09 - Artifex Software Inc.)
GraphCalc v4.0.1 (HKLM-x32\...\GraphCalc v4.0.1_is1) (Version: - )
Greenshot 1.1.5.2643 (HKLM\...\Greenshot_is1) (Version: 1.1.5.2643 - Greenshot)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.27.00 - Hyperionics Technology LLC)
ImageJ 1.44p (HKLM-x32\...\ImageJ_is1) (Version: - NIH)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Integrated Camera Driver Installer Package Ver.1.32.500.0 (HKLM-x32\...\{82EB6CEA-749A-410F-8AD2-372A286BA3BE}) (Version: 1.32.500.0 - RICOH)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.1 - Intel)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Java(TM) SE Development Kit 6 Update 17 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160170}) (Version: 1.6.0.170 - Sun Microsystems, Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.00 - )
Lenovo Fingerprint Software (HKLM\...\{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}) (Version: 3.3.2.43 - AuthenTec, Inc.)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0037 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.9.8 - Magical Jelly Bean)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mathcad 15 M010 (HKLM-x32\...\{8FD0167F-A752-467A-86BE-3728D71F68B8}) (Version: 15.0.1.0 - PTC)
Mathcad 8 Professional (HKLM-x32\...\Mathcad 8 Professional) (Version: - )
Mathcad PDSi viewable support (HKLM-x32\...\Mathcad PDSi viewable support) (Version: 9.0.0 - Adobe Systems)
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
Mathcad Prime 1.0 (HKLM-x32\...\{A52BF788-47BD-48E4-975A-AE5F107D559E}) (Version: 1.0 - PTC)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.0 - Design Science, Inc.)
MATLAB R2012b (HKLM\...\Matlab R2012b) (Version: 8.0 - The MathWorks, Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B0-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Math Add-in for Word 2007 (HKLM-x32\...\{47D0C5E6-9FBA-49DB-8F88-BFAA5BA38646}) (Version: 3.5.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0080-0407-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection (HKLM\...\{E735E90E-FE0B-4B10-90D5-4AC6D3899BFD}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{CBCDC8C3-8783-4AAC-BB72-31FB8A5E63CB}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.1 - F.J. Wechselberger)
Nero 9 Lite (HKLM-x32\...\{34d62ea3-2b56-46fe-b845-4d09ed66c415}) (Version: - Nero AG)
NetBeans IDE 6.8 (HKLM-x32\...\nbi-nb-base-6.8.0.0.0) (Version: 6.8 - NetBeans.org)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{AF88496B-4BBA-4922-97E9-2582D3A28358}) (Version: 7.1.48.0 - Nokia)
Nokia Map Loader (HKLM-x32\...\{45D4F727-43B5-49CD-B474-B9866A8F4FB8}) (Version: 3.0.28 - Nokia)
Nokia Software Updater (HKLM-x32\...\{889D48DA-457F-4C8B-9095-6458F2793B12}) (Version: 3.0.605 - Nokia Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.6.8 - )
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Olympus NDT TomoViewer 2.9R10 (HKLM-x32\...\{F7CAEFDF-CEAE-4BBB-AAEF-0F9F93517A4D}) (Version: 2.9.263 - Olympus NDT)
OpenRA (HKLM-x32\...\OpenRA) (Version: - OpenRA developers)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
PC Connectivity Solution (HKLM-x32\...\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}) (Version: 11.5.13.0 - Nokia)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.1.0 - )
Presenter version 1.27 (HKLM-x32\...\{F5A954ED-07FE-4DFB-8763-F4AD47D79218}_is1) (Version: 1.27 - Ratisbonsoft)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
'PTC Places' Namespace Shell Extension (HKLM-x32\...\{A9FAD2D5-1C42-4C5C-B5DD-291DA9863BEA}) (Version: 1.1.16 - PTC)
PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0027.00 - Lenovo Group Limited)
RICOH R5U8xx Media Driver ver.3.64.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.64.02 - RICOH)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scientific WorkPlace 5.0 (HKLM-x32\...\{DA6B13CF-A177-42DF-B416-A1EFDD8E7693}) (Version: - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Service (HKLM-x32\...\Update Service) (Version: 2.11.12.5 - Sony Ericsson Mobile Communications AB)
Sony PC Companion 2.10.030 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.030 - Sony)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
The Battle for Middle-earth (tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
The Battle for Middle-earth (tm) II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
The Lord of the Rings, The Rise of the Witch-king (HKLM-x32\...\{B931FB80-537A-4600-00AD-AC5DEDB6C25B}) (Version: - )
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.60.4.0 - Lenovo Group Limited)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USEPA Cape Open Class Library with WAR Add-In (HKLM-x32\...\{174EB4DF-7074-4405-A775-361B205C9BE1}) (Version: 1.4.17 - USEPA)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualDubMOD 1.5.10.3 US (HKLM-x32\...\{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1) (Version: 1.5.10.3 - Trad-Fr)
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
VNC Free Edition 4.1.3 (HKLM-x32\...\RealVNC_is1) (Version: 4.1.3 - RealVNC Ltd.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windchill ProductPoint Client Manager-2.0_2011.01.10.001 (HKLM-x32\...\{371E8B48-2AF1-491B-8F35-BD60D18CB927}) (Version: 2.0.2310 - PTC)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Acer, Inc (androidusb) USB (12/20/2011 1.0.0010.00000) (HKLM\...\3A22385941281AFEE4CDB6EE09AB8D0BF418CE17) (Version: 12/20/2011 1.0.0010.00000 - Acer, Inc)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Linux Developer Community Net (12/08/2011 5.1.2600.2781) (HKLM\...\AAA1ACCA6262EC232B355F1427BDDE4D745AFBC1) (Version: 12/08/2011 5.1.2600.2781 - Linux Developer Community)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29) (HKLM\...\05FBE63CF9C9B3424152207E7278CD6DA193C56C) (Version: 07/02/2010 8.6.0.29 - AuthenTec Inc.)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinSCP 4.2.7 (HKLM-x32\...\winscp3_is1) (Version: 4.2.7 - Martin Prikryl)
ZTE Handset USB Driver 5.2066.1.7 (HKLM\...\{EBED0919-4BD0-4718-BA7A-5D2B503F9BC6}_is1) (Version: 5.2066.1.7 - ZTE Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{E4A346EA-B80E-47fe-ADAC-EF43A52BF356}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
21-03-2015 00:01:49 Windows Update
29-05-2015 02:06:22 Geplanter Prüfpunkt
29-05-2015 08:41:56 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {05718F80-448E-4010-9C23-25849BBF655A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-01] (Adobe Systems Incorporated)
Task: {072AED09-DD63-41EF-AB5E-32F01C0528AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {07A9F85D-8E51-4ACA-A7A5-D6BC6B2B3CB8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {11A746E8-3AB4-4BCD-923C-C8B0650E8499} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {16F9E1ED-1AA1-4AC3-B9D4-AFDD075668E4} - System32\Tasks\{39506F0F-CD8D-46BA-9422-C10D88883F52} => D:\Setup.exe
Task: {1B69203F-63D9-43A7-8CFF-FAE74E9311A4} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {2EB36D48-F07C-44F2-871D-692BB444E4E3} - System32\Tasks\{2FE0267F-1FAB-482C-98DE-C1F07701BF33} => C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [2009-10-30] ()
Task: {31AF6D2D-2BDB-4A63-A440-957EBB8B67F1} - System32\Tasks\{99FE7198-08E1-4F54-860E-B44DBD051CD3} => E:\SETUP95\INSTALL.EXE
Task: {37334EF3-47AA-4F1C-B024-741F169A90FF} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2014-03-20] (Lenovo Group Limited)
Task: {386B503B-38DD-456C-B73D-E5050AD8CAEC} - System32\Tasks\{50E4B636-85BC-44FE-A51C-F5A51004987B} => pcalua.exe -a C:\Users\Andreas\Desktop\8-12_vista32_dd_ccc_wdm_enu_72275.exe -d C:\Users\Andreas\Desktop
Task: {40C5A3DC-FF6E-4D51-93F4-065E69C9119D} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {553A62E9-1204-4A7D-98BC-A8219BF29A39} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-05-15] ()
Task: {69833B16-9DFA-4FCD-A581-15AF6D229E0C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {7AE66627-B97D-4D0E-8EEC-F58D379F0B1C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {7EA3B71C-7460-4D02-A7C2-33D71838AC58} - System32\Tasks\{CBEEF266-B7E8-4694-99C4-6718FCB5900D} => C:\GAMES\REDALERT\RA95.EXE
Task: {82B0F8A8-3D1D-4707-B07C-2BD564BD7FB5} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {8794ACF2-3BA9-4197-83FC-2ECDE42F73A9} - System32\Tasks\{B63769F4-D412-4D11-B866-3033C7EE7875} => pcalua.exe -a C:\Users\Andreas\Desktop\MATLAB\MLA1206_common\MLA1206\setup.exe -d C:\Users\Andreas\Desktop\MATLAB\MLA1206_common\MLA1206
Task: {9198042A-1D7E-40B8-81E7-FB3173E383BF} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {927C67FB-9760-45BC-8FA8-062CD04C684C} - System32\Tasks\{6E14B4E6-07B5-4C21-8DA7-3F7785D42904} => pcalua.exe -a C:\Users\Andreas\Desktop\winsdk_web.exe -d C:\Users\Andreas\Desktop
Task: {96ECBF4F-BBF9-4307-A6E3-9A86D84F4F3A} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-04-01] (PC-Doctor, Inc.)
Task: {99D5640A-2108-491D-8143-4B9EDF4ECA1E} - System32\Tasks\{2DB39F84-50E8-4986-AC48-68825432A62A} => pcalua.exe -a C:\Users\Andreas\Desktop\sl-6530\SL-6530\Setup.EXE -d C:\Users\Andreas\Desktop\sl-6530\SL-6530
Task: {9AADE869-6C63-424A-8EE3-8F657B175E99} - System32\Tasks\{BAE541B2-E271-4E81-B824-F709B6B50037} => E:\SETUP95\INSTALL.EXE
Task: {A4849CDF-25CA-4054-96B6-C9A5EEF190AE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {AC0DCD99-6363-488F-BA9B-707D361E4138} - System32\Tasks\Opera scheduled Autoupdate 1422026928 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {B96546EF-4E1E-4E98-B763-696B5FEA4602} - System32\Tasks\{1E965D09-068E-482B-B218-A9375DD26C1F} => pcalua.exe -a D:\setup.exe -d D:\
Task: {BFDE13BB-CDB7-473F-8025-7D7EFE094EEA} - System32\Tasks\{E83CFB57-C5AD-4E52-804C-A22E7CACAB3C} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {C53E76E8-ABEB-40A5-818E-876CDAEFA5F2} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {CD53BEBF-59FC-48E0-BF57-FAE38109BE8A} - System32\Tasks\MATLAB R2012b Startup Accelerator => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-07-20] ()
Task: {D9B8676D-859A-4189-AEBA-74647678DE89} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23] (Microsoft Corporation)
Task: {F1432B67-F238-4878-B78B-13B1989BF8B3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {F5753209-18EC-4BC5-ACD9-BA86C3AE0EA4} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {FACA914E-1A15-412E-9497-A74228094406} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job => C:\Program Files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeq-backgroundmon scripts\backgroundmon.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (Whitelisted) ==============
2010-10-21 04:09 - 2010-10-21 04:09 - 00117760 _____ () C:\Windows\system32\DTS.exe
2011-07-27 21:07 - 2011-07-27 21:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-03-01 20:47 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-01-20 02:21 - 2014-03-20 06:05 - 00117760 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2009-11-25 01:36 - 2009-11-25 01:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-04 23:33 - 2012-05-04 23:33 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-03-26 17:44 - 2013-03-26 17:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2009-09-25 16:16 - 2009-09-25 16:16 - 00241664 _____ () C:\Program Files (x86)\Lenovo\Rescue and Recovery\CDRecord.dll
2009-09-25 16:29 - 2009-09-25 16:29 - 00247096 _____ () C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:A2C6D38F
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Calendar Sync.lnk => C:\Windows\pss\Google Calendar Sync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: GoogleContactSync => C:\Program Files (x86)\WebGear\GO Contact Sync\GOContactSync.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NSU_agent => "C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
MSCONFIG\startupreg: PicPick Start => C:\Program Files (x86)\PicPick\picpick.exe /startup
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{CD13AF83-2A16-4451-951C-6944D37ACAE9}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [UDP Query User{7EE4F072-E5D4-47E1-842D-3AF29DAC619D}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe
FirewallRules: [{59C04CF6-3F73-48F3-AB9F-F9AB74B7C839}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6E2E3A15-0C57-45B9-A649-E5903531D56A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5AE5F262-D642-409A-A968-05B9CA375B21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{508D3E22-457E-4975-B97A-8E9083DC4E42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1D93FCEF-751E-47F8-9057-B8CA0D92EC0C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{C425CAA4-C8E0-492E-88E9-0A4E5BB51391}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{D2A34483-34E5-454B-8037-BF73FA013318}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{5287D644-46C3-4E40-848D-42953DD35E17}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{04ED88F0-7C0C-4966-885C-3130ABC80DD7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A1E9B521-A9A9-4067-ADE3-C8BA6A781E95}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{2BABE91E-9E74-4728-A073-E4ED3AE7DEB2}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{070D0525-278E-43BA-8AD9-37681A50B6AB}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{E4051789-9CFC-461E-AB5E-FE0CC1F8F158}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth (tm)\game.dat
FirewallRules: [{BD805E2D-B834-4846-BD0C-AF7A36522D19}] => (Allow) C:\Program Files (x86)\EA GAMES\The Battle for Middle-earth (tm)\game.dat
FirewallRules: [TCP Query User{77FE98A9-7DD5-4AEC-B779-B6F8EAC28F1A}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{92D32FD6-9C0C-4149-8DF8-98794B3AE9BB}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1C2BC07E-1E3E-4487-A544-AA1D1DA34E3E}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat
FirewallRules: [{F75CA605-472C-44D0-80A2-E5E455E8A5F3}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat
FirewallRules: [TCP Query User{3D5DB7B9-C4AD-4543-80EF-372121DD6897}C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\patchget.dat] => (Allow) C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\patchget.dat
FirewallRules: [UDP Query User{791525DA-52A6-43BA-9279-FE79514FBB86}C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\patchget.dat] => (Allow) C:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\patchget.dat
FirewallRules: [TCP Query User{2DABC5E3-49D6-4BB2-92C2-5735E98B84A9}C:\users\andreas\spielchen\blobby volley\volley.exe] => (Block) C:\users\andreas\spielchen\blobby volley\volley.exe
FirewallRules: [UDP Query User{4DAD26D6-1612-4108-B34F-7F2ECEECEB55}C:\users\andreas\spielchen\blobby volley\volley.exe] => (Block) C:\users\andreas\spielchen\blobby volley\volley.exe
FirewallRules: [TCP Query User{9F3D79E4-EBA2-4031-A004-8453A965F1AF}C:\program files (x86)\java\jdk1.6.0_17\bin\javaw.exe] => (Block) C:\program files (x86)\java\jdk1.6.0_17\bin\javaw.exe
FirewallRules: [UDP Query User{ED5D03D5-2007-47CD-B3D4-D41A469814C6}C:\program files (x86)\java\jdk1.6.0_17\bin\javaw.exe] => (Block) C:\program files (x86)\java\jdk1.6.0_17\bin\javaw.exe
FirewallRules: [{75234E7A-F5ED-4DF1-B5BF-EEA275201E64}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{2A066565-C0F5-4615-8250-D87B38119787}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [TCP Query User{D225E120-2256-4540-BD5E-1FC7E07DB03D}C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat] => (Block) C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat
FirewallRules: [UDP Query User{C234421C-0484-4D14-A6BE-315B65AD081A}C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat] => (Block) C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat
FirewallRules: [TCP Query User{8356792D-A5F9-45EE-856F-7D68BA495587}C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat] => (Block) C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat
FirewallRules: [UDP Query User{B3D895B4-8D6C-49D6-81EA-0AA2DCA706D4}C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat] => (Block) C:\users\andreas\spielchen\dune 2000\dune 2000\dune 2000\dune2000.dat
FirewallRules: [{83D4107C-0FE4-47A2-A9CF-6518FE3645EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{125F49D8-0CFD-41A9-985D-C35BC475AC2E}] => (Allow) LPort=2869
FirewallRules: [{304C10F8-C016-4EB8-9A13-59982577D4AD}] => (Allow) LPort=1900
FirewallRules: [{B5E96182-9A71-4F08-AB8A-5E95C358A910}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{7BDBE009-579F-4B29-B6DE-C5EE78A4CF12}] => (Allow) C:\Program Files (x86)\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{C656EA67-E720-483D-919B-3C0945BE5F7F}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{6BBD4A9C-B5A3-44DA-9E3D-D561B974C531}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{BACFFDF0-F72F-47BA-9F01-C127A9C651A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2C19A513-5347-40DB-920B-50E2E1D29023}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{461B4D83-BC4F-4BFC-BFBF-10F1A8B81FCF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{DF03B86B-D61A-4545-80FC-4B52BBC889A5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{A6741337-C832-4EDA-A1FE-21BD49B557B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{105AD552-18CA-4D17-B9B7-AED8EC2B054C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FF71AC5D-FE06-4BE0-9B91-C3EA67420331}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2AC40E4A-AE14-41E0-A706-D0320EB6BD3D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3427CBAA-D3D8-4A3A-951E-A5B22ED2FB97}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{3506EF8F-5FD9-49F5-88E1-22713EED8EEA}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{A3F53041-E8C3-4BD7-837C-557E76B2B60C}] => (Allow) C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{874F5915-5456-4A89-8FFF-2D7A82DCD8BC}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{EBBC009B-75F7-4BAE-BC20-F3C1FDFEB72F}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{EEBF623C-714A-4C1D-8387-0E72EEFE6BE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A9DD803-0FE3-4902-AB16-C005009497EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/01/2015 09:26:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:26:06:9560)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt
Error: (06/01/2015 09:26:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:26:06:9400)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
Error: (06/01/2015 09:26:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:26:06:9090)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt
Error: (06/01/2015 09:26:06 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:26:06:8470)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt
Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7320)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt
Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7320)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7310)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.body locale: PCDLocale: language = de, customer = lenovo, variant = ltt
Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7310)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExtendWarranty.title locale: PCDLocale: language = de, customer = lenovo, variant = ltt
Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7270)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt
Error: (06/01/2015 09:24:10 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5452) Asapi: (21:24:10:7270)(5452) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.ExpiringWarranty.button.text locale: PCDLocale: language = de, customer = lenovo, variant = ltt
System errors:
=============
Error: (06/01/2015 09:05:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%16405
Error: (06/01/2015 09:03:02 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (06/01/2015 08:55:45 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (06/01/2015 08:53:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/29/2015 09:04:16 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/29/2015 08:14:22 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/29/2015 08:11:10 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/29/2015 06:36:26 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (05/29/2015 06:33:34 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0
Error: (05/28/2015 11:08:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Microsoft Office:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-10-01 19:24:41.998
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-01 19:24:41.652
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-04-19 10:48:52.466
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Andreas\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-04-19 10:48:52.403
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\Andreas\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P9500 @ 2.53GHz
Percentage of memory in use: 43%
Total physical RAM: 8088.03 MB
Available physical RAM: 4582.75 MB
Total Pagefile: 16174.25 MB
Available Pagefile: 12393.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.33 GB) (Free:38.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1669C708)
Partition 1: (Active) - (Size=292.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5.8 GB) - (Type=12)
==================== End of log ============================
|
|
01.06.2015, 21:45
| #3 |
| | PUA/iLivid.Gen auf Win7x64 Notebook Teil 3 GMER:
__________________Code:
ATTFilter GMER Logfile: Noch zur Info, da es schon einmal angesprochen wurde: Bin Student auf einer TU in Österreich. Win7 Professional, Office 2007 Enterprise usw. sind Studentenversionen von meiner Universität. Ich bitte um Hilfe zur vollständigen Bereinigung. Danke im Voraus! |
|
03.06.2015, 18:02
| #4 |
| /// the machine /// TB-Ausbilder    | PUA/iLivid.Gen auf Win7x64 Notebook hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2015, 14:28
| #5 |
| | PUA/iLivid.Gen auf Win7x64 Notebook Hallo, vielen Dank für die Hilfe. Combofix ist jetzt fertig. Ich habe vor dem Start von Combofix den AntiVir Echtzeitscanner deakiviert. Mit dem Start von Combofix ist dann aber nach kurzer Zeit eine AntiVir Meldung bezüglich Registry gekommen. Code:
ATTFilter Exportierte Ereignisse:
04.06.2015 14:29 [Echtzeit-Scanner] Registry blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
blockiert.
Während des Combofix Scans sind 2-3 Fehlermeldungen gekommen, wo es drum ging, dass von einer Registry-Datei kein Backup erstellt werden konnte bzw. dass eine Systemdatei nicht wiederhergestellt werden konnte. Es wurde bei den Meldungen mit Ja/Nein gefragt, ob man trotzdem weitermachen soll. Ich hab immer mit Ja bestätigt. Ich kann mich an den genauen Wortlaut leider nicht mehr erinnern. Nach dem Neustart habe ich, da der Bildschirm lange Zeit schwarz blieb die Maus etwas bewegt und mit den FN Tasten versucht, die Bildschirmhelligkeit zu erhöhen. Um ehrlich zu sein, hatte ich Angst, dass das Notbook im Eimer ist.  Kurze Zeit danach wurde der Desktop dann doch geladen und das Combofix-Fenster tauchte wieder auf. Hier das Log-File von Combofix: Code:
ATTFilter Combofix Logfile: Ich hoffe, meine Ungeduld und meine Unfähigkeit AntiVir vollständig abzuschalten hatten keine negativen Auswirkungen auf die Arbeit von Combofix?! Geändert von lab-star (04.06.2015 um 14:39 Uhr) |
|
05.06.2015, 11:04
| #6 |
| /// the machine /// TB-Ausbilder | PUA/iLivid.Gen auf Win7x64 Notebook passt  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> PUA/iLivid.Gen auf Win7x64 Notebook |
|
09.06.2015, 07:32
| #7 |
| | PUA/iLivid.Gen auf Win7x64 Notebook Hi, anbei die Log-Files. Hat leider etwas lange Gedauert, hatte die letzten Tage leider keine Zeit für mein Notebook. MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.06.2015 Suchlauf-Zeit: 06:57:55 Logdatei: MBAM.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.09.01 Rootkit Datenbank: v2015.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Andreas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 442824 Verstrichene Zeit: 41 Min, 45 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 09/06/2015 um 07:57:20
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-08.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Andreas - ANDREAS-PC
# Gestarted von : C:\Users\Andreas\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\HPAppData
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\ConvAPIPlugin.log
Datei Gelöscht : C:\Users\TEST\AppData\Roaming\ConvAPIPlugin.log
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKU\.DEFAULT\Software\APN
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Ask.com
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AskToolbar
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v35.0 (x86 de)
-\\ Opera v29.0.1795.60
*************************
AdwCleaner[R0].txt - [1315 Bytes] - [09/06/2015 07:43:47]
AdwCleaner[S0].txt - [1100 Bytes] - [09/06/2015 07:57:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1159 Bytes] ##########
[/CODE] JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Professional x64
Ran by Andreas on 09.06.2015 at 8:12:42,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [Task] C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Andreas\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Andreas\AppData\Roaming\pcdr
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.06.2015 at 8:16:17,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Frisches FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Andreas (administrator) on ANDREAS-PC on 09-06-2015 08:20:06
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available Profiles: Andreas & TEST)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-10-21] (AuthenTec, Inc.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-10-21] (AuthenTec)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\RotateImage\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-06-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2013-06-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001 -> {0DAD6D0C-0E15-4156-BA95-9D9E8E157B43} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\eb4qzeqm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-06-01] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-06-01] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-26]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-06-30]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-10-21] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-06-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-06-04] (Avira Operations GmbH & Co. KG)
S2 ATService; C:\Windows\system32\ATService.exe [2715456 2010-10-21] (AuthenTec, Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-10-21] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-09-14] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-11] (Synaptics, Inc.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2009-09-25] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
S2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 5U875UVC; C:\Windows\System32\DRIVERS\RCUVCMNP.sys [220032 2009-10-23] (Ricoh co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-05-28] (Avira Operations GmbH & Co. KG)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2011-05-09] (Google Inc)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [11776 2010-10-20] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-27] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2010-10-18] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [127056 2010-10-18] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2010-10-18] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 08:16 - 2015-06-09 08:16 - 00000967 _____ C:\Users\Andreas\Desktop\JRT.txt
2015-06-09 08:12 - 2015-06-09 08:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ANDREAS-PC-Windows-7-Professional-(64-bit).dat
2015-06-09 08:12 - 2015-06-09 08:12 - 00000000 ____D C:\RegBackup
2015-06-09 08:11 - 2015-06-09 08:11 - 02943663 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT.exe
2015-06-09 08:02 - 2015-06-09 08:02 - 00001239 _____ C:\Users\Andreas\Desktop\AdwCleaner[S0].txt
2015-06-09 07:43 - 2015-06-09 07:57 - 00000000 ____D C:\AdwCleaner
2015-06-09 07:42 - 2015-06-09 07:42 - 02231296 _____ C:\Users\Andreas\Desktop\AdwCleaner_4.206.exe
2015-06-09 07:41 - 2015-06-09 07:41 - 00001211 _____ C:\Users\Andreas\Desktop\MBAM.txt
2015-06-09 06:52 - 2015-06-09 06:52 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-09 06:52 - 2015-06-09 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-09 06:52 - 2015-06-09 06:52 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-09 06:52 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-09 06:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-09 06:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-09 06:50 - 2015-06-09 06:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-04 15:10 - 2015-06-04 15:10 - 00000378 _____ C:\Users\Andreas\Desktop\Ereignisse_2.txt
2015-06-04 15:00 - 2015-06-04 15:00 - 00030935 _____ C:\ComboFix.txt
2015-06-04 14:29 - 2015-06-04 15:00 - 00000000 ____D C:\Qoobox
2015-06-04 14:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-04 14:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-04 14:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-04 14:28 - 2015-06-04 14:58 - 00000000 ____D C:\Windows\erdnt
2015-06-04 14:26 - 2015-06-04 14:26 - 05628238 ____R (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2015-06-01 22:10 - 2015-01-20 19:54 - 00001515 _____ C:\Users\Andreas\Desktop\Kernel_Power_Shutdown.txt
2015-06-01 22:10 - 2015-01-20 18:42 - 00000800 _____ C:\Users\Andreas\Desktop\Ereignisse.txt
2015-06-01 22:07 - 2015-05-29 08:06 - 00044442 _____ C:\Users\Andreas\Desktop\AVSCAN-20150529-080413-1F3C304D.LOG
2015-06-01 22:07 - 2015-05-29 07:58 - 00059338 _____ C:\Users\Andreas\Desktop\AVSCAN-20150529-063932-33DADCE7.LOG
2015-06-01 22:05 - 2015-06-01 22:06 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-06-01 21:55 - 2015-06-01 21:55 - 00040932 _____ C:\Users\Andreas\Desktop\Gmer.log
2015-06-01 21:33 - 2015-06-01 21:33 - 00380416 _____ C:\Users\Andreas\Desktop\6u9fux59.exe
2015-06-01 21:31 - 2015-06-01 21:31 - 00058847 _____ C:\Users\Andreas\Desktop\Addition.txt
2015-06-01 21:28 - 2015-06-09 08:20 - 00016552 _____ C:\Users\Andreas\Desktop\FRST.txt
2015-06-01 21:27 - 2015-06-09 08:20 - 00000000 ____D C:\FRST
2015-06-01 21:26 - 2015-06-09 08:19 - 02108928 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2015-06-01 20:53 - 2015-06-01 21:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-01 20:53 - 2015-06-01 20:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-29 08:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:36 - 2015-05-29 08:36 - 00767664 _____ C:\Users\Andreas\Desktop\Trojanerboard_Anleitung.xps
2015-05-29 08:10 - 2015-06-01 21:22 - 00000528 _____ C:\Users\Andreas\Desktop\defogger_disable.log
2015-05-29 08:10 - 2015-05-29 08:10 - 00000020 _____ C:\Users\Andreas\defogger_reenable
2015-05-29 08:09 - 2015-05-29 08:09 - 00050477 _____ C:\Users\Andreas\Desktop\Defogger.exe
2015-05-29 00:10 - 2015-05-29 00:10 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422026928
2015-05-28 23:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-28 23:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-28 23:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-28 23:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-28 23:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-28 23:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-28 23:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-28 23:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-28 23:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-28 23:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-28 23:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-28 23:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-28 23:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-28 23:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-28 23:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-28 23:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-28 23:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-28 23:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-28 23:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-28 23:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-28 23:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-28 23:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-28 23:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-28 23:51 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-28 23:51 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-28 23:51 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-28 23:51 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-28 23:51 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-28 23:51 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-28 23:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-28 23:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-28 23:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-28 23:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-28 23:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-28 23:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-28 23:49 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-28 23:49 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-28 23:49 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-28 23:49 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-28 23:49 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-28 23:49 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-28 23:49 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-28 23:49 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-28 23:49 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-28 23:49 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-28 23:49 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-28 23:49 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-28 23:49 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-28 23:48 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-28 23:48 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-28 23:48 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-28 23:48 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-28 23:48 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-28 23:48 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-28 23:33 - 2015-05-28 23:33 - 00001095 _____ C:\Users\Public\Desktop\Avira.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-09 08:20 - 2009-07-14 06:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-09 08:20 - 2009-07-14 06:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-09 08:09 - 2010-01-20 01:12 - 01896753 _____ C:\Windows\WindowsUpdate.log
2015-06-09 08:06 - 2013-02-13 17:18 - 00000550 _____ C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2015-06-09 08:05 - 2013-06-13 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 07:59 - 2015-01-21 00:32 - 00005187 _____ C:\Windows\setupact.log
2015-06-09 07:59 - 2011-07-29 08:38 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-09 07:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 07:58 - 2015-03-21 21:10 - 00368930 _____ C:\Windows\PFRO.log
2015-06-09 06:53 - 2014-03-31 14:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-09 06:46 - 2011-07-29 08:38 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-09 06:45 - 2011-07-29 08:38 - 00003500 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-04 15:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-04 14:52 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-04 14:51 - 2010-01-20 01:38 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-04 14:44 - 2009-07-14 04:34 - 68943872 _____ C:\Windows\system32\config\components.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-04 14:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-04 14:24 - 2013-06-27 00:11 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Avira
2015-06-04 14:02 - 2013-06-27 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-04 14:00 - 2012-05-16 19:30 - 00000000 ____D C:\ProgramData\Avira
2015-06-04 13:57 - 2013-06-27 00:06 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-04 13:57 - 2013-06-27 00:06 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-01 21:03 - 2013-06-13 09:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-01 21:03 - 2012-04-08 13:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-01 21:03 - 2011-06-08 08:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 20:58 - 2009-07-14 06:45 - 00541624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 20:56 - 2009-07-14 19:58 - 00751858 _____ C:\Windows\system32\perfh007.dat
2015-06-01 20:56 - 2009-07-14 19:58 - 00170598 _____ C:\Windows\system32\perfc007.dat
2015-06-01 20:56 - 2009-07-14 07:13 - 01768306 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-01 20:54 - 2014-12-13 15:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-01 20:54 - 2014-05-06 23:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-01 20:54 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-01 20:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-29 09:02 - 2010-01-20 01:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-29 09:01 - 2010-06-15 16:53 - 01742586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-29 09:00 - 2013-08-18 12:49 - 00000000 ____D C:\Windows\system32\MRT
2015-05-29 08:48 - 2013-09-09 21:10 - 00000000 ____D C:\ProgramData\Skype
2015-05-29 08:43 - 2012-05-20 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-29 08:35 - 2012-10-15 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-29 08:10 - 2010-01-20 01:18 - 00000000 ____D C:\Users\Andreas
2015-05-29 08:07 - 2015-01-20 23:00 - 00000000 ____D C:\Users\Andreas\Desktop\Adware Infizierung
2015-05-29 08:07 - 2010-10-27 22:18 - 00000000 ____D C:\Users\Andreas\Johanna
2015-05-29 07:54 - 2010-02-15 13:56 - 00000000 ____D C:\ProgramData\Lenovo
2015-05-29 07:45 - 2011-02-16 20:04 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-05-29 07:45 - 2010-04-15 21:17 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-05-29 07:45 - 2010-01-20 02:32 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-05-29 07:43 - 2010-01-20 03:06 - 00000000 ____D C:\Windows\Downloaded Installations
2015-05-29 02:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-29 00:10 - 2010-04-15 21:12 - 00000000 ____D C:\SWSHARE
2015-05-28 23:57 - 2014-12-14 13:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-28 23:42 - 2010-12-10 16:47 - 00000000 ____D C:\Users\Andreas\Geschäftlich
2015-05-28 23:33 - 2014-09-26 13:50 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-28 23:33 - 2013-06-27 00:06 - 00000000 ____D C:\Program Files (x86)\Avira
2015-05-28 23:20 - 2013-06-27 00:06 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-28 23:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2011-01-30 15:38 - 2011-05-06 14:35 - 0038423 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-05-06 14:49 - 2011-05-06 14:49 - 0012955 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-06-14 15:05 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Roaming\winscp.rnd
2010-05-05 00:50 - 2015-03-21 01:16 - 0021504 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 15:52 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Local\PUTTY.RND
2011-10-21 16:26 - 2011-10-21 16:26 - 0001472 _____ () C:\Users\Andreas\AppData\Local\RecConfig.xml
2014-05-23 13:31 - 2014-05-23 13:31 - 0000857 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2011-03-03 18:27 - 2013-11-22 10:21 - 0007608 _____ () C:\Users\Andreas\AppData\Local\resmon.resmoncfg
2010-01-21 21:16 - 2014-02-08 22:32 - 0038412 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-29 02:00
==================== End of log ============================
Beste Grüße  |
|
09.06.2015, 20:24
| #8 |
| /// the machine /// TB-Ausbilder | PUA/iLivid.Gen auf Win7x64 NotebookESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.06.2015, 07:54
| #9 | |
| | PUA/iLivid.Gen auf Win7x64 Notebook Hi! Sorry, dass es wieder so lange gedauert hat. War letzte Woche beruflich verhindert...  Zitat:
ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fc0825cc943985478aa609d1b11a0bd9
# end=init
# utc_time=2015-06-12 10:16:44
# local_time=2015-06-13 12:16:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24308
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fc0825cc943985478aa609d1b11a0bd9
# end=updated
# utc_time=2015-06-12 10:22:00
# local_time=2015-06-13 12:22:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=fc0825cc943985478aa609d1b11a0bd9
# engine=24308
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-13 02:34:53
# local_time=2015-06-13 04:34:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 59726320 185792743 0 0
# scanned=532516
# found=4
# cleaned=0
# scan_time=15172
sh=28E7682E6C2E29E3CEC11582C6EA8DE78F7A82F9 ft=1 fh=1843afb1c5f71d45 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\HyperCam 2\hctoolbar.exe"
sh=71F296729AE58E14D7E292ADA6FAC98426A86E45 ft=1 fh=398a74cd79f5e672 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Andreas\Software-Setupdateien\FreeStudio.exe"
sh=7D8B34AF8EF5385B76FC7AE691D0F5C9B1412A03 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DF Trojaner" ac=I fn="C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\ACER_AIO_TOOLBOX_v2.3.0\ACER_AIO_TOOLBOX_v2.3.0.zip"
sh=C700B057F08F953383F25CA402BDF8DED81ACCC3 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DF Trojaner" ac=I fn="C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\Root\ICS_rooting_A10x_A5xx\ICS_rooting_A10x_A5xx.zip"
Code:
ATTFilter Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 37
Java(TM) SE Development Kit 6 Update 17
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.188
Adobe Reader XI
Mozilla Firefox 35.0 Firefox out of Date!
Mozilla Thunderbird (31.4.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Andreas (administrator) on ANDREAS-PC on 13-06-2015 08:44:10
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available Profiles: Andreas & TEST)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [358424 2009-08-04] (Intel Corporation)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] => C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-10-21] (AuthenTec, Inc.)
HKLM\...\Run: [FingerPrintSoftware] => C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-10-21] (AuthenTec)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1665824 2014-06-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\RotateImage\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-06-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2013-06-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2103261752-1737089908-2043903725-1001 -> {0DAD6D0C-0E15-4156-BA95-9D9E8E157B43} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\eb4qzeqm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-13] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-06-26]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: ThinkVantage Password Manager - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2014-06-30]
FF HKU\S-1-5-21-2103261752-1737089908-2043903725-1001\...\Firefox\Extensions: [{FCF36B88-1BBA-487f-B64B-D2E8980A9293}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-10-21] () [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-06-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-06-04] (Avira Operations GmbH & Co. KG)
S2 ATService; C:\Windows\system32\ATService.exe [2715456 2010-10-21] (AuthenTec, Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-10-21] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-09-14] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-11] (Synaptics, Inc.)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2009-09-25] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
S2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2009-08-04] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 5U875UVC; C:\Windows\System32\DRIVERS\RCUVCMNP.sys [220032 2009-10-23] (Ricoh co.,Ltd.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-01-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-05-28] (Avira Operations GmbH & Co. KG)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [31744 2011-05-09] (Google Inc)
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [11776 2010-10-20] (HandSet Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-01-27] (Duplex Secure Ltd.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 zghsdiag; C:\Windows\System32\DRIVERS\zghsdiag.sys [129304 2010-10-18] (ZTE Incorporated)
S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [127056 2010-10-18] (ZTE Incorporated)
S3 zghsnmea; C:\Windows\System32\DRIVERS\zghsnmea.sys [129304 2010-10-18] (ZTE Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-13 08:41 - 2015-06-13 08:41 - 00000908 _____ C:\Users\Andreas\Desktop\checkup_security_check.txt
2015-06-13 08:36 - 2015-06-13 08:36 - 00852639 _____ C:\Users\Andreas\Desktop\SecurityCheck.exe
2015-06-13 00:16 - 2015-06-13 00:16 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-13 00:14 - 2015-06-13 00:14 - 02870984 _____ (ESET) C:\Users\Andreas\Desktop\esetsmartinstaller_deu.exe
2015-06-13 00:08 - 2015-06-13 00:08 - 00001080 _____ C:\Users\Public\Desktop\Avira.lnk
2015-06-09 21:50 - 2015-06-09 21:50 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\PCDr
2015-06-09 21:48 - 2015-06-09 21:50 - 00000000 ____D C:\ProgramData\PCDr
2015-06-09 08:22 - 2015-06-09 08:22 - 00056577 _____ C:\Users\Andreas\Desktop\FRST_2.txt
2015-06-09 08:16 - 2015-06-09 08:16 - 00000967 _____ C:\Users\Andreas\Desktop\JRT.txt
2015-06-09 08:12 - 2015-06-09 08:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ANDREAS-PC-Windows-7-Professional-(64-bit).dat
2015-06-09 08:12 - 2015-06-09 08:12 - 00000000 ____D C:\RegBackup
2015-06-09 08:11 - 2015-06-09 08:11 - 02943663 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT.exe
2015-06-09 08:02 - 2015-06-09 07:57 - 00001239 _____ C:\Users\Andreas\Desktop\AdwCleaner[S0].txt
2015-06-09 07:43 - 2015-06-09 07:57 - 00000000 ____D C:\AdwCleaner
2015-06-09 07:42 - 2015-06-09 07:42 - 02231296 _____ C:\Users\Andreas\Desktop\AdwCleaner_4.206.exe
2015-06-09 07:41 - 2015-06-09 07:41 - 00001211 _____ C:\Users\Andreas\Desktop\MBAM.txt
2015-06-09 06:52 - 2015-06-09 06:52 - 00001066 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-09 06:52 - 2015-06-09 06:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-09 06:52 - 2015-06-09 06:52 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-09 06:52 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-09 06:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-09 06:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-09 06:50 - 2015-06-09 06:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-04 15:10 - 2015-06-04 15:10 - 00000378 _____ C:\Users\Andreas\Desktop\Ereignisse_2.txt
2015-06-04 15:00 - 2015-06-04 15:00 - 00030935 _____ C:\ComboFix.txt
2015-06-04 14:29 - 2015-06-04 15:00 - 00000000 ____D C:\Qoobox
2015-06-04 14:29 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-04 14:29 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-04 14:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-04 14:29 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-04 14:28 - 2015-06-04 14:58 - 00000000 ____D C:\Windows\erdnt
2015-06-04 14:26 - 2015-06-04 14:26 - 05628238 ____R (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2015-06-01 22:10 - 2015-01-20 19:54 - 00001515 _____ C:\Users\Andreas\Desktop\Kernel_Power_Shutdown.txt
2015-06-01 22:10 - 2015-01-20 18:42 - 00000800 _____ C:\Users\Andreas\Desktop\Ereignisse.txt
2015-06-01 22:07 - 2015-05-29 08:06 - 00044442 _____ C:\Users\Andreas\Desktop\AVSCAN-20150529-080413-1F3C304D.LOG
2015-06-01 22:07 - 2015-05-29 07:58 - 00059338 _____ C:\Users\Andreas\Desktop\AVSCAN-20150529-063932-33DADCE7.LOG
2015-06-01 22:05 - 2015-06-01 22:06 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2015-06-01 21:55 - 2015-06-01 21:55 - 00040932 _____ C:\Users\Andreas\Desktop\Gmer.log
2015-06-01 21:33 - 2015-06-01 21:33 - 00380416 _____ C:\Users\Andreas\Desktop\6u9fux59.exe
2015-06-01 21:31 - 2015-06-01 21:31 - 00058847 _____ C:\Users\Andreas\Desktop\Addition.txt
2015-06-01 21:28 - 2015-06-13 08:44 - 00016630 _____ C:\Users\Andreas\Desktop\FRST.txt
2015-06-01 21:27 - 2015-06-13 08:44 - 00000000 ____D C:\FRST
2015-06-01 21:26 - 2015-06-09 08:19 - 02108928 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2015-06-01 20:53 - 2015-06-01 21:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-01 20:53 - 2015-06-01 20:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-29 08:48 - 2015-05-29 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-29 08:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-29 08:36 - 2015-05-29 08:36 - 00767664 _____ C:\Users\Andreas\Desktop\Trojanerboard_Anleitung.xps
2015-05-29 08:10 - 2015-06-01 21:22 - 00000528 _____ C:\Users\Andreas\Desktop\defogger_disable.log
2015-05-29 08:10 - 2015-05-29 08:10 - 00000020 _____ C:\Users\Andreas\defogger_reenable
2015-05-29 08:09 - 2015-05-29 08:09 - 00050477 _____ C:\Users\Andreas\Desktop\Defogger.exe
2015-05-29 00:10 - 2015-06-13 00:12 - 00003856 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422026928
2015-05-28 23:51 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-28 23:51 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-28 23:51 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-28 23:51 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-28 23:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-28 23:51 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-28 23:51 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-28 23:51 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-28 23:51 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-28 23:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-28 23:51 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-28 23:51 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-28 23:51 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-28 23:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-28 23:51 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-28 23:51 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-28 23:51 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-28 23:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-28 23:51 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-28 23:51 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-28 23:51 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-28 23:51 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-28 23:51 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-28 23:51 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-28 23:51 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-28 23:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-28 23:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-28 23:51 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-28 23:51 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-28 23:51 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-28 23:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-28 23:51 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-28 23:51 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-28 23:51 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-28 23:51 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-28 23:51 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-28 23:51 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-28 23:51 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-28 23:51 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-28 23:51 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-28 23:51 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-28 23:51 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-28 23:51 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-28 23:51 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-28 23:51 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-28 23:51 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-28 23:51 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-28 23:51 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-28 23:51 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-28 23:51 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-28 23:51 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-28 23:51 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-28 23:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-28 23:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-28 23:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-28 23:50 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-28 23:50 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-28 23:50 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-28 23:50 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-28 23:49 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-28 23:49 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-28 23:49 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-28 23:49 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-28 23:49 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-28 23:49 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-28 23:49 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-28 23:49 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-28 23:49 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-28 23:49 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-28 23:49 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-28 23:49 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-28 23:49 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-28 23:49 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-28 23:49 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-28 23:49 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-28 23:49 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-28 23:49 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-28 23:49 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-28 23:49 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-28 23:49 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-28 23:49 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-28 23:49 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-28 23:49 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-28 23:49 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-28 23:49 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-28 23:49 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-28 23:48 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-28 23:48 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-28 23:48 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-28 23:48 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-28 23:48 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-28 23:48 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-28 23:48 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-28 23:48 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-13 08:06 - 2013-02-13 17:18 - 00000550 _____ C:\Windows\Tasks\MATLAB R2012b Startup Accelerator.job
2015-06-13 08:01 - 2013-06-13 09:34 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-13 07:17 - 2010-01-20 01:12 - 02075541 _____ C:\Windows\WindowsUpdate.log
2015-06-13 05:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-06-13 00:19 - 2011-07-29 08:38 - 00003500 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-13 00:19 - 2011-07-29 08:38 - 00003448 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-13 00:19 - 2011-07-29 08:38 - 00000466 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-13 00:12 - 2010-01-20 01:38 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-13 00:11 - 2009-07-14 06:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-13 00:11 - 2009-07-14 06:45 - 00025552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-13 00:08 - 2014-09-26 13:50 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-13 00:08 - 2013-06-27 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-13 00:08 - 2013-06-27 00:06 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-13 00:08 - 2012-05-16 19:30 - 00000000 ____D C:\ProgramData\Avira
2015-06-13 00:07 - 2013-06-13 09:34 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-13 00:06 - 2012-04-08 13:22 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-13 00:06 - 2011-06-08 08:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-13 00:05 - 2015-01-21 00:32 - 00005299 _____ C:\Windows\setupact.log
2015-06-09 07:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-09 07:58 - 2015-03-21 21:10 - 00368930 _____ C:\Windows\PFRO.log
2015-06-09 06:53 - 2014-03-31 14:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 15:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-06-04 14:52 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-04 14:44 - 2009-07-14 04:34 - 68943872 _____ C:\Windows\system32\config\components.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00786432 _____ C:\Windows\system32\config\DEFAULT.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-06-04 14:44 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-06-04 14:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-04 14:24 - 2013-06-27 00:11 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Avira
2015-06-04 13:57 - 2013-06-27 00:06 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-04 13:57 - 2013-06-27 00:06 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-01 20:58 - 2009-07-14 06:45 - 00541624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 20:56 - 2009-07-14 19:58 - 00751858 _____ C:\Windows\system32\perfh007.dat
2015-06-01 20:56 - 2009-07-14 19:58 - 00170598 _____ C:\Windows\system32\perfc007.dat
2015-06-01 20:56 - 2009-07-14 07:13 - 01768306 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-01 20:54 - 2014-12-13 15:13 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-01 20:54 - 2014-05-06 23:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-01 20:54 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-01 20:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-29 09:02 - 2010-01-20 01:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-29 09:01 - 2010-06-15 16:53 - 01742586 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-29 09:00 - 2013-08-18 12:49 - 00000000 ____D C:\Windows\system32\MRT
2015-05-29 08:48 - 2013-09-09 21:10 - 00000000 ____D C:\ProgramData\Skype
2015-05-29 08:43 - 2012-05-20 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-29 08:43 - 2012-05-20 11:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-29 08:35 - 2012-10-15 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-29 08:10 - 2010-01-20 01:18 - 00000000 ____D C:\Users\Andreas
2015-05-29 08:07 - 2015-01-20 23:00 - 00000000 ____D C:\Users\Andreas\Desktop\Adware Infizierung
2015-05-29 08:07 - 2010-10-27 22:18 - 00000000 ____D C:\Users\Andreas\Johanna
2015-05-29 07:54 - 2010-02-15 13:56 - 00000000 ____D C:\ProgramData\Lenovo
2015-05-29 07:45 - 2011-02-16 20:04 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-05-29 07:45 - 2010-04-15 21:17 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2015-05-29 07:45 - 2010-01-20 02:32 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-05-29 07:43 - 2010-01-20 03:06 - 00000000 ____D C:\Windows\Downloaded Installations
2015-05-29 00:10 - 2010-04-15 21:12 - 00000000 ____D C:\SWSHARE
2015-05-28 23:57 - 2014-12-14 13:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-28 23:42 - 2010-12-10 16:47 - 00000000 ____D C:\Users\Andreas\Geschäftlich
2015-05-28 23:20 - 2013-06-27 00:06 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-28 23:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2011-01-30 15:38 - 2011-05-06 14:35 - 0038423 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2011-05-06 14:49 - 2011-05-06 14:49 - 0012955 _____ () C:\Users\Andreas\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-06-14 15:05 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Roaming\winscp.rnd
2010-05-05 00:50 - 2015-03-21 01:16 - 0021504 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-14 15:52 - 2013-11-19 16:09 - 0000600 _____ () C:\Users\Andreas\AppData\Local\PUTTY.RND
2011-10-21 16:26 - 2011-10-21 16:26 - 0001472 _____ () C:\Users\Andreas\AppData\Local\RecConfig.xml
2014-05-23 13:31 - 2014-05-23 13:31 - 0000857 _____ () C:\Users\Andreas\AppData\Local\recently-used.xbel
2011-03-03 18:27 - 2013-11-22 10:21 - 0007608 _____ () C:\Users\Andreas\AppData\Local\resmon.resmoncfg
2010-01-21 21:16 - 2014-02-08 22:32 - 0038412 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\avgnt.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-13 05:01
==================== End of log ============================
Beste Grüße! --- --- --- |
|
14.06.2015, 06:02
| #10 |
| /// the machine /// TB-Ausbilder | PUA/iLivid.Gen auf Win7x64 Notebook Java und Firefox updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\HyperCam 2\hctoolbar.exe
C:\Users\Andreas\Software-Setupdateien\FreeStudio.exe
C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\ACER_AIO_TOOLBOX_v2.3.0\ACER_AIO_TOOLBOX_v2.3.0.zip
C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\Root\ICS_rooting_A10x_A5xx\ICS_rooting_A10x_A5xx.zip
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.06.2015, 15:01
| #11 |
| | PUA/iLivid.Gen auf Win7x64 Notebook Hi! Updates wurden gemacht: Code:
ATTFilter Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 45
Adobe Flash Player 17.0.0.188
Adobe Reader XI
Mozilla Firefox (38.0.6)
Mozilla Thunderbird (31.4.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Andreas at 2015-06-16 12:25:28 Run:1
Running from C:\Users\Andreas\Desktop
Loaded Profiles: Andreas (Available Profiles: Andreas & TEST)
Boot Mode: Normal
==============================================
fixlist content:
*****************
C:\Program Files (x86)\HyperCam 2\hctoolbar.exe
C:\Users\Andreas\Software-Setupdateien\FreeStudio.exe
C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\ACER_AIO_TOOLBOX_v2.3.0\ACER_AIO_TOOLBOX_v2.3.0.zip
C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\Root\ICS_rooting_A10x_A5xx\ICS_rooting_A10x_A5xx.zip
Emptytemp:
*****************
C:\Program Files (x86)\HyperCam 2\hctoolbar.exe => moved successfully.
C:\Users\Andreas\Software-Setupdateien\FreeStudio.exe => moved successfully.
C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\ACER_AIO_TOOLBOX_v2.3.0\ACER_AIO_TOOLBOX_v2.3.0.zip => moved successfully.
C:\Users\Andreas\Software-Setupdateien\Handy-Programme\Acer Iconia a510\Root\ICS_rooting_A10x_A5xx\ICS_rooting_A10x_A5xx.zip => moved successfully.
EmptyTemp: => 656.3 MB temporary data Removed.
The system needed a reboot..
==== End of Fixlog 12:25:37 ====
Muss ich da noch etwas beachten, oder ist so ein Verhalten normal? Edit: Habe jetzt die Bereinigung ausgeführt. Ich habe (weil ich mich verlesen habe) zuerst Combofix deinstalliert und dann erst Defogger laufen lassen, also mit falscher Reihenflolge. Ist das ein Problem? Code:
ATTFilter # DelFix v1.010 - Datei am 16/06/2015 um 16:54:55 erstellt
# Aktualisiert am 26/04/2015 von Xplode
# Benutzer : Andreas - ANDREAS-PC
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\RegBackup
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Users\Andreas\Desktop\Addition.txt
Gelöscht : C:\Users\Andreas\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\Andreas\Desktop\AdwCleaner_4.206.exe
Gelöscht : C:\Users\Andreas\Desktop\Defogger.exe
Gelöscht : C:\Users\Andreas\Desktop\defogger_disable.log
Gelöscht : C:\Users\Andreas\Desktop\defogger_enable.log
Gelöscht : C:\Users\Andreas\Desktop\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\Andreas\Desktop\Fixlog.txt
Gelöscht : C:\Users\Andreas\Desktop\FRST.txt
Gelöscht : C:\Users\Andreas\Desktop\FRST64.exe
Gelöscht : C:\Users\Andreas\Desktop\FRST_2.txt
Gelöscht : C:\Users\Andreas\Desktop\FRST_3.txt
Gelöscht : C:\Users\Andreas\Desktop\JRT.exe
Gelöscht : C:\Users\Andreas\Desktop\JRT.txt
Gelöscht : C:\Users\Andreas\Desktop\Log_CFIX.txt
Gelöscht : C:\Users\Andreas\Desktop\log_ESET.txt
Gelöscht : C:\Users\Andreas\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #609 [ComboFix created restore point | 06/16/2015 14:04:45]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
Geändert von lab-star (16.06.2015 um 15:58 Uhr) |
|
17.06.2015, 05:35
| #12 |
| /// the machine /// TB-Ausbilder | PUA/iLivid.Gen auf Win7x64 Notebook Nee kein Problem
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.06.2015, 12:53
| #13 |
| | PUA/iLivid.Gen auf Win7x64 Notebook Ist die Bereinigung damit also abgeschlossen?  |
|
17.06.2015, 20:02
| #14 |
| /// the machine /// TB-Ausbilder | PUA/iLivid.Gen auf Win7x64 Notebook genau
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.06.2015, 08:43
| #15 |
| |  PUA/iLivid.Gen auf Win7x64 Notebook Na dann, ... bleibt nur noch eins zu tun: Diesmal hat es zwar etwas länger in Anspruch genommen, was aber daran lag, dass ich nur sehr unregelmäßig Zeit hatte. Deshalb: Vielen Dank für die kompetente und geduldige Unterstützung bei der Bereinigung meines Notebooks.  Beste Grüße!  |
|
| Themen zu PUA/iLivid.Gen auf Win7x64 Notebook |
| adware/seasuite.inze, antivir, converter, desktop, fehler, fehlercode 22, fehlercode 28, hdd0(c:), lsass.exe, malware, monitor, notebook, problem, programm, prozesse, pua/ilivid.gen, rundll, schädling, security, services.exe, software, svchost.exe, this device is disabled. (code 22), winlogon.exe |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
