|
Log-Analyse und Auswertung: Kurz durchchecken erbetenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.07.2015, 09:42 | #1 |
| Kurz durchchecken erbeten Hallo, ich habe vor ca. 3 Monaten mein W7 Ultimate neu aufgesetzt und komme seitdem nicht auf die Geschwindigkeit von früher. Habe vieles untersucht, aber die Ursache nicht gefunden. Daher habe ich Loki vor ca. 13h Stunden gestartet und es läuft und ... (war auf meinem 2. PC viiiel schneller) Bisherige Ergebnisse von Loki habe ich beigefügt: Code:
ATTFilter Jul 21 22:00:51 R-PC-SAM LOKI: LOKI - Starting Loki Scan on R-PC-SAM Jul 21 22:00:51 R-PC-SAM LOKI: Current user has admin rights - very good Jul 21 22:00:51 R-PC-SAM LOKI: Setting LOKI process with PID: 5076 to priority IDLE Jul 21 22:00:51 R-PC-SAM LOKI: File Name Characteristics initialized with 252 regex patterns Jul 21 22:00:52 R-PC-SAM LOKI: Malware Hashes initialized with 5408 hashes Jul 21 22:00:52 R-PC-SAM LOKI: False Positive Hashes initialized with 19 hashes Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_alienspy_rat.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_anthem_deeppanda.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_apt17_malware.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_apt28.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_apt30_backspace.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_backdoor_ssh_python.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_backspace.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_blackenergy_2.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_blackenergy_installer.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_casper.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_coreimpact_agent.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_fidelis_phishing_plain_sight.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_hackingteam_rules.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_hellsing_kaspersky.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_kaspersky_duqu2.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_laudanum_webshells.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_miniasp.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_minidionis.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_naikon.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_op_cleaver.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_passthehashtoolkit.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_poisonivy.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_poisonivy_gen3.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_putterpanda.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_scanbox_deeppanda.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_seaduke_unit42.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_shamoon.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_skeletonkey.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_snowglobe_babar.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_sofacy_xtunnel_bundestag.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_volatile_cedar.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_waterbug.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_webshell_chinachopper.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_wildneutron.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_woolengoldfish.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_antifw_installrex.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_bernhard_pos.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_buzus_softpulse.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_cmstar.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_cryptowall_svg.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_dexter_trojan.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_dridex_xml.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_enfal.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_kins_dropper.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_kraken_bot1.yar Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_malumpos.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from crime_malware_generic.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from crime_mikey_trojan.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from crime_rombertik_carbongrabber.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from exploit_cve_2015_1674.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from exploit_cve_2015_1701.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from exploit_uac_elevators.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from general_cloaking.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from general_officemacros.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from generic_anomalies.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from generic_cryptors.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from generic_lsass_dump.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from pup_lightftp.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from spy_equation_fiveeyes.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from spy_querty_fiveeyes.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from spy_regin_fiveeyes.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from thor-hacktools.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from thor-webshells.yar Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from thor_inverse_matches.yar Jul 21 22:00:54 R-PC-SAM LOKI: Initialized Yara rules from threat_lenovo_superfish.yar Jul 21 22:00:57 R-PC-SAM LOKI: Skipping Process - PID: 0 NAME: System Idle Process CMD: N/A Jul 21 22:00:57 R-PC-SAM LOKI: Skipping Process - PID: 4 NAME: System CMD: N/A Jul 21 22:00:57 R-PC-SAM LOKI: Scanning Process - PID: 408 NAME: smss.exe CMD: \SystemRoot\System32\smss.exe Jul 21 22:00:59 R-PC-SAM LOKI: Scanning Process - PID: 560 NAME: csrss.exe CMD: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 Jul 21 22:01:10 R-PC-SAM LOKI: Scanning Process - PID: 644 NAME: wininit.exe CMD: wininit.exe Jul 21 22:01:21 R-PC-SAM LOKI: Scanning Process - PID: 660 NAME: csrss.exe CMD: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 Jul 21 22:03:20 R-PC-SAM LOKI: Scanning Process - PID: 692 NAME: services.exe CMD: C:\Windows\system32\services.exe Jul 21 22:03:33 R-PC-SAM LOKI: Scanning Process - PID: 716 NAME: lsass.exe CMD: C:\Windows\system32\lsass.exe Jul 21 22:03:45 R-PC-SAM LOKI: Scanning Process - PID: 724 NAME: lsm.exe CMD: C:\Windows\system32\lsm.exe Jul 21 22:03:53 R-PC-SAM LOKI: Scanning Process - PID: 848 NAME: winlogon.exe CMD: winlogon.exe Jul 21 22:04:04 R-PC-SAM LOKI: Scanning Process - PID: 876 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k DcomLaunch Jul 21 22:04:29 R-PC-SAM LOKI: Scanning Process - PID: 932 NAME: hmpalert.exe CMD: "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /service Jul 21 22:05:00 R-PC-SAM LOKI: Scanning Process - PID: 112 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k RPCSS Jul 21 22:05:15 R-PC-SAM LOKI: Scanning Process - PID: 464 NAME: MsMpEng.exe CMD: "c:\Program Files\Microsoft Security Client\MsMpEng.exe" Jul 21 22:05:16 R-PC-SAM LOKI: Scanning Process - PID: 1044 NAME: atiesrxx.exe CMD: C:\Windows\system32\atiesrxx.exe Jul 21 22:05:23 R-PC-SAM LOKI: Scanning Process - PID: 1084 NAME: svchost.exe CMD: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1116 NAME: svchost.exe CMD: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1144 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k LocalService Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1176 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k netsvcs Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1248 NAME: audiodg.exe CMD: N/A Jul 21 22:05:24 R-PC-SAM LOKI: Error while process memory Yara check (maybe the process doesn't exist anymore or access denied). PID: 1248 NAME: audiodg.exe Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1280 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k GPSvcGroup Jul 21 22:05:34 R-PC-SAM LOKI: Scanning Process - PID: 1376 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k NetworkService Jul 21 22:05:34 R-PC-SAM LOKI: Scanning Process - PID: 1420 NAME: atieclxx.exe CMD: atieclxx Jul 21 22:05:45 R-PC-SAM LOKI: Scanning Process - PID: 1684 NAME: dwm.exe CMD: "C:\Windows\system32\Dwm.exe" Jul 21 22:05:46 R-PC-SAM LOKI: Scanning Process - PID: 1708 NAME: explorer.exe CMD: C:\Windows\Explorer.EXE Jul 21 22:05:46 R-PC-SAM LOKI: Scanning Process - PID: 1804 NAME: spoolsv.exe CMD: C:\Windows\System32\spoolsv.exe Jul 21 22:05:46 R-PC-SAM LOKI: Scanning Process - PID: 1832 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork Jul 21 22:06:08 R-PC-SAM LOKI: Scanning Process - PID: 1924 NAME: SASCore64.exe CMD: "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" Jul 21 22:06:13 R-PC-SAM LOKI: Scanning Process - PID: 1948 NAME: armsvc.exe CMD: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" Jul 21 22:06:34 R-PC-SAM LOKI: Scanning Process - PID: 1968 NAME: taskhost.exe CMD: "taskhost.exe" Jul 21 22:06:34 R-PC-SAM LOKI: Scanning Process - PID: 1476 NAME: CSUService.exe CMD: "C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe" Jul 21 22:06:39 R-PC-SAM LOKI: Scanning Process - PID: 1656 NAME: taskeng.exe CMD: taskeng.exe {9D5894CD-8FC4-425A-9D04-4FCE6D36F543} Jul 21 22:06:50 R-PC-SAM LOKI: Scanning Process - PID: 1224 NAME: taskeng.exe CMD: taskeng.exe {7BC0A81E-A565-4448-A827-10ED99D11BFA} Jul 21 22:06:50 R-PC-SAM LOKI: Scanning Process - PID: 2092 NAME: dmhkcore.exe CMD: "C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe" Jul 21 22:06:50 R-PC-SAM LOKI: Scanning Process - PID: 2136 NAME: EasySpeedUpManager.exe CMD: "C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe" Jul 21 22:07:24 R-PC-SAM LOKI: Scanning Process - PID: 2172 NAME: svchost.exe CMD: C:\Windows\System32\svchost.exe -k utcsvc Jul 21 22:07:59 R-PC-SAM LOKI: Scanning Process - PID: 2208 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation Jul 21 22:08:17 R-PC-SAM LOKI: Scanning Process - PID: 2220 NAME: CSU_CLI.exe CMD: CSU_CLI.exe /service "Privat" Jul 21 22:08:27 R-PC-SAM LOKI: Scanning Process - PID: 2268 NAME: conhost.exe CMD: \??\C:\Windows\system32\conhost.exe "20735904221079000574-98850395915018174171254029655-1733218429-97365389-726453048 Jul 21 22:08:41 R-PC-SAM LOKI: Scanning Process - PID: 2296 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k imgsvc Jul 21 22:08:51 R-PC-SAM LOKI: Scanning Process - PID: 2492 NAME: SWMAgent.exe CMD: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe" /SERVICE Jul 21 22:09:35 R-PC-SAM LOKI: Scanning Process - PID: 3028 NAME: NisSrv.exe CMD: "c:\Program Files\Microsoft Security Client\NisSrv.exe" Jul 21 22:09:35 R-PC-SAM LOKI: Scanning Process - PID: 3060 NAME: WmiPrvSE.exe CMD: C:\Windows\system32\wbem\wmiprvse.exe Jul 21 22:09:53 R-PC-SAM LOKI: Scanning Process - PID: 3092 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted Jul 21 22:10:04 R-PC-SAM LOKI: Scanning Process - PID: 3100 NAME: WUDFHost.exe CMD: "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-09ff0b5c-47c4-4fae-a6d7-106f81dd8ba3 -SystemEventPortName:HostProcess-f72df7d3-2d02-4586-9703-d316bcb359af -IoCancelEventPortName:HostProcess-b5a71f87-6c1c-4df0-b193-f1f14b09f5e3 -NonStateChangingEventPortName:HostProcess-1700c18a-8b25-4769-a88b-0d3973b537bf -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2ccec8ac-a90d-4df2-b2b0-6f5239905d39 -DeviceGroupId: Jul 21 22:10:16 R-PC-SAM LOKI: Scanning Process - PID: 3360 NAME: msseces.exe CMD: "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey Jul 21 22:10:16 R-PC-SAM LOKI: Scanning Process - PID: 3420 NAME: SynTPEnh.exe CMD: "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" Jul 21 22:10:32 R-PC-SAM LOKI: Scanning Process - PID: 3456 NAME: sidebar.exe CMD: "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun Jul 21 22:10:32 R-PC-SAM LOKI: Scanning Process - PID: 3724 NAME: jusched.exe CMD: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Jul 21 22:11:05 R-PC-SAM LOKI: Scanning Process - PID: 3768 NAME: GWX.exe CMD: "C:\Windows\system32\GWX\GWX.exe" Jul 21 22:11:19 R-PC-SAM LOKI: Scanning Process - PID: 3920 NAME: SynTPHelper.exe CMD: "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" Jul 21 22:11:25 R-PC-SAM LOKI: Scanning Process - PID: 3952 NAME: sppsvc.exe CMD: C:\Windows\system32\sppsvc.exe Jul 21 22:11:25 R-PC-SAM LOKI: Scanning Process - PID: 384 NAME: SearchIndexer.exe CMD: C:\Windows\system32\SearchIndexer.exe /Embedding Jul 21 22:11:25 R-PC-SAM LOKI: Scanning Process - PID: 3276 NAME: wmpnetwk.exe CMD: "C:\Program Files\Windows Media Player\wmpnetwk.exe" Jul 21 22:11:25 R-PC-SAM LOKI: Scanning Process - PID: 4108 NAME: OSPPSVC.EXE CMD: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 4752 NAME: WmiPrvSE.exe CMD: C:\Windows\system32\wbem\wmiprvse.exe Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 4984 NAME: SearchProtocolHost.exe CMD: "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 5036 NAME: SearchFilterHost.exe CMD: "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 5064 NAME: svchost.exe CMD: C:\Windows\System32\svchost.exe -k LocalServicePeerNet Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 4916 NAME: dllhost.exe CMD: C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} Jul 21 22:11:49 R-PC-SAM LOKI: Scanning Process - PID: 4280 NAME: dllhost.exe CMD: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Jul 21 22:11:50 R-PC-SAM LOKI: Scanning Process - PID: 4660 NAME: dllhost.exe CMD: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Jul 21 22:11:50 R-PC-SAM LOKI: Scanning Process - PID: 4684 NAME: loki.exe CMD: "C:\Users\Privat\Downloads\Loki-master\loki.exe" Jul 21 22:11:57 R-PC-SAM LOKI: Scanning Process - PID: 4692 NAME: conhost.exe CMD: \??\C:\Windows\system32\conhost.exe "822610080-1686439532-1325782899755985077184518994520709333302144374254-226365112 Jul 21 22:12:23 R-PC-SAM LOKI: Skipping LOKI Process - PID: 5076 NAME: loki.exe CMD: "C:\Users\Privat\Downloads\Loki-master\loki.exe" Jul 21 22:12:23 R-PC-SAM LOKI: Scanning Process - PID: 5088 NAME: dllhost.exe CMD: C:\Windows\SysWOW64\DllHost.exe /Processid:{1EF75F33-893B-4E8F-9655-C3D602BA4897} Jul 21 22:12:23 R-PC-SAM LOKI: Scanning Process - PID: 4720 NAME: WmiPrvSE.exe CMD: C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding Jul 21 22:12:42 R-PC-SAM LOKI: Scanning C:\ ... Jul 22 00:10:29 R-PC-SAM LOKI: Yara Rule MATCH: winlogon_ANOMALY DESCRIPTION: Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file winlogon.exe FILE: C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\winlogon.exe MD5: 0692c8163852ab5674e2eb3b36131ef3 SHA1: fbb31614657ea6eb677f8a6fbbe483a648873d37 SHA256: 69632a1fbe055c0fc339e87468acec70091ef47e9050d6bf921d2b6be7c510be MATCHES: Jul 22 02:24:24 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_explorer.exe_d4317d41fe572551419a6cb857b4fc9cd93b5313_cab_0fe1057d\WER2A3.tmp.mdmp Jul 22 02:24:45 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_explorer.exe_d4317d41fe572551419a6cb857b4fc9cd93b5313_cab_0fe1057d\WERE488.tmp.hdmp Jul 22 02:25:35 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_firefox.exe_dd67a38bcc6a7e54f3131e972d525b6b67ed061_cab_1490344a\WER1CE8.tmp.mdmp Jul 22 02:26:08 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_firefox.exe_dd67a38bcc6a7e54f3131e972d525b6b67ed061_cab_1490344a\WERED8E.tmp.hdmp Jul 22 02:36:10 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\1d9c2c02-a3d9-4436-8ef4-039c716dea21.dmp Jul 22 02:36:10 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\5e736551-77ed-43c0-9f4d-249b9805e27f.dmp Jul 22 02:36:11 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\611275f7-8079-4127-b079-e11b1df1b4b0-browser.dmp Jul 22 02:36:11 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\611275f7-8079-4127-b079-e11b1df1b4b0-flash1.dmp Jul 22 02:36:11 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\611275f7-8079-4127-b079-e11b1df1b4b0-flash2.dmp Jul 22 02:36:11 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\611275f7-8079-4127-b079-e11b1df1b4b0.dmp Jul 22 02:37:16 R-PC-SAM LOKI: Yara Rule MATCH: HackTool_Samples DESCRIPTION: Hacktool FILE: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\extensions\https-everywhere@eff.org\defaults\rulesets.sqlite MD5: 241d7ebf4f8137a64739154546096bd1 SHA1: 25adbff4ac7e1d4b46402516074008ab21b507dc SHA256: a467aeac91b44e995207e55c208e975162babb7118fc6f17b1d153a0fb031bb1 MATCHES: Str1: objectif-securite Jul 22 06:15:22 R-PC-SAM LOKI: Yara Rule MATCH: Regin_Related_Malware DESCRIPTION: Malware Sample - maybe Regin related FILE: C:\Users\Privat\Downloads\ReginScanner-master\regin_rules.yar MD5: 763a69f4de3827f117b63dbb2f609632 SHA1: 7590618cd786c7f9311dc412304391133409d0f0 SHA256: b0836411555f066cfbfa2b294e4f9f725233c38ec55e029a7f01b2cc9ef69d97 MATCHES: Str1: %x:%x:%x:%x:%x:%x:%x:%x%c Str2: disp.dll Str3: %d.%d.%d.%d%c FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by Privat (ATTENTION: The logged in user is not administrator) on R-PC-SAM on 22-07-2015 10:27:53 Running from C:\Users\Privat\Downloads\FRST Loaded Profiles: R & Privat (Available Profiles: R & Coach & Privat) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> winlogon.exe Failed to access process -> svchost.exe Failed to access process -> hmpalert.exe Failed to access process -> svchost.exe Failed to access process -> MsMpEng.exe Failed to access process -> atiesrxx.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> atieclxx.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> SASCore64.exe Failed to access process -> armsvc.exe Failed to access process -> CSUService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> CSU_CLI.exe Failed to access process -> conhost.exe Failed to access process -> svchost.exe Failed to access process -> SWMAgent.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe Failed to access process -> SearchIndexer.exe Failed to access process -> wmpnetwk.exe Failed to access process -> OSPPSVC.EXE Failed to access process -> svchost.exe Failed to access process -> dllhost.exe () C:\Users\Privat\Downloads\Loki-master\loki.exe () C:\Users\Privat\Downloads\Loki-master\loki.exe Failed to access process -> NisSrv.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe Failed to access process -> TrustedInstaller.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SearchFilterHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-03] (Microsoft Corporation) Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] () ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://zeus.daa.de/ URLSearchHook: [S-1-5-21-1269753938-3578349479-3780603664-1001] ATTENTION ==> Default URLSearchHook is missing SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{577C61D7-1B72-41BF-A1D7-2A177E50DDC8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{97B1E5B2-DDE4-4846-98AF-3ED3951786B1}: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default FF NewTab: www.google.de FF Homepage: hxxp://www.google.de|www.yahoo.de|hxxp://science.orf.at/|hxxp://www.ard-text.de/|hxxp://www.checkliste.de/selbstmanagement/bewerbung-und-job/|hxxp://zattoo.com/watch/ard|hxxp://www.karriereakademie.de/karriereblog/40-eigene-fragen-im-vorstellungsgespraech|https://mail.daa.de/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1 FF NetworkProxy: "socks_remote_dns", true FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Extension: FoxyProxy Standard - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\foxyproxy@eric.h.jung [2015-06-02] FF Extension: HTTPS-Everywhere - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\https-everywhere@eff.org [2015-07-19] FF Extension: WEB.DE MailCheck - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\mailcheck@web.de [2015-06-18] FF Extension: Bitdefender QuickScan - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-06-02] FF Extension: Deutsch (DE) Language Pack - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-06-10] FF Extension: Locale Switcher - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-06-10] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-07-18] FF Extension: Adblock Plus - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-03] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-06-02] (SurfRight B.V.) S3 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2480640 2014-05-27] () [File not signed] R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S3 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.) S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-03] (Disc Soft Ltd) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-05-09] (Acronis International GmbH) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-06-02] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2015-05-05] (Paragon Software Group) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-10] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2015-05-23] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-05-09] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-05-09] (Acronis International GmbH) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2015-05-05] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2015-05-05] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701320 2015-05-05] () R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2015-05-16] (Vimicro Corporation) S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X] S4 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S4 tsusbhub; system32\drivers\tsusbhub.sys [X] S4 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-21 13:53 - 2015-07-21 22:00 - 00000000 ____D C:\Users\Privat\Downloads\Loki-master 2015-07-21 09:28 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-21 09:28 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-21 09:28 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-21 09:28 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-21 09:28 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-21 09:28 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-21 09:28 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-21 09:28 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-21 09:28 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-21 09:28 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-20 14:49 - 2015-07-20 14:50 - 00000000 ____D C:\Users\Privat\Downloads\ReginScanner-master 2015-07-18 23:08 - 2015-07-21 21:58 - 00000336 _____ C:\Windows\setupact.log 2015-07-18 23:08 - 2015-07-18 23:08 - 00000000 _____ C:\Windows\setuperr.log 2015-07-18 10:01 - 2015-07-18 10:02 - 00000000 ____D C:\Users\R\AppData\Roaming\vlc 2015-07-18 09:46 - 2015-07-18 09:46 - 00001001 _____ C:\Users\Public\Desktop\COMODO System Utilities.lnk 2015-07-18 09:46 - 2015-07-18 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2015-07-18 09:45 - 2015-07-18 09:45 - 00000000 ____D C:\Program Files\COMODO 2015-07-17 18:02 - 2015-07-19 10:01 - 00000000 ____D C:\Users\Privat\MediathekView 2015-07-17 17:57 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Sun 2015-07-17 17:57 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-07-17 17:57 - 2015-07-17 17:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-07-17 17:56 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Oracle 2015-07-17 17:56 - 2015-07-17 17:56 - 00000000 ____D C:\Program Files (x86)\Java 2015-07-17 17:55 - 2015-07-17 17:55 - 00562784 _____ (Oracle Corporation) C:\Users\Privat\Downloads\jxpiinstall(1).exe 2015-07-17 17:35 - 2015-07-17 17:37 - 64954368 _____ C:\Users\Privat\Downloads\calibre-2.32.0.msi 2015-07-17 16:53 - 2015-07-17 14:53 - 00000052 _____ C:\Users\Privat\Documents\KlimaLoggPro.log 2015-07-17 14:53 - 2015-07-12 17:22 - 00000052 _____ C:\Users\Privat\Documents\2015_07_17-KlimaLoggPro.log 2015-07-17 13:02 - 2015-07-17 13:02 - 00000000 ____D C:\Users\Privat\Downloads\Stiftung Warentest 2015-07-17 12:23 - 2015-07-17 12:23 - 00028396 _____ C:\Users\Privat\AppData\Local\recently-used.xbel 2015-07-15 19:49 - 2015-07-15 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-07-15 19:48 - 2015-07-15 19:48 - 22437104 _____ (SUPERAntiSpyware) C:\Users\R\Downloads\SUPERAntiSpyware(1).exe 2015-07-15 10:36 - 2015-07-15 10:36 - 00000000 ____D C:\Users\Privat\AppData\Local\CEF 2015-07-14 19:24 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-14 19:24 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-14 19:24 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-14 19:24 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-14 19:24 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-14 19:24 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-14 19:24 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-14 19:24 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-14 19:24 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-14 19:24 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-14 19:24 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-14 19:24 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-14 19:24 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-14 19:24 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-14 19:24 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-07-14 19:24 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-14 19:24 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-14 19:24 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-14 19:24 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-07-14 19:24 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-07-14 19:24 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-14 19:24 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-14 19:24 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-14 19:24 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-07-14 19:24 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-07-14 19:24 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-07-14 19:24 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-14 19:24 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-07-14 19:24 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-14 19:24 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-14 19:24 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-14 19:24 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-14 19:24 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-14 19:24 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-14 19:24 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-07-14 19:24 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-14 19:24 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-07-14 19:24 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-14 19:24 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-14 19:24 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-14 19:24 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-07-14 19:24 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-14 19:24 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-14 19:24 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-14 19:24 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-14 19:24 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-07-14 19:24 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-14 19:24 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-07-14 19:24 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-14 19:24 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-14 19:24 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-14 19:24 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-14 19:24 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-14 19:24 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-07-14 19:24 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-14 19:24 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-07-14 19:24 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-07-14 19:24 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-07-14 19:23 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-14 19:23 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-14 19:23 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-07-14 19:23 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-07-14 19:23 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-07-14 19:23 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-07-14 19:23 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-07-14 19:23 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-07-14 19:23 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-07-14 19:23 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-07-14 19:23 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-14 19:23 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-07-14 19:23 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-07-14 19:23 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-07-14 19:23 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-07-14 19:23 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-07-14 19:23 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-14 19:23 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-14 19:23 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-14 19:23 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-07-14 19:23 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-14 19:23 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-07-14 19:23 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-14 19:23 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-14 19:23 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-14 19:23 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-14 19:23 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-14 19:23 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-14 19:23 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-14 19:23 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-14 19:23 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-14 19:23 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-14 19:23 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-14 19:23 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-14 19:23 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-14 19:23 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-07-14 19:23 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-07-14 19:23 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-07-14 19:23 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-07-14 19:23 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-07-14 19:23 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-07-14 19:23 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-07-14 19:22 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-14 19:22 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-14 19:22 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-14 19:22 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-07-14 19:22 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-14 19:22 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-14 19:22 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-14 19:22 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-14 19:22 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-14 19:22 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-14 19:22 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-14 19:22 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-14 19:22 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-14 19:22 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-14 19:22 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-14 19:22 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-14 19:22 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-12 17:22 - 2015-06-24 17:26 - 00000052 _____ C:\Users\Privat\Documents\2015_07_12-KlimaLoggPro.log 2015-07-12 17:11 - 2015-07-12 17:11 - 00000000 ____D C:\Program Files\CDBurnerXP 2015-07-12 10:39 - 2015-07-12 10:39 - 00000000 ____D C:\Users\R\AppData\Local\GWX 2015-07-11 05:28 - 2015-07-11 05:28 - 00000000 ____D C:\Users\Privat\AppData\Local\GWX 2015-07-10 18:06 - 2015-07-10 18:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-07-10 18:06 - 2015-07-10 18:06 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-03 15:05 - 2015-07-14 19:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-07-03 15:05 - 2015-07-03 15:05 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-07-03 15:05 - 2015-07-03 15:05 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-03 15:00 - 2015-07-03 15:00 - 01384576 _____ (Skype Technologies S.A.) C:\Users\Privat\Downloads\SkypeSetup(1).exe 2015-07-03 14:59 - 2015-07-05 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-01 00:17 - 2015-07-01 00:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.1.8.1057.exe 2015-06-30 16:03 - 2015-06-30 16:03 - 00000000 ____D C:\Users\Privat\AppData\Local\webkit 2015-06-29 06:33 - 2015-06-29 06:34 - 22304376 _____ (SUPERAntiSpyware) C:\Users\R\Downloads\SUPERAntiSpyware.exe 2015-06-28 14:05 - 2015-07-22 10:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-28 11:48 - 2015-06-28 11:48 - 00001571 _____ C:\Users\Privat\Desktop\pkColorPicker.lnk 2015-06-28 11:46 - 2015-06-28 22:45 - 00000000 ____D C:\Users\Privat\Downloads\Color 2015-06-24 17:55 - 2015-06-24 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2015-06-24 17:26 - 2015-05-14 11:36 - 00000364 _____ C:\Users\Privat\Documents\2015_06_24-KlimaLoggPro.log 2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2015-06-23 21:54 - 2015-06-23 21:55 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype 2015-06-23 21:54 - 2015-06-23 21:54 - 00000000 ____D C:\Users\R\AppData\Local\Skype 2015-06-23 21:47 - 2015-06-23 21:50 - 64892928 _____ C:\Users\Privat\Downloads\calibre-2.31.0.msi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-22 10:29 - 2015-05-03 16:02 - 01491276 _____ C:\Windows\WindowsUpdate.log 2015-07-22 10:28 - 2015-03-28 09:26 - 00000000 ____D C:\FRST 2015-07-22 10:27 - 2015-05-03 19:43 - 00000000 ____D C:\Users\Privat\Downloads\FRST 2015-07-22 10:24 - 2015-05-03 20:39 - 00000000 ____D C:\Windows\CryptoGuard 2015-07-22 10:07 - 2015-05-23 20:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-22 06:07 - 2015-05-23 20:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-22 01:27 - 2009-07-14 06:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-22 01:27 - 2009-07-14 06:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-21 22:12 - 2015-05-03 19:29 - 00000000 ____D C:\Users\Privat\Documents\Birkenring 40 2015-07-21 22:00 - 2015-05-03 21:14 - 00000000 ____D C:\Users\Privat\Documents\Outlook-Dateien 2015-07-21 21:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-21 13:51 - 2009-07-14 06:45 - 00523464 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-20 21:46 - 2014-12-22 05:01 - 00000000 ____D C:\AdwCleaner 2015-07-19 10:07 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\vlc 2015-07-19 06:45 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\.mediathek3 2015-07-18 09:47 - 2015-05-03 16:27 - 00000000 ____D C:\Users\R 2015-07-18 09:23 - 2015-05-03 19:29 - 00000000 ____D C:\Users\Privat\Documents\DAA GVM 2015-07-17 18:02 - 2015-05-03 18:40 - 00000000 ____D C:\Users\Privat 2015-07-17 17:41 - 2015-05-07 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-07-17 17:41 - 2015-05-07 07:50 - 00000000 ____D C:\Program Files (x86)\Calibre2 2015-07-17 17:41 - 2015-05-03 18:36 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2015-07-17 14:57 - 2015-05-14 12:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1.tmp 2015-07-17 14:57 - 2015-05-14 12:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1 2015-07-17 14:57 - 2015-05-03 19:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\KlimaLoggPro 2015-07-17 12:23 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\.gimp-2.8 2015-07-17 12:22 - 2015-05-03 19:25 - 00000000 ____D C:\Users\Privat\AppData\Local\gtk-2.0 2015-07-17 12:22 - 2009-07-14 19:58 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-07-17 12:22 - 2009-07-14 19:58 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-07-17 12:22 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-17 08:15 - 2015-05-14 11:33 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-07-15 20:11 - 2015-05-14 19:43 - 00007630 _____ C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-07-15 20:01 - 2015-05-03 19:28 - 00000000 ___RD C:\Users\Privat\Desktop\Admi 2015-07-15 19:49 - 2015-05-14 11:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-07-15 08:40 - 2015-05-15 09:04 - 00000842 _____ C:\Users\Privat\AppData\Roaming\Drives Meter_Settings.ini 2015-07-14 20:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-14 20:15 - 2015-05-12 08:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-14 20:15 - 2015-05-12 08:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-14 19:47 - 2015-05-03 16:38 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-14 19:43 - 2015-05-03 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-14 19:36 - 2015-05-03 16:35 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 19:26 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Local\Adobe 2015-07-14 19:25 - 2015-05-03 20:31 - 00000000 ____D C:\Users\R\AppData\Local\Adobe 2015-07-12 22:55 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\dvdcss 2015-07-12 17:19 - 2015-05-07 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-12 17:11 - 2015-05-04 11:37 - 00001692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-07-12 17:11 - 2015-05-03 18:36 - 00001742 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-07-12 05:57 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\DAEMON Tools Lite 2015-07-12 05:37 - 2015-05-14 15:12 - 00000000 ____D C:\Users\Privat\Downloads\Sysinternals Suite 2015-07-10 19:28 - 2015-05-03 16:38 - 00000000 ____D C:\Windows\system32\appraiser 2015-07-10 19:01 - 2015-05-03 18:45 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-09 21:35 - 2015-05-07 07:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-07-08 15:07 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\MyPhoneExplorer 2015-07-06 23:24 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe 2015-07-06 18:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-05 21:51 - 2015-05-03 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-05 13:18 - 2015-05-03 21:14 - 00000000 ____D C:\Users\Privat\Documents\Goethe Schule 2015-07-05 12:08 - 2015-05-03 16:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-03 15:05 - 2015-05-03 20:35 - 00000000 ____D C:\ProgramData\Adobe 2015-07-03 15:02 - 2015-05-08 19:42 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Skype 2015-07-03 15:01 - 2015-05-08 19:41 - 00000000 ____D C:\ProgramData\Skype 2015-07-03 08:43 - 2015-05-03 16:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-07-01 21:39 - 2015-05-03 18:48 - 00000000 ____D C:\Program Files\CCleaner 2015-07-01 00:19 - 2015-05-03 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-07-01 00:19 - 2015-05-03 18:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-24 18:30 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Mp3tag 2015-06-24 17:55 - 2015-05-03 20:20 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2015-06-24 17:55 - 2015-05-03 19:44 - 00000000 ____D C:\Users\Privat\Downloads\Mp3Tag 2015-06-24 17:47 - 2015-05-03 19:44 - 00000000 ____D C:\Users\Privat\Downloads\Microsoft Safety Scanner 2015-06-24 12:35 - 2015-05-08 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-06-23 21:55 - 2015-05-08 18:48 - 00003019 _____ C:\Windows\system32\TeamViewer10_Hooks.log 2015-06-23 21:54 - 2015-05-08 18:47 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-06-23 21:53 - 2015-06-21 14:24 - 00001121 _____ C:\Users\R\Desktop\CyberLink YouCam.lnk ==================== Files in the root of some directories ======= 2015-05-03 19:20 - 2015-01-25 15:16 - 0000093 _____ () C:\Users\Privat\AppData\Roaming\ARCompanion.log 2015-05-15 09:04 - 2015-07-15 08:40 - 0000842 _____ () C:\Users\Privat\AppData\Roaming\Drives Meter_Settings.ini 2015-07-17 12:23 - 2015-07-17 12:23 - 0028396 _____ () C:\Users\Privat\AppData\Local\recently-used.xbel 2015-05-09 11:11 - 2015-05-09 11:11 - 0000043 ___SH () C:\ProgramData\.zreglib 2015-05-23 09:16 - 2015-05-23 09:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-05-14 12:14 - 2015-07-17 14:57 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1 2015-05-14 12:14 - 2015-07-17 14:57 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1.tmp 2015-05-07 12:33 - 2015-05-07 12:33 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore Some files in TEMP: ==================== C:\Users\R\AppData\Local\Temp\Quarantine.exe C:\Users\R\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015 Ran by Privat at 2015-07-22 10:30:29 Running from C:\Users\Privat\Downloads\FRST Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1269753938-3578349479-3780603664-500 - Administrator - Disabled) Coach (S-1-5-21-1269753938-3578349479-3780603664-1003 - Limited - Enabled) => C:\Users\Coach Gast (S-1-5-21-1269753938-3578349479-3780603664-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1269753938-3578349479-3780603664-1002 - Limited - Enabled) Privat (S-1-5-21-1269753938-3578349479-3780603664-1004 - Limited - Enabled) => C:\Users\Privat R (S-1-5-21-1269753938-3578349479-3780603664-1001 - Administrator - Enabled) => C:\Users\R ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Acronis True Image 2015 (HKLM-x32\...\{08DC7D7A-1CA0-4E96-B12F-9B9577FCF0F8}Visible) (Version: 18.0.6525 - Acronis) Acronis True Image 2015 (x32 Version: 18.0.6525 - Acronis) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{25107779-C295-EB3E-3C92-AC1B45680012}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) BatteryLifeExtender (HKLM-x32\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung) Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation) calibre (HKLM-x32\...\{10166EDF-AE11-45B8-B62C-CF56795D7686}) (Version: 2.32.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes) COMODO System Utilities (HKLM\...\{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}) (Version: 4.0.226743.26 - COMODO) Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google) Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version: - TFA Dostmann) Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.16.3 - Marvell) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.6 - Mozilla) Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Namuga 1.3M Webcam (HKLM-x32\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Paragon Festplatten Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software) Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7459 - Realtek Semiconductor Corp.) S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{C9347A74-CDAD-4076-B754-11752F6BE324}) (Version: 22.0.334.0 - Hewlett-Packard Co.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com) SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer) TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems) Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation) WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden Youtube Downloader HD v. 2.9.9.23 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 3 MSCONFIG\Services: AcrSch2Svc => 3 MSCONFIG\Services: AdobeARMservice => 3 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: afcdpsrv => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: CSUService => 3 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: Lexware_Update_Service => 2 MSCONFIG\Services: MBAMScheduler => 3 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: SkypeUpdate => 3 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: syncagentsrv => 3 MSCONFIG\Services: TeamViewer => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5B5BAAD7-C27A-433D-BF15-8D0466696919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{079FAD09-9EA7-421E-AADB-78B42598D130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{20034301-9439-4F46-AF5C-548B4F2C3809}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{1246295B-6556-44D9-AE3A-E4E573CE8430}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{C9AD7762-34D0-46EF-B212-938167D6034C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{5CF7127C-5FB7-4EE5-8704-DDFAB4E4A8BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{02CE4919-36F7-4A9E-B5A2-3218DA5F6B8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AF83AD2D-3A2B-43E9-91A2-89EE3B1FA357}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe FirewallRules: [{7C43FFFB-EDCD-4BFD-B1C7-4B3B261D3345}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe FirewallRules: [{8E13B30F-4358-4215-9B06-EB97420A34A2}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe FirewallRules: [{F48AC153-3B3D-4455-B792-CE825D18B5D3}] => (Allow) LPort=1900 FirewallRules: [{E69511C7-8E5A-4946-A703-72AFF079FD3D}] => (Allow) LPort=2869 FirewallRules: [{A1709944-5227-47E7-90C1-A74419ADFADD}] => (Allow) C:\Windows\ehome\ehrecvr.exe FirewallRules: [{AC489AC5-F72B-48C4-AAF9-ACB209AAFAC5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6C82E8B0-543E-497D-8811-23688FAA2D03}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{E8714BE3-A289-4D00-AB7F-4C84D6DF7F5D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{CE91B477-E531-4FBB-A876-7FCC8843DF48}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{679B012B-DC01-402F-922F-827322CABAFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{5DEB5DD9-88C0-46FB-B5A9-3A85BE3605A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3CE87CCD-153A-4419-B215-F83AEFBEFB17}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{DB19EFF8-415C-43DD-922B-7F8644FF663F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2015 01:23:23 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/21/2015 02:19:22 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/21/2015 01:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 39.0.0.5659 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1320 Startzeit: 01d0c3aa0d8a6109 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 5205dd46-2f9e-11e5-83a9-002454164d61 Error: (07/20/2015 10:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4a0 Startzeit: 01d0c324ea4306ed Endzeit: 39 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 1fdc5e8b-2f20-11e5-83a9-002454164d61 Error: (07/20/2015 07:52:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/19/2015 07:02:31 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/19/2015 06:40:21 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (07/18/2015 11:10:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (07/18/2015 11:40:56 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/18/2015 11:34:42 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. System errors: ============= Error: (07/21/2015 10:00:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/21/2015 02:02:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/21/2015 02:01:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/21/2015 01:53:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/20/2015 09:48:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "SAS Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "HitmanPro.Alert Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office: ========================= Error: (07/22/2015 01:23:23 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/21/2015 02:19:22 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/21/2015 01:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe39.0.0.5659132001d0c3aa0d8a610931C:\Program Files (x86)\Mozilla Firefox\firefox.exe5205dd46-2f9e-11e5-83a9-002454164d61 Error: (07/20/2015 10:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.175674a001d0c324ea4306ed39C:\Windows\Explorer.EXE1fdc5e8b-2f20-11e5-83a9-002454164d61 Error: (07/20/2015 07:52:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/19/2015 07:02:31 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/19/2015 06:40:21 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 Error: (07/18/2015 11:10:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 Error: (07/18/2015 11:40:56 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/18/2015 11:34:42 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 CodeIntegrity Errors: =================================== Date: 2015-07-22 10:29:31.417 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-22 10:23:55.269 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-22 07:11:12.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 21:58:49.446 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 19:59:09.076 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 14:55:48.565 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 14:33:12.124 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 13:51:23.314 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 13:46:10.618 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 09:22:53.692 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz Percentage of memory in use: 55% Total physical RAM: 3036.61 MB Available physical RAM: 1349.39 MB Total Virtual: 6071.43 MB Available Virtual: 4164.13 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:198.89 GB) (Free:16.5 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (Daten) (Fixed) (Total:131.39 GB) (Free:38.38 GB) NTFS Drive e: (temp) (Fixed) (Total:59.43 GB) (Free:5.35 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of log ============================ Danke Rainer Geändert von rk1757 (22.07.2015 um 09:56 Uhr) Grund: FRST64-Logs hinzugefügt |
22.07.2015, 10:08 | #2 |
/// the machine /// TB-Ausbilder | Kurz durchchecken erbeten Hi,
__________________FRST bitte nochmal, unsere Tools brauchen immer Adminrechte
__________________ |
22.07.2015, 10:53 | #3 |
| Hier die beiden FRST64-logs mit AdminrechtenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015 Ran by R (administrator) on R-PC-SAM on 22-07-2015 11:48:53 Running from C:\Users\Privat\Downloads\FRST Loaded Profiles: R & Privat (Available Profiles: R & Coach & Privat) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Comodo Security Solutions, Inc.) C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Comodo Security Solutions, Inc.) C:\Program Files\COMODO\COMODO System Utilities\CSU_CLI.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Users\Privat\Downloads\Loki-master\loki.exe () C:\Users\Privat\Downloads\Loki-master\loki.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S9].txt [9080 2015-07-20] () HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-03] (Microsoft Corporation) Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] () ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://zeus.daa.de/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{577C61D7-1B72-41BF-A1D7-2A177E50DDC8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{97B1E5B2-DDE4-4846-98AF-3ED3951786B1}: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\lun5y3m9.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.) FF Extension: WEB.DE MailCheck - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\lun5y3m9.default\Extensions\mailcheck@web.de [2015-05-30] FF Extension: Adblock Plus - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\lun5y3m9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-30] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com) R2 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-06-02] (SurfRight B.V.) S3 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2480640 2014-05-27] () [File not signed] S3 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S3 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.) S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-03] (Disc Soft Ltd) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-05-09] (Acronis International GmbH) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-06-02] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2015-05-05] (Paragon Software Group) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-10] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2015-05-23] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-05-09] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-05-09] (Acronis International GmbH) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2015-05-05] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2015-05-05] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701320 2015-05-05] () R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2015-05-16] (Vimicro Corporation) S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X] S4 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S4 tsusbhub; system32\drivers\tsusbhub.sys [X] S4 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-21 13:53 - 2015-07-21 22:00 - 00000000 ____D C:\Users\Privat\Downloads\Loki-master 2015-07-21 09:28 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-21 09:28 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-21 09:28 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-21 09:28 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-21 09:28 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-21 09:28 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-21 09:28 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-21 09:28 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-21 09:28 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-21 09:28 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-20 14:49 - 2015-07-20 14:50 - 00000000 ____D C:\Users\Privat\Downloads\ReginScanner-master 2015-07-18 23:08 - 2015-07-21 21:58 - 00000336 _____ C:\Windows\setupact.log 2015-07-18 23:08 - 2015-07-18 23:08 - 00000000 _____ C:\Windows\setuperr.log 2015-07-18 10:01 - 2015-07-18 10:02 - 00000000 ____D C:\Users\R\AppData\Roaming\vlc 2015-07-18 09:46 - 2015-07-18 09:46 - 00001001 _____ C:\Users\Public\Desktop\COMODO System Utilities.lnk 2015-07-18 09:46 - 2015-07-18 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2015-07-18 09:45 - 2015-07-18 09:45 - 00000000 ____D C:\Program Files\COMODO 2015-07-17 18:02 - 2015-07-19 10:01 - 00000000 ____D C:\Users\Privat\MediathekView 2015-07-17 17:57 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Sun 2015-07-17 17:57 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-07-17 17:57 - 2015-07-17 17:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-07-17 17:56 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Oracle 2015-07-17 17:56 - 2015-07-17 17:56 - 00000000 ____D C:\Program Files (x86)\Java 2015-07-17 17:55 - 2015-07-17 17:55 - 00562784 _____ (Oracle Corporation) C:\Users\Privat\Downloads\jxpiinstall(1).exe 2015-07-17 17:35 - 2015-07-17 17:37 - 64954368 _____ C:\Users\Privat\Downloads\calibre-2.32.0.msi 2015-07-17 16:53 - 2015-07-17 14:53 - 00000052 _____ C:\Users\Privat\Documents\KlimaLoggPro.log 2015-07-17 14:53 - 2015-07-12 17:22 - 00000052 _____ C:\Users\Privat\Documents\2015_07_17-KlimaLoggPro.log 2015-07-17 13:02 - 2015-07-17 13:02 - 00000000 ____D C:\Users\Privat\Downloads\Stiftung Warentest 2015-07-17 12:23 - 2015-07-17 12:23 - 00028396 _____ C:\Users\Privat\AppData\Local\recently-used.xbel 2015-07-15 19:49 - 2015-07-15 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2015-07-15 19:48 - 2015-07-15 19:48 - 22437104 _____ (SUPERAntiSpyware) C:\Users\R\Downloads\SUPERAntiSpyware(1).exe 2015-07-15 10:36 - 2015-07-15 10:36 - 00000000 ____D C:\Users\Privat\AppData\Local\CEF 2015-07-14 19:24 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-14 19:24 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-14 19:24 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-14 19:24 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-14 19:24 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-14 19:24 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-14 19:24 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-14 19:24 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-14 19:24 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-14 19:24 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-14 19:24 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-14 19:24 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-14 19:24 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-14 19:24 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-14 19:24 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-07-14 19:24 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-14 19:24 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-14 19:24 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-14 19:24 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-07-14 19:24 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-07-14 19:24 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-14 19:24 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-14 19:24 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-14 19:24 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-07-14 19:24 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-07-14 19:24 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-07-14 19:24 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-14 19:24 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-07-14 19:24 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-14 19:24 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-14 19:24 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-14 19:24 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-14 19:24 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-14 19:24 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-14 19:24 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-07-14 19:24 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-14 19:24 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-07-14 19:24 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-14 19:24 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-14 19:24 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-14 19:24 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-07-14 19:24 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-14 19:24 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-14 19:24 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-14 19:24 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-14 19:24 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-07-14 19:24 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-14 19:24 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-07-14 19:24 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-14 19:24 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-14 19:24 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-14 19:24 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-14 19:24 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-14 19:24 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-07-14 19:24 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-14 19:24 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-07-14 19:24 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-07-14 19:24 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-07-14 19:23 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-14 19:23 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-14 19:23 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-07-14 19:23 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-07-14 19:23 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-07-14 19:23 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-07-14 19:23 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-07-14 19:23 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-07-14 19:23 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-07-14 19:23 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-07-14 19:23 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-07-14 19:23 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-07-14 19:23 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-14 19:23 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-07-14 19:23 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-07-14 19:23 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-07-14 19:23 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-07-14 19:23 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-07-14 19:23 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-14 19:23 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-14 19:23 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-14 19:23 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-07-14 19:23 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-14 19:23 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-07-14 19:23 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-14 19:23 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-14 19:23 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-14 19:23 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-14 19:23 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-14 19:23 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-14 19:23 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-14 19:23 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-14 19:23 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-14 19:23 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-14 19:23 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-14 19:23 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-14 19:23 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-14 19:23 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-07-14 19:23 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-07-14 19:23 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-07-14 19:23 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-07-14 19:23 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-07-14 19:23 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-07-14 19:23 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-07-14 19:22 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-07-14 19:22 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-14 19:22 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-14 19:22 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-14 19:22 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-07-14 19:22 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-07-14 19:22 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-14 19:22 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-14 19:22 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-14 19:22 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-14 19:22 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-14 19:22 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-14 19:22 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-14 19:22 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-14 19:22 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-14 19:22 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-14 19:22 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-14 19:22 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-12 17:22 - 2015-06-24 17:26 - 00000052 _____ C:\Users\Privat\Documents\2015_07_12-KlimaLoggPro.log 2015-07-12 17:11 - 2015-07-12 17:11 - 00000000 ____D C:\Program Files\CDBurnerXP 2015-07-12 10:46 - 2015-07-12 10:46 - 00003112 _____ C:\Windows\System32\Tasks\{5727E98A-C166-4F4F-B69A-624308427126} 2015-07-12 10:39 - 2015-07-12 10:39 - 00000000 ____D C:\Users\R\AppData\Local\GWX 2015-07-11 05:28 - 2015-07-11 05:28 - 00000000 ____D C:\Users\Privat\AppData\Local\GWX 2015-07-10 18:06 - 2015-07-10 18:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-07-10 18:06 - 2015-07-10 18:06 - 00000000 ___SD C:\Windows\system32\GWX 2015-07-03 15:05 - 2015-07-14 19:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-07-03 15:05 - 2015-07-03 15:05 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2015-07-03 15:05 - 2015-07-03 15:05 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-07-03 15:00 - 2015-07-03 15:00 - 01384576 _____ (Skype Technologies S.A.) C:\Users\Privat\Downloads\SkypeSetup(1).exe 2015-07-03 14:59 - 2015-07-05 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-01 00:17 - 2015-07-01 00:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.1.8.1057.exe 2015-06-30 16:03 - 2015-06-30 16:03 - 00000000 ____D C:\Users\Privat\AppData\Local\webkit 2015-06-29 06:33 - 2015-06-29 06:34 - 22304376 _____ (SUPERAntiSpyware) C:\Users\R\Downloads\SUPERAntiSpyware.exe 2015-06-28 14:05 - 2015-07-22 11:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-28 14:05 - 2015-07-14 20:15 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-28 11:48 - 2015-06-28 11:48 - 00001571 _____ C:\Users\Privat\Desktop\pkColorPicker.lnk 2015-06-28 11:46 - 2015-06-28 22:45 - 00000000 ____D C:\Users\Privat\Downloads\Color 2015-06-24 17:55 - 2015-06-24 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2015-06-24 17:26 - 2015-05-14 11:36 - 00000364 _____ C:\Users\Privat\Documents\2015_06_24-KlimaLoggPro.log 2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL 2015-06-23 21:54 - 2015-06-23 21:55 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype 2015-06-23 21:54 - 2015-06-23 21:54 - 00000000 ____D C:\Users\R\AppData\Local\Skype 2015-06-23 21:47 - 2015-06-23 21:50 - 64892928 _____ C:\Users\Privat\Downloads\calibre-2.31.0.msi ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-22 11:48 - 2015-05-03 19:43 - 00000000 ____D C:\Users\Privat\Downloads\FRST 2015-07-22 11:48 - 2015-03-28 09:26 - 00000000 ____D C:\FRST 2015-07-22 11:07 - 2015-05-23 20:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-22 10:58 - 2015-05-03 21:14 - 00000000 ____D C:\Users\Privat\Documents\Outlook-Dateien 2015-07-22 10:58 - 2015-05-03 20:39 - 00000000 ____D C:\Windows\CryptoGuard 2015-07-22 10:29 - 2015-05-03 16:02 - 01491276 _____ C:\Windows\WindowsUpdate.log 2015-07-22 06:07 - 2015-05-23 20:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-22 01:27 - 2009-07-14 06:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-22 01:27 - 2009-07-14 06:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-21 22:12 - 2015-05-03 19:29 - 00000000 ____D C:\Users\Privat\Documents\Birkenring 40 2015-07-21 21:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-21 19:57 - 2015-05-03 19:01 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{188137A1-1E81-4F3A-8688-E6E423B81A2B} 2015-07-21 13:51 - 2009-07-14 06:45 - 00523464 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-20 21:46 - 2014-12-22 05:01 - 00000000 ____D C:\AdwCleaner 2015-07-19 10:07 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\vlc 2015-07-19 06:45 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\.mediathek3 2015-07-18 09:54 - 2015-05-03 17:18 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{40C5265C-6D46-4C88-9275-57E22DF0E601} 2015-07-18 09:47 - 2015-05-03 16:27 - 00000000 ____D C:\Users\R 2015-07-18 09:23 - 2015-05-03 19:29 - 00000000 ____D C:\Users\Privat\Documents\DAA GVM 2015-07-17 18:02 - 2015-05-03 18:40 - 00000000 ____D C:\Users\Privat 2015-07-17 17:41 - 2015-05-07 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-07-17 17:41 - 2015-05-07 07:50 - 00000000 ____D C:\Program Files (x86)\Calibre2 2015-07-17 17:41 - 2015-05-03 18:36 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2015-07-17 14:57 - 2015-05-14 12:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1.tmp 2015-07-17 14:57 - 2015-05-14 12:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1 2015-07-17 14:57 - 2015-05-03 19:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\KlimaLoggPro 2015-07-17 12:23 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\.gimp-2.8 2015-07-17 12:22 - 2015-05-03 19:25 - 00000000 ____D C:\Users\Privat\AppData\Local\gtk-2.0 2015-07-17 12:22 - 2009-07-14 19:58 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-07-17 12:22 - 2009-07-14 19:58 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-07-17 12:22 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-17 08:15 - 2015-05-14 11:33 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2015-07-16 06:02 - 2015-05-23 20:37 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-07-16 06:02 - 2015-05-23 20:37 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-07-15 20:11 - 2015-05-14 19:43 - 00007630 _____ C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-07-15 20:01 - 2015-05-03 19:28 - 00000000 ___RD C:\Users\Privat\Desktop\Admi 2015-07-15 19:49 - 2015-05-14 11:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2015-07-15 08:40 - 2015-05-15 09:04 - 00000842 _____ C:\Users\Privat\AppData\Roaming\Drives Meter_Settings.ini 2015-07-14 20:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-14 20:15 - 2015-05-12 08:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-14 20:15 - 2015-05-12 08:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-14 19:47 - 2015-05-03 16:38 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-07-14 19:43 - 2015-05-03 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-14 19:36 - 2015-05-03 16:35 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 19:33 - 2015-05-04 06:04 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-07-14 19:26 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Local\Adobe 2015-07-14 19:25 - 2015-05-03 20:31 - 00000000 ____D C:\Users\R\AppData\Local\Adobe 2015-07-12 22:55 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\dvdcss 2015-07-12 17:19 - 2015-05-07 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-07-12 17:11 - 2015-05-04 11:37 - 00001692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-07-12 17:11 - 2015-05-03 18:36 - 00001742 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-07-12 16:50 - 2015-06-09 23:01 - 00003128 _____ C:\Windows\System32\Tasks\SAgent 2015-07-12 16:49 - 2015-06-21 14:39 - 00003040 _____ C:\Windows\System32\Tasks\BatteryLifeExtender 2015-07-12 05:57 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\DAEMON Tools Lite 2015-07-12 05:37 - 2015-05-14 15:12 - 00000000 ____D C:\Users\Privat\Downloads\Sysinternals Suite 2015-07-10 19:28 - 2015-05-03 16:38 - 00000000 ____D C:\Windows\system32\appraiser 2015-07-10 19:01 - 2015-05-03 18:45 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-09 21:35 - 2015-05-07 07:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-07-08 15:07 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\MyPhoneExplorer 2015-07-06 23:24 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe 2015-07-06 18:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-06 06:48 - 2015-05-18 03:48 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige 2015-07-05 21:51 - 2015-05-03 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-05 13:18 - 2015-05-03 21:14 - 00000000 ____D C:\Users\Privat\Documents\Goethe Schule 2015-07-05 12:08 - 2015-05-03 16:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-03 15:05 - 2015-05-03 20:35 - 00000000 ____D C:\ProgramData\Adobe 2015-07-03 15:02 - 2015-05-08 19:42 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Skype 2015-07-03 15:01 - 2015-05-08 19:41 - 00000000 ____D C:\ProgramData\Skype 2015-07-03 08:43 - 2015-05-03 16:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-07-01 21:39 - 2015-05-03 18:48 - 00000000 ____D C:\Program Files\CCleaner 2015-07-01 00:19 - 2015-05-03 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-07-01 00:19 - 2015-05-03 18:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-06-29 03:25 - 2015-05-03 16:42 - 00000000 ____D C:\Windows\System32\Tasks\Games 2015-06-24 18:30 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Mp3tag 2015-06-24 17:55 - 2015-05-03 20:20 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2015-06-24 17:55 - 2015-05-03 19:44 - 00000000 ____D C:\Users\Privat\Downloads\Mp3Tag 2015-06-24 17:47 - 2015-05-03 19:44 - 00000000 ____D C:\Users\Privat\Downloads\Microsoft Safety Scanner 2015-06-24 12:35 - 2015-05-08 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-06-23 21:55 - 2015-05-08 18:48 - 00003019 _____ C:\Windows\system32\TeamViewer10_Hooks.log 2015-06-23 21:54 - 2015-05-08 18:47 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-06-23 21:53 - 2015-06-21 14:24 - 00001121 _____ C:\Users\R\Desktop\CyberLink YouCam.lnk ==================== Files in the root of some directories ======= 2015-05-14 15:45 - 2015-05-14 15:45 - 0000036 _____ () C:\Users\R\AppData\Local\housecall.guid.cache 2015-05-14 19:43 - 2015-07-15 20:11 - 0007630 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-05-09 11:11 - 2015-05-09 11:11 - 0000043 ___SH () C:\ProgramData\.zreglib 2015-05-23 09:16 - 2015-05-23 09:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-05-14 12:14 - 2015-07-17 14:57 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1 2015-05-14 12:14 - 2015-07-17 14:57 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1.tmp 2015-05-07 12:33 - 2015-05-07 12:33 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore Some files in TEMP: ==================== C:\Users\R\AppData\Local\Temp\Quarantine.exe C:\Users\R\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 08:50 ==================== End of log ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015 Ran by R at 2015-07-22 11:50:27 Running from C:\Users\Privat\Downloads\FRST Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1269753938-3578349479-3780603664-500 - Administrator - Disabled) Coach (S-1-5-21-1269753938-3578349479-3780603664-1003 - Limited - Enabled) => C:\Users\Coach Gast (S-1-5-21-1269753938-3578349479-3780603664-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1269753938-3578349479-3780603664-1002 - Limited - Enabled) Privat (S-1-5-21-1269753938-3578349479-3780603664-1004 - Limited - Enabled) => C:\Users\Privat R (S-1-5-21-1269753938-3578349479-3780603664-1001 - Administrator - Enabled) => C:\Users\R ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Acronis True Image 2015 (HKLM-x32\...\{08DC7D7A-1CA0-4E96-B12F-9B9577FCF0F8}Visible) (Version: 18.0.6525 - Acronis) Acronis True Image 2015 (x32 Version: 18.0.6525 - Acronis) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{25107779-C295-EB3E-3C92-AC1B45680012}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) BatteryLifeExtender (HKLM-x32\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung) Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation) calibre (HKLM-x32\...\{10166EDF-AE11-45B8-B62C-CF56795D7686}) (Version: 2.32.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes) COMODO System Utilities (HKLM\...\{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}) (Version: 4.0.226743.26 - COMODO) Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google) Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard) HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version: - TFA Dostmann) Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.16.3 - Marvell) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.6 - Mozilla) Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Namuga 1.3M Webcam (HKLM-x32\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) Paragon Festplatten Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software) Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7459 - Realtek Semiconductor Corp.) S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.) Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{C9347A74-CDAD-4076-B754-11752F6BE324}) (Version: 22.0.334.0 - Hewlett-Packard Co.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com) SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer) TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems) Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation) WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden Youtube Downloader HD v. 2.9.9.23 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 18-07-2015 09:45:26 COMODO System Utilities Installaton 18-07-2015 14:44:20 Windows Update 21-07-2015 13:45:59 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {33A22260-EA94-46AE-8065-30C1E935CA53} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.) Task: {33D95203-43E0-41F8-8BED-C0B0D9461821} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.) Task: {34C677BB-53FF-4DC7-B5B1-062029D8DE52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {748B07BB-0D89-4567-B40D-B126424B396A} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.) Task: {8B7C2A31-9A81-4927-8D63-849670C324FA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1269753938-3578349479-3780603664-1003 Task: {9254ED14-7CC2-4A82-8270-3DD255AF0A6B} - System32\Tasks\{5727E98A-C166-4F4F-B69A-624308427126} => pcalua.exe -a C:\Users\R\AppData\Local\Temp\Temp1_PageDefrag.zip\pagedfrg.exe Task: {93F6FB47-34E8-4FFE-A90B-4BF881C3A93A} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {9783CAC9-C0C1-4FDC-9157-30DCC8F71CA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated) Task: {A4924BCE-2A4B-49C8-9327-DDBE8AD1912F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.) Task: {B0A859EF-BAD3-4298-84CA-E8B5888AB69F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd) Task: {C623C884-470A-4844-8297-719433FFEA0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.) Task: {CB7A9EA7-D653-457A-B398-B9AA1857C4B1} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC) Task: {D63A1F85-5390-4B83-B3F8-2F617CAAE214} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.) Task: {EAEB4E54-B5CF-4C49-80C0-83CB7942E9BB} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-07-21 13:53 - 2015-07-20 06:36 - 08311411 _____ () C:\Users\Privat\Downloads\Loki-master\loki.exe 2015-06-10 10:40 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2015-07-21 22:00 - 2015-07-21 22:00 - 00774656 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_hashlib.pyd 2015-07-21 22:00 - 2015-07-21 22:00 - 00100352 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\win32api.pyd 2015-07-21 22:00 - 2015-07-21 22:00 - 00110080 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\pywintypes27.dll 2015-07-21 22:00 - 2015-07-21 22:00 - 00396800 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\pythoncom27.dll 2015-07-21 22:00 - 2015-07-21 22:00 - 00087552 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_ctypes.pyd 2015-07-21 22:00 - 2015-07-21 22:00 - 00014848 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_scandir.pyd 2015-07-21 22:00 - 2015-07-21 22:00 - 00712704 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\yara.pyd 2015-07-21 22:00 - 2015-07-21 22:00 - 00046080 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_socket.pyd 2015-07-21 22:00 - 2015-07-21 22:00 - 01201152 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_ssl.pyd 2015-07-21 22:00 - 2015-07-21 22:00 - 00036352 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_psutil_windows.pyd 2015-07-21 22:00 - 2015-07-21 22:00 - 00381952 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\win32com.shell.shell.pyd ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\R\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 3 MSCONFIG\Services: AcrSch2Svc => 3 MSCONFIG\Services: AdobeARMservice => 3 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: afcdpsrv => 3 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: CSUService => 3 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: Lexware_Update_Service => 2 MSCONFIG\Services: MBAMScheduler => 3 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: SkypeUpdate => 3 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: syncagentsrv => 3 MSCONFIG\Services: TeamViewer => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{5B5BAAD7-C27A-433D-BF15-8D0466696919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{079FAD09-9EA7-421E-AADB-78B42598D130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{20034301-9439-4F46-AF5C-548B4F2C3809}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{1246295B-6556-44D9-AE3A-E4E573CE8430}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{C9AD7762-34D0-46EF-B212-938167D6034C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{5CF7127C-5FB7-4EE5-8704-DDFAB4E4A8BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{02CE4919-36F7-4A9E-B5A2-3218DA5F6B8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AF83AD2D-3A2B-43E9-91A2-89EE3B1FA357}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe FirewallRules: [{7C43FFFB-EDCD-4BFD-B1C7-4B3B261D3345}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe FirewallRules: [{8E13B30F-4358-4215-9B06-EB97420A34A2}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe FirewallRules: [{F48AC153-3B3D-4455-B792-CE825D18B5D3}] => (Allow) LPort=1900 FirewallRules: [{E69511C7-8E5A-4946-A703-72AFF079FD3D}] => (Allow) LPort=2869 FirewallRules: [{A1709944-5227-47E7-90C1-A74419ADFADD}] => (Allow) C:\Windows\ehome\ehrecvr.exe FirewallRules: [{AC489AC5-F72B-48C4-AAF9-ACB209AAFAC5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6C82E8B0-543E-497D-8811-23688FAA2D03}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{E8714BE3-A289-4D00-AB7F-4C84D6DF7F5D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{CE91B477-E531-4FBB-A876-7FCC8843DF48}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{679B012B-DC01-402F-922F-827322CABAFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{5DEB5DD9-88C0-46FB-B5A9-3A85BE3605A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3CE87CCD-153A-4419-B215-F83AEFBEFB17}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{DB19EFF8-415C-43DD-922B-7F8644FF663F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2015 01:23:23 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/21/2015 02:19:22 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/21/2015 01:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm firefox.exe, Version 39.0.0.5659 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1320 Startzeit: 01d0c3aa0d8a6109 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 5205dd46-2f9e-11e5-83a9-002454164d61 Error: (07/20/2015 10:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4a0 Startzeit: 01d0c324ea4306ed Endzeit: 39 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 1fdc5e8b-2f20-11e5-83a9-002454164d61 Error: (07/20/2015 07:52:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/19/2015 07:02:31 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/19/2015 06:40:21 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (07/18/2015 11:10:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (07/18/2015 11:40:56 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (07/18/2015 11:34:42 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. System errors: ============= Error: (07/21/2015 10:00:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/21/2015 02:02:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/21/2015 02:01:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/21/2015 01:53:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/20/2015 09:48:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "SAS Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "HitmanPro.Alert Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office: ========================= Error: (07/22/2015 01:23:23 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/21/2015 02:19:22 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/21/2015 01:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe39.0.0.5659132001d0c3aa0d8a610931C:\Program Files (x86)\Mozilla Firefox\firefox.exe5205dd46-2f9e-11e5-83a9-002454164d61 Error: (07/20/2015 10:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.175674a001d0c324ea4306ed39C:\Windows\Explorer.EXE1fdc5e8b-2f20-11e5-83a9-002454164d61 Error: (07/20/2015 07:52:30 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/19/2015 07:02:31 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/19/2015 06:40:21 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 Error: (07/18/2015 11:10:01 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 Error: (07/18/2015 11:40:56 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe Error: (07/18/2015 11:34:42 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 CodeIntegrity Errors: =================================== Date: 2015-07-22 11:48:29.920 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-22 10:58:25.622 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-22 10:39:52.718 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-22 10:29:31.417 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-22 10:23:55.269 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-22 07:11:12.625 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 21:58:49.446 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 19:59:09.076 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 14:55:48.565 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-21 14:33:12.124 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz Percentage of memory in use: 45% Total physical RAM: 3036.61 MB Available physical RAM: 1656.23 MB Total Virtual: 6071.43 MB Available Virtual: 4250.57 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:198.89 GB) (Free:16.35 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Daten) (Fixed) (Total:131.39 GB) (Free:38.38 GB) NTFS Drive e: (temp) (Fixed) (Total:59.43 GB) (Free:5.35 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B4B6F23B) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=198.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=251.8 GB) - (Type=OF Extended) ==================== End of log ============================ |
23.07.2015, 05:47 | #4 |
/// the machine /// TB-Ausbilder | Kurz durchchecken erbeten Sieht gut aus. Ich würde SUPERAntiSpyware runterwerfen, das nutzt doch kein Mensch mehr
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.07.2015, 10:46 | #5 |
| Danke ich werfe SUPERAntiSpyware runter Rainer |
24.07.2015, 06:39 | #6 |
/// the machine /// TB-Ausbilder | Kurz durchchecken erbeten ok
__________________ --> Kurz durchchecken erbeten |
Themen zu Kurz durchchecken erbeten |
access denied, adobe, backdoor, bot, device driver, dllhost.exe, error, explorer.exe, file, firefox 39.0, goethe, google analytics, lsass.exe, malware, malwarebytes, microsoft, neu, newtab, officejet, phishing, port, robot, scan, security, services.exe, superantispyware, svchost.exe, system, temp, tracker, windows, windows media player, winlogon.exe, wmp |