| |
| |||||||
Log-Analyse und Auswertung: Inkasso TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.09.2015, 18:53
| #1 |
 |  Inkasso Trojaner Hallo, Ich habe heute eine E-Mail von einem angeblichen Inkasso Unternehmen erhalten, in der behauptet wurde, dass ich einen Bestellung nicht bezahlt hätte etc etc. Als ich die beigefügte Rechnung öffnen wollte, öffnete ich eine MS-Dos Anwendung. Nach allem was ich gelesen habe, wird das wohl ein Trojaner sein, der in diesen Fake-Mails versendet wird. Zuerst habe ich einen Avira-Scan gemacht, aber der fand nichts. Dann habe ich es HijackThis probiert, einen Scan durchgeführt und die Textdatei auf hijack.de auswerten lassen. Doch wenn ich die als bedenklich eingestuften Dateien über HijackThis fixen will, wird nichts geändert. Eigentlich würde ich den Computer einfach zurücksetzen, jedoch habe ich seit kurzem Windows10 auf dem Computer und noch keine Wiederherstellungspunkte. Falls das hilfreich sein sollte habe ich bereits einen Scan mit dem OTL-Scanner durchgeführt. Die beiden Dokumente die er ausgespuckt hat folgen. |
|
09.09.2015, 18:58
| #2 |
| /// the machine /// TB-Ausbilder    | Inkasso Trojaner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.09.2015, 19:00
| #3 |
| | Inkasso Trojaner Die OTL.txt Datei war zu groß zum hochladen also kommt sie auf diesem Weg:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 09.09.2015 19:21:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\zorro\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.10240.16384) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,89 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 46,14% Memory free 6,83 Gb Paging File | 3,19 Gb Available in Paging File | 46,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 110,00 Gb Total Space | 9,14 Gb Free Space | 8,31% Space Free | Partition Type: NTFS Computer Name: ZORRO-LAPTOP | User Name: zorro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\zorro\AppData\Local\Temp\DMR\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HijackThis_2.0.5.exe (Trend Micro Inc.) PRC - C:\Users\zorro\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\zorro\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\sfc.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\SQLiteWrapper.dll () MOD - C:\Programme\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.dll () MOD - C:\Programme\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe () MOD - C:\Programme\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll () MOD - C:\Program Files (x86)\Steam\video.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Windows\SysWOW64\CoreUIComponents.dll () MOD - C:\Programme\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll () MOD - C:\Program Files (x86)\Steam\bin\openvr_api.dll () MOD - C:\Programme\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\SharedLibrary.dll () MOD - C:\Program Files (x86)\Steam\v8.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\icui18n.dll () MOD - C:\Program Files (x86)\Steam\icuuc.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\libavcodec-56.dll () MOD - C:\Program Files (x86)\Steam\libswscale-3.dll () MOD - C:\Program Files (x86)\Steam\libavformat-56.dll () MOD - C:\Program Files (x86)\Steam\libavutil-54.dll () MOD - C:\Program Files (x86)\Steam\libavresample-2.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation) SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation) SRV:64bit: - (tiledatamodelsvc) -- C:\Windows\SysNative\tileobjserver.dll (Microsoft Corporation) SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation) SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation) SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation) SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation) SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation) SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation) SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation) SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation) SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation) SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation) SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation) SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation) SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation) SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation) SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation) SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation) SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation) SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation) SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation) SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation) SRV:64bit: - (DcpSvc) -- C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation) SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation) SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation) SRV:64bit: - (UserDataSvc_Session1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (UnistoreSvc_Session1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (PimIndexMaintenanceSvc_Session1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (OneSyncSvc_Session1) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation) SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation) SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation) SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Avira.ServiceHost) -- C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation) SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (SynTPEnhService) -- C:\Programme\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated) SRV - (lfsvc) -- C:\Windows\SysWOW64\lfsvc.dll (Microsoft Corporation) SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (Intel(R) -- c:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) SRV - (Intel(R) -- c:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw10x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation) DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (ReFSv1) -- C:\WINDOWS\SysNative\drivers\refsv1.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation) DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (IoQos) -- C:\Windows\SysNative\drivers\ioqos.sys (Microsoft Corporation) DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation) DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation) DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys () DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation) DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation) DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox) DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek ) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation) DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox) DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies) DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (LSI Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox) DRV:64bit: - (swenum) -- C:\Windows\SysNative\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation) DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation) DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (fcvsc) -- C:\Windows\SysNative\drivers\fcvsc.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV - (swenum) -- C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 67 AB 4A 96 36 D0 01 [binary data] IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-58352319-3725806726-3140065513-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.searchengine.alias: "istartsurf" FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine" FF - prefs.js..browser.search.searchengine.iconURL: "hxxp://www.istartsurf.com/favicon.ico" FF - prefs.js..browser.search.searchengine.name: "istartsurf" FF - prefs.js..browser.search.searchengine.ptid: "smt" FF - prefs.js..browser.search.searchengine.uid: "KINGSTONXSV300S37A120G_50026B774C02DD98" FF - prefs.js..browser.search.searchengine.url: "hxxp://www.istartsurf.com/web/?type=ds&ts=1431813063&z=ff20560caf29eacd2acad55g6zbc4g6begec3e0qeg&from=smt&uid=KINGSTONXSV300S37A120G_50026B774C02DD98&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "https://www.google.de/?gws_rd=ssl" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:38.0.5 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 38.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.01.10 22:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\Extensions [2015.06.11 16:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\Firefox\Profiles\DLqFl98w.default\extension-data [2015.06.10 16:09:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\Firefox\Profiles\DLqFl98w.default\extension-data\youtubeunblocker__web@unblocker.yt [2015.09.09 19:14:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\Firefox\Profiles\DLqFl98w.default\extensions [2015.08.12 22:11:35 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\zorro\AppData\Roaming\mozilla\Firefox\Profiles\DLqFl98w.default\extensions\abs@avira.com [2015.09.01 14:58:08 | 000,000,000 | ---D | M] (YouTube Unblocker) -- C:\Users\zorro\AppData\Roaming\mozilla\Firefox\Profiles\DLqFl98w.default\extensions\youtubeunblocker__web@unblocker.yt [2015.08.30 10:11:23 | 001,482,772 | ---- | M] () (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\firefox\profiles\DLqFl98w.default\extensions\firefox@ghostery.com.xpi [2015.09.09 19:14:37 | 000,069,300 | ---- | M] () (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\firefox\profiles\DLqFl98w.default\extensions\{88309fd1-cacd-4904-9730-a0786869d225}.xpi [2015.03.01 17:10:56 | 000,038,626 | ---- | M] () (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\firefox\profiles\DLqFl98w.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015.07.28 16:34:49 | 000,963,213 | ---- | M] () (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\firefox\profiles\DLqFl98w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015.07.20 21:45:38 | 000,072,494 | ---- | M] () (No name found) -- C:\Users\zorro\AppData\Roaming\mozilla\firefox\profiles\DLqFl98w.default\extensions\{e337fd67-0148-4d1a-8cb6-1d7085814f28}.xpi [2015.08.09 14:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.06.03 01:52:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.08.22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O4:64bit: - HKLM..\Run: [LogiOptionsAppBroker] C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-58352319-3725806726-3140065513-1001..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series" File not found O4 - HKU\S-1-5-21-58352319-3725806726-3140065513-1001..\Run: [hopeagree] C:\Users\zorro\AppData\Local\Temp\Hope-review\hopeweigh.exe () O4 - HKU\S-1-5-21-58352319-3725806726-3140065513-1001..\Run: [OneDrive] C:\Users\zorro\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-58352319-3725806726-3140065513-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-21-58352319-3725806726-3140065513-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-58352319-3725806726-3140065513-1001..\RunOnce: [hopeagree] C:\Users\zorro\AppData\Local\Temp\Hope-review\hopeweigh.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An OneNote s&enden - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{e88830a0-70b1-4852-badf-bec964923f4e}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\WINDOWS\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - File not found O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\WINDOWS\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\WINDOWS\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.09.09 18:10:12 | 000,000,000 | ---D | C] -- C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH-1 [2015.09.09 18:00:18 | 000,000,000 | ---D | C] -- C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH [2015.09.07 19:43:32 | 004,318,760 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\WINDOWS\SysNative\drivers\athw10x.sys [2015.09.03 16:25:48 | 000,505,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml.dll [2015.09.03 16:25:47 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comdlg32.ocx [2015.09.03 16:25:47 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSINET.OCX [2015.09.03 16:25:47 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VB5DB.DLL [2015.09.03 16:25:47 | 000,028,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxmlr.dll [2015.09.03 16:25:47 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xmlinst.exe [2015.09.03 16:25:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll [2015.09.03 16:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft [2015.09.03 16:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubi Soft [2015.09.03 16:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2015.08.31 13:56:53 | 018,806,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll [2015.08.31 13:56:52 | 021,875,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll [2015.08.31 13:56:48 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkMobileSettings.dll [2015.08.31 13:56:48 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll [2015.08.31 13:56:47 | 008,019,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2015.08.31 13:56:47 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll [2015.08.31 13:56:47 | 001,396,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll [2015.08.31 13:56:47 | 001,061,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll [2015.08.31 13:56:47 | 000,963,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll [2015.08.31 13:56:47 | 000,859,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\modernexecserver.dll [2015.08.31 13:56:47 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupShim.dll [2015.08.31 13:56:46 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcnwiz.dll [2015.08.31 13:56:46 | 000,609,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll [2015.08.31 13:56:46 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll [2015.08.31 13:56:46 | 000,373,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS [2015.08.31 13:56:46 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupShim.dll [2015.08.31 13:56:46 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupSvc.dll [2015.08.31 13:56:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe [2015.08.31 13:56:46 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BthRadioMedia.dll [2015.08.31 13:56:46 | 000,077,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll [2015.08.31 13:56:45 | 002,178,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll [2015.08.31 13:56:45 | 001,234,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe [2015.08.31 13:56:45 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wcnwiz.dll [2015.08.31 13:56:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EnterpriseModernAppMgmtCSP.dll [2015.08.31 13:56:45 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnApi.dll [2015.08.31 13:56:45 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWCN.dll [2015.08.31 13:56:45 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fdWCN.dll [2015.08.31 13:56:45 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WcnApi.dll [2015.08.31 13:56:45 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnNetsh.dll [2015.08.31 13:56:45 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wfdprov.dll [2015.08.31 13:56:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wfdprov.dll [2015.08.31 13:56:44 | 001,795,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll [2015.08.31 13:56:44 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vaultsvc.dll [2015.08.31 13:56:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PackageStateRoaming.dll [2015.08.31 13:56:44 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PackageStateRoaming.dll [2015.08.19 13:48:22 | 016,706,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll [2015.08.19 13:48:19 | 013,024,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll [2015.08.19 13:48:16 | 007,523,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll [2015.08.19 13:48:15 | 005,454,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll [2015.08.19 13:48:15 | 004,532,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2015.08.19 13:48:14 | 004,048,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe [2015.08.19 13:48:14 | 002,558,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll [2015.08.19 13:48:14 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll [2015.08.19 13:48:14 | 001,916,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll [2015.08.19 13:48:14 | 001,643,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll [2015.08.19 13:48:13 | 003,527,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll [2015.08.19 13:48:13 | 002,416,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll [2015.08.19 13:48:12 | 002,151,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll [2015.08.19 13:48:12 | 002,093,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll [2015.08.19 13:48:12 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll [2015.08.19 13:48:11 | 002,748,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll [2015.08.19 13:48:11 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll [2015.08.19 13:48:11 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll [2015.08.19 13:48:11 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll [2015.08.19 13:48:11 | 000,292,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppHost.exe [2015.08.19 13:48:10 | 003,588,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys [2015.08.19 13:48:10 | 001,334,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll [2015.08.19 13:48:10 | 000,918,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll [2015.08.19 13:48:10 | 000,893,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApiPublic.dll [2015.08.19 13:48:10 | 000,593,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcmsvc.dll [2015.08.19 13:48:10 | 000,554,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\directmanipulation.dll [2015.08.19 13:48:10 | 000,243,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppHost.exe [2015.08.19 13:48:10 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Notifications.dll [2015.08.19 13:48:09 | 001,087,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll [2015.08.19 13:48:09 | 000,993,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll [2015.08.19 13:48:09 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApi.dll [2015.08.19 13:48:09 | 000,454,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\directmanipulation.dll [2015.08.19 13:48:09 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApi.dll [2015.08.19 13:48:09 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll [2015.08.19 13:48:09 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cloudAP.dll [2015.08.19 13:48:09 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringservice.dll [2015.08.19 13:48:09 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationPermissions.dll [2015.08.19 13:48:09 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll [2015.08.19 13:48:08 | 000,845,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll [2015.08.19 13:48:08 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApiPublic.dll [2015.08.19 13:48:08 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdbui.dll [2015.08.19 13:48:08 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationGeofences.dll [2015.08.19 13:48:08 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe [2015.08.19 13:48:08 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll [2015.08.19 13:48:08 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeParserTask.exe [2015.08.19 13:48:08 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\stornvme.sys [2015.08.19 13:48:07 | 002,462,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll [2015.08.19 13:48:07 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneDriveSettingSyncProvider.dll [2015.08.19 13:48:07 | 000,442,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys [2015.08.19 13:48:07 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll [2015.08.19 13:48:07 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll [2015.08.19 13:48:07 | 000,311,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll [2015.08.19 13:48:07 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\syncutil.dll [2015.08.19 13:48:07 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFramework.dll [2015.08.19 13:48:07 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringclient.dll [2015.08.19 13:48:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuautoappupdate.dll [2015.08.19 13:48:06 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll [2015.08.19 13:48:06 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe [2015.08.19 13:48:06 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GamePanel.exe [2015.08.19 13:48:06 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2015.08.19 13:48:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2015.08.19 13:48:06 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll [2015.08.19 13:48:06 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll [2015.08.19 13:48:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFrameworkInternalPS.dll [2015.08.19 13:48:06 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tetheringclient.dll [2015.08.15 00:48:27 | 000,000,000 | ---D | C] -- C:\Users\zorro\AppData\Roaming\Logishrd [2015.08.15 00:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2015.08.15 00:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2015.08.15 00:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2015.08.15 00:46:36 | 003,933,496 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\SysNative\LogiLDA.DLL [2015.08.15 00:46:36 | 002,458,936 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\SysNative\LdaCx2.dll [2015.08.15 00:46:36 | 000,828,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcr110.dll [2015.08.15 00:46:36 | 000,661,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcp110.dll [2015.08.15 00:46:36 | 000,354,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vccorlib110.dll [2015.08.11 20:58:41 | 008,613,200 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll [2015.08.11 20:58:41 | 006,878,256 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll [2015.08.11 20:58:28 | 003,780,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll [2015.08.11 20:58:26 | 002,415,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll [2015.08.11 20:58:24 | 001,212,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RemoteNaturalLanguage.dll [2015.08.11 20:58:24 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll [2015.08.11 20:58:24 | 000,898,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RemoteNaturalLanguage.dll [2015.08.11 20:58:23 | 001,601,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll [2015.08.11 20:58:23 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys [2015.08.11 20:58:23 | 000,783,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll [2015.08.11 20:58:23 | 000,644,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll [2015.08.11 20:58:23 | 000,608,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontdrvhost.exe [2015.08.11 20:58:23 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll [2015.08.11 20:58:23 | 000,583,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mf.dll [2015.08.11 20:58:23 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LogonController.dll [2015.08.11 20:58:22 | 000,801,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe [2015.08.11 20:58:22 | 000,539,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontdrvhost.exe [2015.08.11 20:58:22 | 000,505,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys [2015.08.11 20:58:22 | 000,365,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll [2015.08.11 20:58:22 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ActionCenter.dll [2015.08.11 20:58:22 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.LockScreen.dll [2015.08.11 20:58:22 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll [2015.08.11 20:58:21 | 001,274,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wifinetworkmanager.dll [2015.08.11 20:58:21 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctfuimanager.dll [2015.08.11 20:58:21 | 000,700,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe [2015.08.11 20:58:21 | 000,685,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdiWiFi.sys [2015.08.11 20:58:21 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NotificationObjFactory.dll [2015.08.11 20:58:21 | 000,303,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll [2015.08.11 20:58:21 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NotificationObjFactory.dll [2015.08.11 20:58:21 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActionCenter.dll [2015.08.11 20:58:21 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinBioDataModel.dll [2015.08.11 20:58:21 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SubscriptionMgr.dll [2015.08.11 20:58:21 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkStatus.dll [2015.08.11 20:58:20 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msctfuimanager.dll [2015.08.11 20:58:20 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Cortana.Desktop.dll [2015.08.11 20:58:20 | 000,516,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBHUB3.SYS [2015.08.11 20:58:19 | 001,822,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll [2015.08.11 20:58:19 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\configmanager2.dll [2015.08.11 20:58:19 | 000,243,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll [2015.08.11 20:58:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe [2015.08.11 20:58:19 | 000,200,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wof.sys [2015.08.11 20:58:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VPNv2CSP.dll [2015.08.11 20:58:18 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\coredpus.dll [2015.08.11 20:58:17 | 000,052,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\wpcfltr.sys [2015.08.11 20:58:16 | 000,594,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll [2015.08.11 20:58:16 | 000,046,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\msgpiowin32.sys [2015.08.11 20:58:14 | 000,393,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys [2015.08.11 20:58:12 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppBroker.dll [2015.08.11 20:58:12 | 000,311,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppBroker.dll [2015.08.11 20:58:12 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModelShim.dll [2015.08.11 20:58:11 | 001,290,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Shell.dll [2015.08.11 20:58:11 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModel.dll [2015.08.11 20:58:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tileobjserver.dll [2015.08.11 20:58:11 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VEEventDispatcher.dll [2015.08.11 20:58:10 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEEventDispatcher.dll [2015.08.11 20:58:10 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_UserAccount.dll [2015.08.11 20:58:10 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEDataLayerHelpers.dll [2015.08.11 20:58:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VEDataLayerHelpers.dll ========== Files - Modified Within 30 Days ========== [2015.09.09 19:19:17 | 000,002,231 | ---- | M] () -- C:\Users\zorro\Desktop\HijackThis - CHIP Downloader.lnk [2015.09.09 18:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2015.09.09 18:36:17 | 000,016,148 | ---- | M] () -- C:\WINDOWS\SysNative\ZORRO-LAPTOP_zorro_HistoryPrediction.bin [2015.09.09 15:36:14 | 001,793,546 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2015.09.09 15:36:14 | 000,773,380 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2015.09.09 15:36:14 | 000,732,370 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2015.09.09 15:36:14 | 000,154,706 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2015.09.09 15:36:14 | 000,138,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2015.09.09 15:31:55 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015.09.09 15:29:54 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys [2015.09.09 15:29:52 | 2531,794,944 | -HS- | M] () -- C:\hiberfil.sys [2015.09.07 19:43:32 | 004,318,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) -- C:\WINDOWS\SysNative\drivers\athw10x.sys [2015.09.07 05:20:52 | 000,000,220 | ---- | M] () -- C:\Users\zorro\Desktop\Deus Ex Game of the Year Edition.url [2015.09.03 16:26:53 | 000,002,421 | ---- | M] () -- C:\Users\zorro\Desktop\Ubi Soft Product Registration.lnk [2015.09.03 16:22:35 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk [2015.09.03 15:28:41 | 000,069,632 | ---- | M] () -- C:\WINDOWS\SysWow64\xmltok.dll [2015.09.03 15:28:39 | 000,089,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VB5DB.DLL [2015.09.03 15:28:39 | 000,036,864 | ---- | M] () -- C:\WINDOWS\SysWow64\xmlparse.dll [2015.09.03 15:28:38 | 000,026,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xmlinst.exe [2015.09.03 15:28:34 | 000,028,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxmlr.dll [2015.09.03 15:28:32 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3a.dll [2015.09.03 15:28:31 | 000,505,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml.dll [2015.09.03 15:28:28 | 000,115,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MSINET.OCX [2015.09.03 15:28:26 | 000,140,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comdlg32.ocx [2015.09.03 15:28:26 | 000,029,184 | ---- | M] () -- C:\WINDOWS\SysWow64\MSINET.oca [2015.09.03 15:28:24 | 000,035,840 | ---- | M] () -- C:\WINDOWS\SysWow64\comdlg32.oca [2015.08.20 08:07:55 | 008,019,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2015.08.20 08:06:53 | 000,609,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ci.dll [2015.08.20 07:57:13 | 000,077,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll [2015.08.20 07:26:23 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe [2015.08.20 07:21:28 | 021,875,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll [2015.08.20 07:21:13 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EnterpriseModernAppMgmtCSP.dll [2015.08.20 06:31:28 | 018,806,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll [2015.08.18 09:56:25 | 002,498,808 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll [2015.08.18 09:55:45 | 000,373,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS [2015.08.18 09:54:30 | 001,396,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll [2015.08.18 09:27:23 | 001,771,592 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll [2015.08.18 09:24:35 | 000,963,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll [2015.08.18 09:13:10 | 000,497,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WlanMediaManager.dll [2015.08.18 09:13:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupShim.dll [2015.08.18 09:12:20 | 000,692,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UMDF\NfcCx.dll [2015.08.18 09:12:18 | 002,225,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkMobileSettings.dll [2015.08.18 09:04:20 | 000,859,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\modernexecserver.dll [2015.08.18 09:04:14 | 001,234,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe [2015.08.18 08:59:35 | 001,294,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcnwiz.dll [2015.08.18 08:59:02 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnApi.dll [2015.08.18 08:58:46 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WcnNetsh.dll [2015.08.18 08:58:34 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fdWCN.dll [2015.08.18 08:58:31 | 000,117,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafWCN.dll [2015.08.18 08:58:25 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupSvc.dll [2015.08.18 08:57:54 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wfdprov.dll [2015.08.18 08:56:48 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BthRadioMedia.dll [2015.08.18 08:55:01 | 002,178,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll [2015.08.18 08:54:11 | 000,247,296 | ---- | M] () -- C:\WINDOWS\SysNative\facecredentialprovider.dll [2015.08.18 08:54:03 | 000,322,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vaultsvc.dll [2015.08.18 08:52:26 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll [2015.08.18 08:50:04 | 001,795,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll [2015.08.18 08:49:52 | 001,061,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll [2015.08.18 08:49:20 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PackageStateRoaming.dll [2015.08.18 08:49:03 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupShim.dll [2015.08.18 08:36:08 | 001,226,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wcnwiz.dll [2015.08.18 08:35:49 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WcnApi.dll [2015.08.18 08:34:44 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wfdprov.dll [2015.08.18 08:29:11 | 001,593,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll [2015.08.18 08:26:08 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PackageStateRoaming.dll [2015.08.18 06:44:12 | 000,008,847 | ---- | M] () -- C:\WINDOWS\SysNative\ResPriHMImageList [2015.08.15 00:46:36 | 003,933,496 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\SysNative\LogiLDA.DLL [2015.08.15 00:46:36 | 002,458,936 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\SysNative\LdaCx2.dll [2015.08.15 00:46:36 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcr110.dll [2015.08.15 00:46:36 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcp110.dll [2015.08.15 00:46:36 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vccorlib110.dll [2015.08.13 17:32:39 | 000,345,080 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2015.08.13 06:22:26 | 002,093,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll [2015.08.13 06:20:39 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll [2015.08.13 05:53:21 | 000,311,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll [2015.08.11 12:04:24 | 002,462,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll [2015.08.11 12:04:23 | 004,532,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [2015.08.11 12:04:15 | 001,087,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll [2015.08.11 12:03:09 | 000,442,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys [2015.08.11 12:02:57 | 000,554,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\directmanipulation.dll [2015.08.11 12:02:56 | 000,080,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\stornvme.sys [2015.08.11 12:02:49 | 000,292,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockAppHost.exe [2015.08.11 11:52:49 | 000,993,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll [2015.08.11 11:50:47 | 001,643,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll [2015.08.11 11:40:22 | 004,048,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe [2015.08.11 11:40:12 | 000,918,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll [2015.08.11 11:40:08 | 002,151,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll [2015.08.11 11:38:22 | 000,454,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\directmanipulation.dll [2015.08.11 11:37:48 | 000,243,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LockAppHost.exe [2015.08.11 11:26:03 | 000,845,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll [2015.08.11 11:23:59 | 016,706,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll [2015.08.11 11:21:13 | 000,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringservice.dll [2015.08.11 11:21:04 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tetheringclient.dll [2015.08.11 11:20:02 | 000,483,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneDriveSettingSyncProvider.dll [2015.08.11 11:19:45 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_Notifications.dll [2015.08.11 11:18:44 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll [2015.08.11 11:16:32 | 002,416,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll [2015.08.11 11:14:02 | 000,404,480 | ---- | M] () -- C:\WINDOWS\SysNative\diagtrack_wininternal.dll [2015.08.11 11:13:42 | 000,413,184 | ---- | M] () -- C:\WINDOWS\SysNative\diagtrack_win.dll [2015.08.11 11:11:40 | 002,446,336 | ---- | M] () -- C:\WINDOWS\SysNative\InputService.dll [2015.08.11 11:11:18 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe [2015.08.11 11:10:47 | 000,293,376 | ---- | M] () -- C:\WINDOWS\SysNative\TextInputFramework.dll [2015.08.11 11:10:12 | 000,324,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2015.08.11 11:10:06 | 000,778,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll [2015.08.11 11:09:55 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuautoappupdate.dll [2015.08.11 11:08:04 | 000,893,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApiPublic.dll [2015.08.11 11:08:04 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApi.dll [2015.08.11 11:07:52 | 000,593,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wcmsvc.dll [2015.08.11 11:07:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeParserTask.exe [2015.08.11 11:06:19 | 007,523,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll [2015.08.11 11:05:48 | 000,342,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationGeofences.dll [2015.08.11 11:05:27 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFramework.dll [2015.08.11 11:05:23 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFrameworkInternalPS.dll [2015.08.11 11:05:20 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationPermissions.dll [2015.08.11 11:05:10 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll [2015.08.11 11:05:07 | 003,527,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tquery.dll [2015.08.11 11:03:09 | 002,558,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll [2015.08.11 11:02:53 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cloudAP.dll [2015.08.11 11:02:15 | 000,621,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll [2015.08.11 11:02:08 | 003,588,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys [2015.08.11 11:01:38 | 001,334,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll [2015.08.11 11:00:45 | 000,336,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchProtocolHost.exe [2015.08.11 11:00:06 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\syncutil.dll [2015.08.11 10:59:51 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll [2015.08.11 10:59:33 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tetheringclient.dll [2015.08.11 10:59:27 | 000,642,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdbui.dll [2015.08.11 10:58:11 | 000,372,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll [2015.08.11 10:57:51 | 013,024,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll [2015.08.11 10:57:31 | 000,971,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UMDF\WpdMtpDr.dll [2015.08.11 10:57:12 | 000,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll [2015.08.11 10:51:35 | 001,916,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll [2015.08.11 10:51:33 | 001,823,232 | ---- | M] () -- C:\WINDOWS\SysWow64\InputService.dll [2015.08.11 10:50:59 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll [2015.08.11 10:50:58 | 000,200,704 | ---- | M] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll [2015.08.11 10:50:47 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GamePanel.exe [2015.08.11 10:49:50 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll [2015.08.11 10:49:30 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2015.08.11 10:48:25 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApiPublic.dll [2015.08.11 10:47:09 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApi.dll [2015.08.11 10:43:39 | 002,748,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tquery.dll [2015.08.11 10:42:33 | 005,454,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll [2015.08.11 10:40:32 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll [2015.08.11 10:40:12 | 001,112,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll [2015.08.11 10:38:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll ========== Files Created - No Company Name ========== [2015.09.09 19:19:17 | 000,002,231 | ---- | C] () -- C:\Users\zorro\Desktop\HijackThis - CHIP Downloader.lnk [2015.09.09 18:36:17 | 000,016,148 | ---- | C] () -- C:\WINDOWS\SysNative\ZORRO-LAPTOP_zorro_HistoryPrediction.bin [2015.09.07 05:20:52 | 000,000,220 | ---- | C] () -- C:\Users\zorro\Desktop\Deus Ex Game of the Year Edition.url [2015.09.03 16:26:53 | 000,002,421 | ---- | C] () -- C:\Users\zorro\Desktop\Ubi Soft Product Registration.lnk [2015.09.03 16:25:47 | 000,069,632 | ---- | C] () -- C:\WINDOWS\SysWow64\xmltok.dll [2015.09.03 16:25:47 | 000,036,864 | ---- | C] () -- C:\WINDOWS\SysWow64\xmlparse.dll [2015.09.03 16:25:47 | 000,035,840 | ---- | C] () -- C:\WINDOWS\SysWow64\comdlg32.oca [2015.09.03 16:25:47 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\MSINET.oca [2015.09.03 16:22:32 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Splinter Cell spielen.lnk [2015.08.31 13:56:49 | 002,498,808 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll [2015.08.31 13:56:48 | 001,771,592 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll [2015.08.31 13:56:46 | 000,247,296 | ---- | C] () -- C:\WINDOWS\SysNative\facecredentialprovider.dll [2015.08.31 13:56:46 | 000,008,847 | ---- | C] () -- C:\WINDOWS\SysNative\ResPriHMImageList [2015.08.19 13:48:13 | 002,446,336 | ---- | C] () -- C:\WINDOWS\SysNative\InputService.dll [2015.08.19 13:48:12 | 001,823,232 | ---- | C] () -- C:\WINDOWS\SysWow64\InputService.dll [2015.08.19 13:48:11 | 000,404,480 | ---- | C] () -- C:\WINDOWS\SysNative\diagtrack_wininternal.dll [2015.08.19 13:48:10 | 000,413,184 | ---- | C] () -- C:\WINDOWS\SysNative\diagtrack_win.dll [2015.08.19 13:48:09 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysNative\TextInputFramework.dll [2015.08.19 13:48:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\TextInputFramework.dll [2015.07.30 22:45:32 | 000,194,544 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2015.07.30 22:45:32 | 000,152,560 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll [2015.07.10 14:20:52 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2015.07.10 13:04:39 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2015.07.10 13:04:38 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2015.07.10 13:00:35 | 000,161,632 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll [2015.07.10 13:00:33 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2015.07.10 13:00:32 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2015.07.10 13:00:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll [2015.07.10 13:00:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe [2015.07.10 13:00:29 | 000,081,408 | ---- | C] () -- C:\WINDOWS\SysWow64\InputLocaleManager.dll [2015.07.10 13:00:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll [2015.07.10 13:00:29 | 000,053,760 | ---- | C] () -- C:\WINDOWS\SysWow64\WpKbdLayout.dll [2015.07.10 13:00:29 | 000,022,016 | ---- | C] () -- C:\WINDOWS\SysWow64\WordBreakers.dll [2015.07.10 13:00:28 | 000,270,848 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll [2015.07.10 13:00:27 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2015.07.10 13:00:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll [2015.07.10 13:00:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2015.07.10 13:00:24 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat [2015.07.10 12:59:51 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2015.03.24 17:24:24 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2015.01.10 20:31:22 | 001,684,094 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\windows.storage.dll -- [2015.08.02 17:58:45 | 006,488,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\windows.storage.dll -- [2015.08.02 17:58:45 | 005,118,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015.07.10 12:59:53 | 000,995,328 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2015.07.10 13:00:23 | 000,754,688 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015.07.10 12:59:55 | 000,516,096 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\zorro\OneDrive:ms-properties < End of report > Geändert von Zrow (09.09.2015 um 19:29 Uhr) |
|
09.09.2015, 19:08
| #4 |
| | Inkasso Trojaner Ok hier die beiden Textdateien. |
|
10.09.2015, 18:18
| #5 |
| | Inkasso Trojaner Sry, hab den Post erst gesehen, nachdem ich die OTL docs schon gepostet hatte. Ich will wirklich niemanden stressen, aber es wär echt cool wenn mir jemand weitere Anweisungen geben könnte. Ich brauch den Laptop grade wirkllich dringend zum arbeiten. |
|
11.09.2015, 06:29
| #6 |
| /// the machine /// TB-Ausbilder | Inkasso Trojaner Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Und das bumpen des threads bringt so wirklich gar nix, weil Ihr dann ans Ende der Liste rutscht.
__________________ --> Inkasso Trojaner |
|
11.09.2015, 10:51
| #7 |
| | Inkasso Trojaner ok, hier sind Frst.txt und Addition.txt. Sry das mit den klammern hatte ich überlesen Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015 durchgeführt von zorro (Administrator) auf ZORRO-LAPTOP (09-09-2015 20:05:00) Gestartet von C:\Users\zorro\Downloads Geladene Profile: zorro (Verfügbare Profile: zorro) Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Edge) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard) C:\Windows\System32\hpservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe (Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\2.30.57\LogiOptionsMgr.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Microsoft Corporation) C:\Users\zorro\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe () C:\Program Files\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\sfc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe (OldTimer Tools) C:\Users\zorro\Downloads\OTL.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [LogiOptionsAppBroker] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1549256 2015-08-04] (Logitech, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-30] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation) HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2015-01-19] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [OneDrive] => C:\Users\zorro\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation) HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.) HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [hopeagree] => C:\Users\zorro\AppData\Local\Temp\Hope-review\hopeweigh.exe [92672 2015-09-09] () <===== ACHTUNG HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\RunOnce: [hopeagree] => C:\Users\zorro\AppData\Local\Temp\Hope-review\hopeweigh.exe [92672 2015-09-09] () <===== ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{e88830a0-70b1-4852-badf-bec964923f4e}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-58352319-3725806726-3140065513-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2015-03-01] (DVDVideoSoft Ltd.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-03-01] (DVDVideoSoft Ltd.) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default FF NewTab: hxxp://www.google.de FF Homepage: hxxps://www.google.de/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\user.js [2015-06-27] FF Extension: Avira Browser Safety - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\abs@avira.com [2015-08-12] FF Extension: YouTube Unblocker - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-09-01] FF Extension: Ghostery - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\firefox@ghostery.com.xpi [2015-01-31] FF Extension: {88309fd1-cacd-4904-9730-a0786869d225} - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{88309fd1-cacd-4904-9730-a0786869d225}.xpi [2015-06-26] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-03-12] FF Extension: Adblock Plus - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04] FF Extension: PDFAddon - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{e337fd67-0148-4d1a-8cb6-1d7085814f28}.xpi [2015-07-20] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-04] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-30] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-30] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-30] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-07] (Qualcomm Atheros Communications, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-08-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG) S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.) S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-09 20:05 - 2015-09-09 20:05 - 00016906 _____ C:\Users\zorro\Downloads\FRST.txt 2015-09-09 20:04 - 2015-09-09 20:05 - 00000000 ____D C:\FRST 2015-09-09 20:04 - 2015-09-09 20:04 - 02190336 _____ (Farbar) C:\Users\zorro\Downloads\FRST64.exe 2015-09-09 19:56 - 2015-09-09 19:56 - 00216722 _____ C:\Users\zorro\Desktop\OTL.Txt 2015-09-09 19:56 - 2015-09-09 19:56 - 00092536 _____ C:\Users\zorro\Desktop\Extras.Txt 2015-09-09 19:19 - 2015-09-09 19:19 - 00002231 _____ C:\Users\zorro\Desktop\HijackThis - CHIP Downloader.lnk 2015-09-09 19:05 - 2015-09-09 19:22 - 00012989 _____ C:\Users\zorro\Desktop\hijackthis.log 2015-09-09 18:56 - 2015-09-09 18:56 - 01162528 _____ C:\Users\zorro\Downloads\HijackThis - CHIP-Installer.exe 2015-09-09 18:51 - 2015-09-09 19:56 - 00216722 _____ C:\Users\zorro\Downloads\OTL.Txt 2015-09-09 18:51 - 2015-09-09 19:24 - 00092536 _____ C:\Users\zorro\Downloads\Extras.Txt 2015-09-09 18:45 - 2015-09-09 18:45 - 00602112 _____ (OldTimer Tools) C:\Users\zorro\Downloads\OTL.exe 2015-09-09 18:36 - 2015-09-09 18:36 - 00016148 _____ C:\WINDOWS\system32\ZORRO-LAPTOP_zorro_HistoryPrediction.bin 2015-09-09 18:10 - 2015-09-09 18:10 - 00000000 ____D C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH-1 2015-09-09 18:00 - 2015-09-09 18:00 - 00000000 ____D C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH 2015-09-07 19:43 - 2015-09-07 19:43 - 04318760 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys 2015-09-07 05:20 - 2015-09-07 05:20 - 00000220 _____ C:\Users\zorro\Desktop\Deus Ex Game of the Year Edition.url 2015-09-03 16:26 - 2015-09-03 16:26 - 00002421 _____ C:\Users\zorro\Desktop\Ubi Soft Product Registration.lnk 2015-09-03 16:25 - 2015-09-03 15:28 - 00505104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll 2015-09-03 16:25 - 2015-09-03 15:28 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx 2015-09-03 16:25 - 2015-09-03 15:28 - 00115016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.OCX 2015-09-03 16:25 - 2015-09-03 15:28 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL 2015-09-03 16:25 - 2015-09-03 15:28 - 00069632 _____ C:\WINDOWS\SysWOW64\xmltok.dll 2015-09-03 16:25 - 2015-09-03 15:28 - 00036864 _____ C:\WINDOWS\SysWOW64\xmlparse.dll 2015-09-03 16:25 - 2015-09-03 15:28 - 00035840 _____ C:\WINDOWS\SysWOW64\comdlg32.oca 2015-09-03 16:25 - 2015-09-03 15:28 - 00029184 _____ C:\WINDOWS\SysWOW64\MSINET.oca 2015-09-03 16:25 - 2015-09-03 15:28 - 00028432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxmlr.dll 2015-09-03 16:25 - 2015-09-03 15:28 - 00026096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmlinst.exe 2015-09-03 16:25 - 2015-09-03 15:28 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll 2015-09-03 16:22 - 2015-09-03 16:25 - 00000000 ____D C:\Program Files (x86)\Ubi Soft 2015-09-03 16:22 - 2015-09-03 16:22 - 00001094 _____ C:\Users\Public\Desktop\Splinter Cell spielen.lnk 2015-09-03 16:22 - 2015-09-03 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft 2015-08-31 13:56 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-08-31 13:56 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-08-31 13:56 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-08-31 13:56 - 2015-08-20 07:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-08-31 13:56 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2015-08-31 13:56 - 2015-08-20 07:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-08-31 13:56 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2015-08-31 13:56 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-08-31 13:56 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-08-31 13:56 - 2015-08-20 06:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-08-31 13:56 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-08-31 13:56 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2015-08-31 13:56 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-08-31 13:56 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-08-31 13:56 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-08-31 13:56 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-08-31 13:56 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2015-08-31 13:56 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-08-31 13:56 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2015-08-31 13:56 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2015-08-31 13:56 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-08-31 13:56 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll 2015-08-31 13:56 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll 2015-08-31 13:56 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2015-08-31 13:56 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll 2015-08-31 13:56 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll 2015-08-31 13:56 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll 2015-08-31 13:56 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2015-08-31 13:56 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll 2015-08-31 13:56 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-08-31 13:56 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll 2015-08-31 13:56 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll 2015-08-31 13:56 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-08-31 13:56 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-08-31 13:56 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2015-08-31 13:56 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2015-08-31 13:56 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll 2015-08-31 13:56 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll 2015-08-31 13:56 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll 2015-08-31 13:56 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll 2015-08-31 13:56 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2015-08-31 13:56 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-08-31 13:56 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2015-08-31 13:56 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList 2015-08-19 13:48 - 2015-08-13 06:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-08-19 13:48 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2015-08-19 13:48 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2015-08-19 13:48 - 2015-08-13 06:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-08-19 13:48 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2015-08-19 13:48 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-08-19 13:48 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-08-19 13:48 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-08-19 13:48 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2015-08-19 13:48 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2015-08-19 13:48 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2015-08-19 13:48 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2015-08-19 13:48 - 2015-08-11 11:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-08-19 13:48 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2015-08-19 13:48 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2015-08-19 13:48 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-08-19 13:48 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-08-19 13:48 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-08-19 13:48 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2015-08-19 13:48 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2015-08-19 13:48 - 2015-08-11 11:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-08-19 13:48 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2015-08-19 13:48 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-08-19 13:48 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-08-19 13:48 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2015-08-19 13:48 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2015-08-19 13:48 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2015-08-19 13:48 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2015-08-19 13:48 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-08-19 13:48 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll 2015-08-19 13:48 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll 2015-08-19 13:48 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll 2015-08-19 13:48 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2015-08-19 13:48 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-08-19 13:48 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-08-19 13:48 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll 2015-08-19 13:48 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2015-08-19 13:48 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2015-08-19 13:48 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-08-19 13:48 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-08-19 13:48 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-08-19 13:48 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe 2015-08-19 13:48 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-08-19 13:48 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2015-08-19 13:48 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2015-08-19 13:48 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-08-19 13:48 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll 2015-08-19 13:48 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2015-08-19 13:48 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll 2015-08-19 13:48 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll 2015-08-19 13:48 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2015-08-19 13:48 - 2015-08-11 11:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-08-19 13:48 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-08-19 13:48 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2015-08-19 13:48 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-08-19 13:48 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2015-08-19 13:48 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll 2015-08-19 13:48 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2015-08-19 13:48 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll 2015-08-19 13:48 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2015-08-19 13:48 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll 2015-08-19 13:48 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2015-08-19 13:48 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-08-19 13:48 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll 2015-08-19 13:48 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-08-19 13:48 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll 2015-08-19 13:48 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2015-08-19 13:48 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll 2015-08-19 13:48 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2015-08-19 13:48 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-08-19 13:48 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-08-19 13:48 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2015-08-19 13:48 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-08-19 13:48 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2015-08-19 13:48 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2015-08-19 13:48 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-08-19 13:48 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2015-08-19 13:48 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-08-19 13:48 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2015-08-19 13:48 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll 2015-08-15 00:48 - 2015-08-15 12:37 - 00000000 ____D C:\ProgramData\Logishrd 2015-08-15 00:48 - 2015-08-15 00:48 - 00000000 ____D C:\Users\zorro\AppData\Roaming\Logishrd 2015-08-15 00:48 - 2015-08-15 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-08-15 00:48 - 2015-08-15 00:48 - 00000000 ____D C:\Program Files\Logitech 2015-08-15 00:46 - 2015-08-15 00:46 - 03933496 _____ (Logitech, Inc.) C:\WINDOWS\system32\LogiLDA.DLL 2015-08-15 00:46 - 2015-08-15 00:46 - 02458936 _____ (Logitech, Inc.) C:\WINDOWS\system32\LdaCx2.dll 2015-08-15 00:46 - 2015-08-15 00:46 - 00828872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll 2015-08-15 00:46 - 2015-08-15 00:46 - 00661448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll 2015-08-15 00:46 - 2015-08-15 00:46 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib110.dll 2015-08-11 20:58 - 2015-08-08 09:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-08-11 20:58 - 2015-08-08 09:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2015-08-11 20:58 - 2015-08-08 09:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-08-11 20:58 - 2015-08-08 08:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2015-08-11 20:58 - 2015-08-08 08:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-08-11 20:58 - 2015-08-08 08:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2015-08-11 20:58 - 2015-08-08 08:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2015-08-11 20:58 - 2015-08-08 08:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-08-11 20:58 - 2015-08-08 08:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2015-08-11 20:58 - 2015-08-06 05:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys 2015-08-11 20:58 - 2015-08-06 05:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2015-08-11 20:58 - 2015-08-06 04:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2015-08-11 20:58 - 2015-08-05 06:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2015-08-11 20:58 - 2015-08-05 06:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2015-08-11 20:58 - 2015-08-05 06:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll 2015-08-11 20:58 - 2015-08-05 05:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2015-08-11 20:58 - 2015-08-05 05:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-08-11 20:58 - 2015-08-05 05:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll 2015-08-11 20:58 - 2015-08-04 06:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2015-08-11 20:58 - 2015-08-04 06:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-08-11 20:58 - 2015-08-04 06:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-08-11 20:58 - 2015-08-04 05:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2015-08-11 20:58 - 2015-08-04 04:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2015-08-11 20:58 - 2015-08-04 04:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2015-08-11 20:58 - 2015-08-03 04:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll 2015-08-11 20:58 - 2015-08-03 04:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll 2015-08-11 20:58 - 2015-08-03 04:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2015-08-11 20:58 - 2015-08-03 04:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2015-08-11 20:58 - 2015-08-03 04:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2015-08-11 20:58 - 2015-08-03 04:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2015-08-11 20:58 - 2015-08-03 04:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2015-08-11 20:58 - 2015-08-03 04:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys 2015-08-11 20:58 - 2015-08-03 04:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-08-11 20:58 - 2015-08-03 04:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys 2015-08-11 20:58 - 2015-08-03 04:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2015-08-11 20:58 - 2015-08-03 03:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2015-08-11 20:58 - 2015-08-03 03:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2015-08-11 20:58 - 2015-08-03 03:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2015-08-11 20:58 - 2015-08-03 03:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll 2015-08-11 20:58 - 2015-08-03 03:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2015-08-11 20:58 - 2015-08-03 03:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2015-08-11 20:58 - 2015-08-03 03:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll 2015-08-11 20:58 - 2015-08-03 03:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2015-08-11 20:58 - 2015-08-03 03:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2015-08-11 20:58 - 2015-08-03 03:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2015-08-11 20:58 - 2015-08-03 03:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2015-08-11 20:58 - 2015-08-03 03:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll 2015-08-11 20:58 - 2015-08-03 03:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe 2015-08-11 20:58 - 2015-08-03 03:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe 2015-08-11 20:58 - 2015-08-03 03:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-08-11 20:58 - 2015-08-03 03:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-08-11 20:58 - 2015-08-03 03:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2015-08-11 20:58 - 2015-08-03 03:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll 2015-08-11 20:58 - 2015-08-03 03:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2015-08-11 20:58 - 2015-08-03 03:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2015-08-11 20:58 - 2015-08-03 03:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll 2015-08-11 20:58 - 2015-08-03 03:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2015-08-11 20:58 - 2015-08-03 03:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2015-08-11 20:58 - 2015-08-03 03:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2015-08-11 20:58 - 2015-08-03 03:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2015-08-11 20:58 - 2015-08-03 03:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2015-08-11 20:58 - 2015-08-03 03:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll 2015-08-11 20:58 - 2015-08-03 03:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2015-08-11 20:58 - 2015-08-03 03:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe 2015-08-11 20:58 - 2015-08-03 03:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2015-08-11 20:58 - 2015-08-03 03:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2015-08-11 20:58 - 2015-08-03 03:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2015-08-11 20:58 - 2015-08-03 03:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-08-11 20:58 - 2015-08-03 02:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-09 19:44 - 2015-01-13 19:44 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-09-09 19:36 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-09-09 19:33 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-09-09 19:26 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-09-09 19:15 - 2015-08-09 14:24 - 00000000 ____D C:\Users\zorro\AppData\Roaming\Skype 2015-09-09 18:53 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-09-09 17:56 - 2015-01-28 03:23 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 17:55 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-09-09 17:30 - 2015-01-11 02:38 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-09 15:36 - 2015-08-02 17:16 - 01793546 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-09-09 15:36 - 2015-07-10 18:34 - 00773380 _____ C:\WINDOWS\system32\perfh007.dat 2015-09-09 15:36 - 2015-07-10 18:34 - 00154706 _____ C:\WINDOWS\system32\perfc007.dat 2015-09-09 15:34 - 2015-01-10 22:38 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA220534-56FD-4E55-902A-3BFAB4995E34} 2015-09-09 15:29 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-09-09 00:10 - 2015-01-10 22:46 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-09 00:10 - 2015-01-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-09-07 19:32 - 2015-03-28 03:23 - 00000000 ____D C:\Users\zorro\Desktop\Tor Browser 2015-09-06 14:45 - 2015-08-02 17:06 - 00000000 ____D C:\Users\zorro 2015-09-04 01:12 - 2015-05-03 01:04 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2015-09-03 17:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache 2015-09-03 16:22 - 2015-01-10 19:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2015-09-01 14:55 - 2015-01-10 18:29 - 00000000 ____D C:\Users\zorro\AppData\Local\Packages 2015-09-01 03:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-09-01 03:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2015-09-01 03:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-09-01 03:16 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2015-09-01 02:25 - 2015-05-10 20:56 - 00000000 ____D C:\Program Files (x86)\Wolfenstein - Enemy Territory 2015-08-22 15:00 - 2015-07-10 14:20 - 00017055 _____ C:\WINDOWS\setupact.log 2015-08-20 19:24 - 2015-08-02 17:15 - 00002396 _____ C:\Users\zorro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-08-20 19:24 - 2015-01-28 01:55 - 00000000 __RDO C:\Users\zorro\OneDrive 2015-08-19 14:08 - 2015-08-02 17:13 - 00000000 ____D C:\Users\zorro\AppData\Local\Comms 2015-08-13 17:32 - 2015-07-10 14:20 - 00345080 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-13 17:31 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-13 17:31 - 2015-07-10 13:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-08-13 17:31 - 2015-01-10 22:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-12 22:20 - 2015-01-10 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-12 22:19 - 2015-01-10 22:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-08-12 22:19 - 2015-01-10 19:57 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-08-12 22:17 - 2015-01-10 19:57 - 132483416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-08-12 17:44 - 2015-01-13 19:44 - 00003870 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\Users\zorro\AppData\Local\Temp\Hope-review\hopeweigh.exe Einige Dateien in TEMP: ==================== C:\Users\zorro\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-01 15:03 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-09-2015
durchgeführt von zorro (2015-09-09 20:05:34)
Gestartet von C:\Users\zorro\Downloads
Windows 10 Home (X64) (2015-08-02 15:12:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-58352319-3725806726-3140065513-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-58352319-3725806726-3140065513-503 - Limited - Disabled)
Gast (S-1-5-21-58352319-3725806726-3140065513-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-58352319-3725806726-3140065513-1003 - Limited - Enabled)
zorro (S-1-5-21-58352319-3725806726-3140065513-1001 - Administrator - Enabled) => C:\Users\zorro
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blobby Volley 2 Version 1.0 (HKLM-x32\...\Blobby Volley 2 Version 1.0_is1) (Version: - )
Brother MFL-Pro Suite DCP-195C (HKLM-x32\...\{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Cthulhu Saves the World (HKLM-x32\...\Steam App 107310) (Version: - Zeboyd Games)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Ion Storm)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dynamo Combo (HKLM\...\Dynamo Combo) (Version: 2015.01.10.162252 - Dynamo Combo) <==== ACHTUNG
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)
Free YouTube Download version 3.2.59.616 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.59.616 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.59.616 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.616 - DVDVideoSoft Ltd.)
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version: - )
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Heroes of Might & Magic III - HD Edition (HKLM-x32\...\Steam App 297000) (Version: - DotEmu)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
HP 3D DriveGuard (HKLM\...\{9B6079F8-EBA2-4C55-96A6-325E8E22DF0C}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.12.1002 - Intel Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
RUMP! - It's a Jump and Rump! Demo (HKLM-x32\...\Steam App 358910) (Version: - Dedication Labs)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steamless Counter Strike Source Pack (HKLM-x32\...\Steamless Counter Strike Source Pack) (Version: 1.0 - Steamless)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
Tom Clancy's Splinter Cell (HKLM-x32\...\{A174402A-2EE6-4B86-A930-7BC85A9933BD}) (Version: 1.00.000 - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.4 - Ubisoft)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version: - Team17 Digital Ltd.)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-58352319-3725806726-3140065513-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\zorro\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0A8CD8B1-883C-4309-BAF1-C821BDC31230} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {147D7327-B9ED-4A91-BA9C-D8D7102EADEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1D185566-FF37-4045-920E-0A0199ABA36E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {477A84D1-1861-4877-9A5A-97A21C79F690} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {49815E73-CA38-4214-A3E0-EA6ACACAD908} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {614976EB-E692-449F-981E-1BD1D5B4342D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {62CDCA35-B49F-4CBA-87CB-7631C890CA60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {67131883-36B0-4C9C-977B-CAFF25E3A47B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-02] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {BE9C0A31-55EE-4C18-8D9F-E0AFBBA827C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C15AA18C-6F97-4105-9DE2-ACC48FB4D563} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {C163B268-6F9D-4082-88E4-88CDF333D9AA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CA54D167-080A-40C2-97E7-6B07AB4330E2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EE15EA67-E103-42A7-9B7F-1AB13C27045A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {F80325AE-DBD8-4332-B643-76E926605A3A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-02 17:58 - 2015-08-02 17:58 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 13:48 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-31 13:56 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-31 13:56 - 2015-08-18 09:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-11 20:58 - 2015-08-03 03:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-19 13:48 - 2015-08-11 10:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 20:58 - 2015-08-03 03:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:45 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-30 10:19 - 2015-08-30 10:19 - 08241152 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-08-30 10:19 - 2015-08-30 10:19 - 02238976 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.8.25.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2015-09-09 15:34 - 2015-09-09 15:34 - 00007680 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.exe
2015-07-10 18:50 - 2015-07-10 18:50 - 00117920 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.12711.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2015-07-10 12:59 - 2015-07-10 12:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 20:58 - 2015-08-03 03:30 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-01-11 02:41 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-26 16:20 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-11 02:41 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-26 16:20 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-26 16:20 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-11 02:41 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-11 02:41 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-11 02:41 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-11 02:41 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-11 02:41 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-11 02:41 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 16:52 - 2015-07-27 03:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-01-11 02:41 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-24 17:32 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-01-10 18:38 - 2013-01-14 11:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-09-09 15:34 - 2015-09-09 15:34 - 11188224 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Sports.dll
2015-07-10 18:53 - 2015-07-10 18:53 - 06459392 _____ () C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x86__8wekyb3d8bbwe\SharedLibrary.dll
2015-09-09 15:34 - 2015-09-09 15:34 - 00970240 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\SQLiteWrapper.dll
2015-08-04 19:43 - 2015-08-04 19:43 - 03517616 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2015-09-09 15:34 - 2015-09-09 15:34 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingSports_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\zorro\OneDrive:ms-properties
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zorro\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\hintergrundbild der windows-fotoanzeige.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{88E817A3-3C18-4142-A81D-6F780729126C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{8F02F245-2971-437A-AEF9-4802F49F8692}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsRevolution\WormsRevolution.exe
FirewallRules: [{D39A5BEA-05C2-4D53-8E9F-719B6B421516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RUMPdemo\RumpC.exe
FirewallRules: [{46B3D518-549E-4FFD-A3E3-DB142340D9BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RUMPdemo\RumpC.exe
FirewallRules: [{E0C29C11-7BDE-4972-829E-D4C43710276E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{C636658A-BA4F-43A5-BB69-20BBE5B659F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{280589F5-B889-4588-B39D-D7536981EFDC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0C15C7E1-8386-4E12-9702-F6CB314119BD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FF5133EC-C28B-4006-8097-A837BDFF8707}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3FD12FFC-E9BD-44D3-A0F5-B899098AF0B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{95563EA4-0BBB-432E-92E9-76FB2AB2F295}C:\program files (x86)\wolfenstein - enemy territory\etded.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\etded.exe
FirewallRules: [TCP Query User{ACEC44A8-3A20-4FB0-AF97-C6F75BC7209F}C:\program files (x86)\wolfenstein - enemy territory\etded.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\etded.exe
FirewallRules: [UDP Query User{44E289EA-1D5E-4A25-A2AF-CC0637C46261}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [TCP Query User{E356E0A9-5141-4F8C-813D-1DEE0052ADA0}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{5BAC27D0-B0B9-4EFF-A919-A209B77BFE43}C:\program files (x86)\warsow 1.51\warsow_x64.exe] => (Block) C:\program files (x86)\warsow 1.51\warsow_x64.exe
FirewallRules: [TCP Query User{863AB632-613F-4BCA-96EE-154CBC25D96D}C:\program files (x86)\warsow 1.51\warsow_x64.exe] => (Block) C:\program files (x86)\warsow 1.51\warsow_x64.exe
FirewallRules: [{D90BC1D5-2FBE-469E-9AEA-24A19A5637C7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{F8510591-E81F-4AA1-88A9-A5824A38FCC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{254E2C89-B78C-4818-940D-E6CDF6CFEF08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [{CCEA3FEE-94FA-4A31-9381-58F70BF8C056}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guacamelee\Guac.exe
FirewallRules: [UDP Query User{E9B2134E-6BB6-4CBB-BFA6-9BAF941C46D9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{9618E234-B522-43A0-B43E-C1BCC3DAE638}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{7E2767E6-9022-47DC-9D11-5DE3A4096682}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{873F5F70-4231-4870-AAFF-E6465A39FCCE}C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{182F7F39-DA35-4588-9379-3A1EC4AC0779}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8080AD72-9A30-4E39-9228-E38DCD740498}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C50C864D-62B8-4356-92E9-944C6B84A6C3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0C78AE98-1B05-4BA7-9B20-0A3C40D85985}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9DE67F7A-2959-457A-8C2B-E458C0030E5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{D270D785-097F-462E-86C7-E2998068D795}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{AA1F28CE-B42E-437A-8D32-8BB4D0C0BD9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{62004D6A-224D-4AB6-B312-12B3A905D46E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{E2C0534F-F0CD-4F59-B6D0-71DA05938256}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{AE0AE7ED-3DC0-4F3A-A5AD-4F74F7ADB7B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [UDP Query User{8CFDE323-14E2-4341-A608-575709EE2B07}C:\users\zorro\desktop\wc3\war3.exe] => (Allow) C:\users\zorro\desktop\wc3\war3.exe
FirewallRules: [TCP Query User{1D625235-F5D2-4EB5-8B41-8732450FEBE5}C:\users\zorro\desktop\wc3\war3.exe] => (Allow) C:\users\zorro\desktop\wc3\war3.exe
FirewallRules: [UDP Query User{C4EAE983-FF84-4B84-972A-4752A7039D90}C:\users\zorro\desktop\wc3\war3.exe] => (Allow) C:\users\zorro\desktop\wc3\war3.exe
FirewallRules: [TCP Query User{904AAEFB-4654-40C2-A801-26A4BD3CBF2B}C:\users\zorro\desktop\wc3\war3.exe] => (Allow) C:\users\zorro\desktop\wc3\war3.exe
FirewallRules: [{649509DB-A928-4307-8993-D897190C2497}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{B7BAC7C1-FED2-49C0-9506-E84FB07E95A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [UDP Query User{46A0F339-8BEC-455D-B549-C4DF815C4A39}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{165C5292-0A0F-4D44-9464-5B2CC39D07D7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{FA9E8B24-D367-4279-9884-F36C04215F97}C:\users\zorro\desktop\neuer ordner (2)\war3.exe] => (Allow) C:\users\zorro\desktop\neuer ordner (2)\war3.exe
FirewallRules: [TCP Query User{6E150A31-3EBF-41FC-AF69-BFA9BB5E1087}C:\users\zorro\desktop\neuer ordner (2)\war3.exe] => (Allow) C:\users\zorro\desktop\neuer ordner (2)\war3.exe
FirewallRules: [UDP Query User{CCA9F746-4034-4D89-8634-582778C21150}C:\program files (x86)\steamless counterstrikesource pack\hl2.exe] => (Allow) C:\program files (x86)\steamless counterstrikesource pack\hl2.exe
FirewallRules: [TCP Query User{9A10D762-BFBF-4152-B352-5E58EC325758}C:\program files (x86)\steamless counterstrikesource pack\hl2.exe] => (Allow) C:\program files (x86)\steamless counterstrikesource pack\hl2.exe
FirewallRules: [{274BFAB0-AAFF-4D7D-9748-E49672D0DE5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{DDD9016A-1721-4E1B-9619-58358CED802D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{EE3C0C1C-6A43-4C08-8146-F06D482206E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe
FirewallRules: [{82F9F5CF-58A6-438A-A4F1-C4699E00089C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes of Might & Magic III - HD Edition\HOMM3Launcher.exe
FirewallRules: [{5E6761FE-1E70-48DC-9840-8DA0A2F71CD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{E9D161EC-7023-4F1B-AB9F-09F8D557B257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{81A11CBB-9F14-42CA-85A9-6E8A70055B43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{AA6B42F2-9D58-4088-949F-9FBD47244057}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{561DB360-A538-466A-AA4F-B1FB19ED07A6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{8C6E3528-726B-4CA9-8DFE-4C3E0E48B80B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DCE6635E-E749-4F46-B2C4-91B87CAEF60E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6AD53BA6-F050-46FF-8329-A0A1C70E8E66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86671528-AB1B-471A-A53E-0FBC39CBDC4D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4923A298-68AB-4147-8B26-E1044731A739}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DCFD9477-8159-459A-8091-6CE11F265AEF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7195D08A-AB13-4E79-841F-BBC07E090308}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D4321356-6FA6-405D-8074-14069313C645}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{B10672E6-76E1-42D1-8534-96A3DC03444B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{29B814AE-DB85-4E2A-A2F5-3ECBFC21F234}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A43CFDA0-EEB6-4871-BF80-95F04B38A7FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{CF034321-1337-4BE1-BB39-762296C80347}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/09/2015 03:35:55 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1808) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/09/2015 03:35:55 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1808) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/09/2015 03:35:45 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1808) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/09/2015 03:35:45 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1808) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/09/2015 03:35:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1808) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/09/2015 03:35:35 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1808) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/09/2015 03:35:24 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1808) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/09/2015 03:35:24 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1808) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error: (09/09/2015 03:35:14 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1808) Es konnte keine neue Protokolldatei erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (09/09/2015 03:35:14 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1808) Der Versuch, die Datei "C:\WINDOWS\system32\edbtmp.log" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Systemfehler:
=============
Error: (09/09/2015 03:33:59 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (09/09/2015 03:32:59 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {BFE18E9C-6D87-4450-B37C-E02F0B373803}
Error: (09/09/2015 03:32:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (09/09/2015 03:32:24 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (09/09/2015 03:32:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (09/09/2015 03:32:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (09/09/2015 03:32:22 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (09/09/2015 03:32:21 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (09/09/2015 03:32:20 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (09/09/2015 03:32:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office:
=========================
Error: (09/09/2015 03:35:55 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost1808-1032
Error: (09/09/2015 03:35:55 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost1808C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert
Error: (09/09/2015 03:35:45 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost1808-1032
Error: (09/09/2015 03:35:45 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost1808C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert
Error: (09/09/2015 03:35:35 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost1808-1032
Error: (09/09/2015 03:35:35 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost1808C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert
Error: (09/09/2015 03:35:24 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost1808-1032
Error: (09/09/2015 03:35:24 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost1808C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert
Error: (09/09/2015 03:35:14 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost1808-1032
Error: (09/09/2015 03:35:14 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost1808C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Zugriff verweigert
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Prozentuale Nutzung des RAM: 51%
Installierter physikalischer RAM: 6036.27 MB
Verfügbarer physikalischer RAM: 2914.74 MB
Summe virtueller Speicher: 6996.27 MB
Verfügbarer virtueller Speicher: 3556.18 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:110 GB) (Free:9.04 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
Geändert von Zrow (11.09.2015 um 11:02 Uhr) |
|
12.09.2015, 09:37
| #8 |
| /// the machine /// TB-Ausbilder | Inkasso Trojaner Dann legen wir mal los: Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.09.2015, 02:53
| #9 |
| | Inkasso Trojaner Hi,der Revo Uninstaller findet leider kein Programm das Dynamo Combo heißt. Soll ich trotzdem mit dem Malwarebytes Anti-Rootkit fortfahren? Gruß, Zrow |
|
14.09.2015, 13:42
| #10 |
| /// the machine /// TB-Ausbilder | Inkasso Trojaner ja bitte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.09.2015, 15:10
| #11 |
| | Inkasso Trojaner Alles klar. Das Rootkit hat beim ersten Durchlauf was gefunden, beim zweiten nicht mehr. Ich poste das neuere Logfile hier. Gruß, Zrow. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org
Database version:
main: v2015.09.14.04
rootkit: v2015.08.16.01
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16431
zorro :: ZORRO-LAPTOP [administrator]
14.09.2015 15:36:17
mbar-log-2015-09-14 (15-36-17).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 390245
Time elapsed: 8 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 15:50:27.0338 0x1878 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
15:50:27.0340 0x1878 UEFI system
15:51:24.0636 0x1878 ============================================================
15:51:24.0636 0x1878 Current date / time: 2015/09/14 15:51:24.0636
15:51:24.0636 0x1878 SystemInfo:
15:51:24.0636 0x1878
15:51:24.0636 0x1878 OS Version: 10.0.10240 ServicePack: 0.0
15:51:24.0636 0x1878 Product type: Workstation
15:51:24.0636 0x1878 ComputerName: ZORRO-LAPTOP
15:51:24.0636 0x1878 UserName: zorro
15:51:24.0636 0x1878 Windows directory: C:\WINDOWS
15:51:24.0636 0x1878 System windows directory: C:\WINDOWS
15:51:24.0637 0x1878 Running under WOW64
15:51:24.0637 0x1878 Processor architecture: Intel x64
15:51:24.0637 0x1878 Number of processors: 4
15:51:24.0637 0x1878 Page size: 0x1000
15:51:24.0637 0x1878 Boot type: Normal boot
15:51:24.0637 0x1878 ============================================================
15:51:24.0687 0x1878 KLMD registered as C:\WINDOWS\system32\drivers\67415963.sys
15:51:24.0767 0x1878 System UUID: {993E9E3D-3DE8-DBE6-6C46-9C8B79941ADB}
15:51:25.0098 0x1878 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:51:25.0101 0x1878 ============================================================
15:51:25.0101 0x1878 \Device\Harddisk0\DR0:
15:51:25.0101 0x1878 GPT partitions:
15:51:25.0102 0x1878 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {8C25E724-C35F-46C3-AF58-7625AB5F79DF}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
15:51:25.0102 0x1878 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3EA3F072-96ED-4C21-8C4E-F2B92C095DFD}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x31800
15:51:25.0102 0x1878 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F5059C5F-9C35-49F0-A610-4C1B1B77692F}, Name: Microsoft reserved partition, StartLBA 0xC8000, BlocksNum 0x40000
15:51:25.0102 0x1878 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {13D41668-2AFD-4471-B1BE-BD3BE26977E9}, Name: Basic data partition, StartLBA 0x108000, BlocksNum 0xDC00126
15:51:25.0102 0x1878 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F7C117FD-2158-469E-AC30-A77371A40DC4}, Name: , StartLBA 0xDD08800, BlocksNum 0x1AB000
15:51:25.0102 0x1878 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FBF9393F-3B35-4951-B2C2-3852681814A9}, Name: , StartLBA 0xDEB3800, BlocksNum 0xE1000
15:51:25.0102 0x1878 MBR partitions:
15:51:25.0102 0x1878 ============================================================
15:51:25.0103 0x1878 C: <-> \Device\Harddisk0\DR0\Partition4
15:51:25.0103 0x1878 ============================================================
15:51:25.0103 0x1878 Initialize success
15:51:25.0103 0x1878 ============================================================
15:52:41.0214 0x1b30 ============================================================
15:52:41.0214 0x1b30 Scan started
15:52:41.0214 0x1b30 Mode: Manual; SigCheck; TDLFS;
15:52:41.0214 0x1b30 ============================================================
15:52:41.0214 0x1b30 KSN ping started
15:52:41.0245 0x1b30 KSN ping finished: false
15:52:41.0667 0x1b30 ================ Scan system memory ========================
15:52:41.0667 0x1b30 System memory - ok
15:52:41.0667 0x1b30 ================ Scan services =============================
15:52:41.0714 0x1b30 1394ohci - ok
15:52:41.0714 0x1b30 3ware - ok
15:52:41.0714 0x1b30 [ 1CFFE9C06E66A57DAE1452E449A58240, F337852EEF9DCF33FB1B85EEF61FA8D28A780B13488B144DFAD2234FC24CB430 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
15:52:41.0745 0x1b30 Accelerometer - ok
15:52:41.0761 0x1b30 ACPI - ok
15:52:41.0761 0x1b30 acpiex - ok
15:52:41.0761 0x1b30 acpipagr - ok
15:52:41.0761 0x1b30 AcpiPmi - ok
15:52:41.0776 0x1b30 acpitime - ok
15:52:41.0776 0x1b30 [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:52:41.0792 0x1b30 AdobeARMservice - ok
15:52:41.0823 0x1b30 [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:52:41.0823 0x1b30 AdobeFlashPlayerUpdateSvc - ok
15:52:41.0839 0x1b30 ADP80XX - ok
15:52:41.0839 0x1b30 AFD - ok
15:52:41.0839 0x1b30 agp440 - ok
15:52:41.0854 0x1b30 ahcache - ok
15:52:41.0854 0x1b30 AJRouter - ok
15:52:41.0854 0x1b30 ALG - ok
15:52:41.0854 0x1b30 AmdK8 - ok
15:52:41.0870 0x1b30 AmdPPM - ok
15:52:41.0870 0x1b30 amdsata - ok
15:52:41.0870 0x1b30 amdsbs - ok
15:52:41.0870 0x1b30 amdxata - ok
15:52:41.0901 0x1b30 [ 9FE1AC875A7AD7B7FF28FEC8B754968D, EEE04D4073E49332C85028B62E8A035EAA2284526A3F3820133492C8F8CBA3D5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
15:52:41.0933 0x1b30 AntiVirMailService - ok
15:52:41.0948 0x1b30 [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:52:41.0964 0x1b30 AntiVirSchedulerService - ok
15:52:41.0979 0x1b30 [ E20B4F23EB153635D67944F63454EC84, FEE76A74767CDB33415C64F08AE1FF248F505AF22C1F1BA1EBB5CC6A75E3926F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:52:41.0995 0x1b30 AntiVirService - ok
15:52:42.0026 0x1b30 [ D9A8EE3F4A1E604B9315B34A5AA4569E, 287BA8FA1949646E03D39F36F50C016251358A8A454EE19D249E76A723F1455E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
15:52:42.0058 0x1b30 AntiVirWebService - ok
15:52:42.0073 0x1b30 AppID - ok
15:52:42.0073 0x1b30 AppIDSvc - ok
15:52:42.0073 0x1b30 Appinfo - ok
15:52:42.0073 0x1b30 AppReadiness - ok
15:52:42.0089 0x1b30 AppXSvc - ok
15:52:42.0089 0x1b30 arcsas - ok
15:52:42.0089 0x1b30 AsyncMac - ok
15:52:42.0104 0x1b30 atapi - ok
15:52:42.0198 0x1b30 [ 3009647315A75D0BB08A6BFF8310FA70, FDBF7BE751C23EA40B6861D4EAD27007C81CA0A5AECBDAF9B6E4A39EC6F13625 ] athr C:\WINDOWS\System32\drivers\athw10x.sys
15:52:42.0354 0x1b30 athr - ok
15:52:42.0370 0x1b30 AudioEndpointBuilder - ok
15:52:42.0370 0x1b30 Audiosrv - ok
15:52:42.0370 0x1b30 [ A900ED612B02CB3A2A8028866ED62E72, 0A93B04E8796AC6F1B6C8C858F717A4C73C11BC0C99BF285A486E57DB30D7965 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:52:42.0386 0x1b30 avgntflt - ok
15:52:42.0401 0x1b30 [ 45061BD6F11B80BF1C07A9253A659BF1, 9A1AFE963672E23F3C19FACE2CEB64766C964B165ECB26F36B6FB5730CEAFD2D ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:52:42.0401 0x1b30 avipbb - ok
15:52:42.0417 0x1b30 [ 24680B56D862F1DE30C13FC64B80F568, 4B30EB73369691B915F5615E1BF6C95B070E184BC42BCC505C94410014A04EB3 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
15:52:42.0433 0x1b30 Avira.ServiceHost - ok
15:52:42.0433 0x1b30 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:52:42.0448 0x1b30 avkmgr - ok
15:52:42.0448 0x1b30 [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
15:52:42.0448 0x1b30 avnetflt - ok
15:52:42.0464 0x1b30 AxInstSV - ok
15:52:42.0464 0x1b30 b06bdrv - ok
15:52:42.0464 0x1b30 BasicDisplay - ok
15:52:42.0479 0x1b30 BasicRender - ok
15:52:42.0479 0x1b30 bcmfn2 - ok
15:52:42.0479 0x1b30 BDESVC - ok
15:52:42.0479 0x1b30 Beep - ok
15:52:42.0495 0x1b30 BFE - ok
15:52:42.0495 0x1b30 BITS - ok
15:52:42.0495 0x1b30 bowser - ok
15:52:42.0511 0x1b30 BrokerInfrastructure - ok
15:52:42.0511 0x1b30 Browser - ok
15:52:42.0511 0x1b30 BthAvrcpTg - ok
15:52:42.0511 0x1b30 BthHFEnum - ok
15:52:42.0526 0x1b30 bthhfhid - ok
15:52:42.0526 0x1b30 BthHFSrv - ok
15:52:42.0526 0x1b30 BTHMODEM - ok
15:52:42.0542 0x1b30 bthserv - ok
15:52:42.0542 0x1b30 buttonconverter - ok
15:52:42.0573 0x1b30 [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
15:52:42.0620 0x1b30 c2cautoupdatesvc - ok
15:52:42.0651 0x1b30 [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
15:52:42.0698 0x1b30 c2cpnrsvc - ok
15:52:42.0714 0x1b30 CapImg - ok
15:52:42.0714 0x1b30 cdfs - ok
15:52:42.0714 0x1b30 CDPSvc - ok
15:52:42.0714 0x1b30 cdrom - ok
15:52:42.0729 0x1b30 CertPropSvc - ok
15:52:42.0729 0x1b30 circlass - ok
15:52:42.0729 0x1b30 CLFS - ok
15:52:42.0729 0x1b30 ClipSVC - ok
15:52:42.0745 0x1b30 CmBatt - ok
15:52:42.0745 0x1b30 CNG - ok
15:52:42.0761 0x1b30 cnghwassist - ok
15:52:42.0776 0x1b30 CompositeBus - ok
15:52:42.0776 0x1b30 COMSysApp - ok
15:52:42.0776 0x1b30 condrv - ok
15:52:42.0776 0x1b30 CoreMessagingRegistrar - ok
15:52:42.0808 0x1b30 [ 0781DE74790BDBB9A7B9EF6CAA62B4E0, E25D6B8E35B01CD57CDE473EEB243E228B8BF314B7324A306720C12DE28EB4FA ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
15:52:42.0839 0x1b30 cphs - ok
15:52:42.0839 0x1b30 CryptSvc - ok
15:52:42.0839 0x1b30 dam - ok
15:52:42.0854 0x1b30 DcomLaunch - ok
15:52:42.0854 0x1b30 DcpSvc - ok
15:52:42.0854 0x1b30 defragsvc - ok
15:52:42.0870 0x1b30 DeviceAssociationService - ok
15:52:42.0870 0x1b30 DeviceInstall - ok
15:52:42.0870 0x1b30 DevQueryBroker - ok
15:52:42.0886 0x1b30 Dfsc - ok
15:52:42.0886 0x1b30 Dhcp - ok
15:52:42.0886 0x1b30 diagnosticshub.standardcollector.service - ok
15:52:42.0901 0x1b30 DiagTrack - ok
15:52:42.0901 0x1b30 disk - ok
15:52:42.0901 0x1b30 DmEnrollmentSvc - ok
15:52:42.0901 0x1b30 dmvsc - ok
15:52:42.0917 0x1b30 dmwappushservice - ok
15:52:42.0917 0x1b30 Dnscache - ok
15:52:42.0933 0x1b30 dot3svc - ok
15:52:42.0933 0x1b30 DPS - ok
15:52:42.0933 0x1b30 drmkaud - ok
15:52:42.0933 0x1b30 DsmSvc - ok
15:52:42.0948 0x1b30 DsSvc - ok
15:52:42.0948 0x1b30 DXGKrnl - ok
15:52:42.0948 0x1b30 Eaphost - ok
15:52:42.0964 0x1b30 ebdrv - ok
15:52:42.0964 0x1b30 EFS - ok
15:52:42.0964 0x1b30 EhStorClass - ok
15:52:42.0979 0x1b30 EhStorTcgDrv - ok
15:52:42.0979 0x1b30 embeddedmode - ok
15:52:42.0979 0x1b30 EntAppSvc - ok
15:52:42.0995 0x1b30 ErrDev - ok
15:52:42.0995 0x1b30 EventSystem - ok
15:52:42.0995 0x1b30 exfat - ok
15:52:43.0011 0x1b30 fastfat - ok
15:52:43.0011 0x1b30 Fax - ok
15:52:43.0011 0x1b30 fcvsc - ok
15:52:43.0026 0x1b30 fdc - ok
15:52:43.0026 0x1b30 fdPHost - ok
15:52:43.0026 0x1b30 FDResPub - ok
15:52:43.0042 0x1b30 fhsvc - ok
15:52:43.0042 0x1b30 FileCrypt - ok
15:52:43.0042 0x1b30 FileInfo - ok
15:52:43.0042 0x1b30 Filetrace - ok
15:52:43.0058 0x1b30 flpydisk - ok
15:52:43.0058 0x1b30 FltMgr - ok
15:52:43.0058 0x1b30 FontCache - ok
15:52:43.0073 0x1b30 FontCache3.0.0.0 - ok
15:52:43.0073 0x1b30 FsDepends - ok
15:52:43.0073 0x1b30 Fs_Rec - ok
15:52:43.0089 0x1b30 fvevol - ok
15:52:43.0089 0x1b30 gagp30kx - ok
15:52:43.0089 0x1b30 gencounter - ok
15:52:43.0104 0x1b30 genericusbfn - ok
15:52:43.0104 0x1b30 GPIOClx0101 - ok
15:52:43.0104 0x1b30 gpsvc - ok
15:52:43.0120 0x1b30 GpuEnergyDrv - ok
15:52:43.0120 0x1b30 HdAudAddService - ok
15:52:43.0120 0x1b30 HDAudBus - ok
15:52:43.0120 0x1b30 HidBatt - ok
15:52:43.0136 0x1b30 HidBth - ok
15:52:43.0136 0x1b30 hidi2c - ok
15:52:43.0136 0x1b30 hidinterrupt - ok
15:52:43.0151 0x1b30 HidIr - ok
15:52:43.0151 0x1b30 hidserv - ok
15:52:43.0151 0x1b30 HidUsb - ok
15:52:43.0167 0x1b30 HomeGroupListener - ok
15:52:43.0167 0x1b30 HomeGroupProvider - ok
15:52:43.0167 0x1b30 [ 05712FDDBD45A5864EB326FAABC6A4E3, 8BACA990971A331E6EC7F896EF2404F09E381DAA3519FC6E3027C0DBD991BA7F ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
15:52:43.0183 0x1b30 hpdskflt - ok
15:52:43.0183 0x1b30 HpSAMD - ok
15:52:43.0183 0x1b30 [ AA036CC5F5221D9B915F4D4DCE74BA9A, B90B9F7753B45387AD56A7CE1365BEBC9EB67011B6D2F8C785717942133775AA ] hpsrv C:\WINDOWS\system32\Hpservice.exe
15:52:43.0198 0x1b30 hpsrv - ok
15:52:43.0198 0x1b30 HTTP - ok
15:52:43.0198 0x1b30 hwpolicy - ok
15:52:43.0214 0x1b30 hyperkbd - ok
15:52:43.0214 0x1b30 HyperVideo - ok
15:52:43.0214 0x1b30 i8042prt - ok
15:52:43.0229 0x1b30 iaLPSSi_GPIO - ok
15:52:43.0229 0x1b30 iaLPSSi_I2C - ok
15:52:43.0245 0x1b30 [ 475A1527795F777A3BD40C276F336034, 902131B77B9F52E4AAF37C9352153BC139E79096AE514529A2DC9C59B6B2FEB8 ] iaStorA C:\WINDOWS\System32\drivers\iaStorA.sys
15:52:43.0276 0x1b30 iaStorA - ok
15:52:43.0276 0x1b30 iaStorAV - ok
15:52:43.0276 0x1b30 [ 223FCD3847D5E997528E41121954F89C, 9F71EB2FB0E8A3131EBCCD2DFD7E319779D52F9ECEA2F210E7EE3928599AE675 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:52:43.0292 0x1b30 IAStorDataMgrSvc - ok
15:52:43.0292 0x1b30 iaStorV - ok
15:52:43.0292 0x1b30 ibbus - ok
15:52:43.0354 0x1b30 [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:52:43.0448 0x1b30 IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
15:52:43.0542 0x1b30 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
15:52:43.0558 0x1b30 icssvc - ok
15:52:43.0558 0x1b30 IEEtwCollectorService - ok
15:52:43.0636 0x1b30 [ 3F8B046C0839FDB879FE179C07A1A6A4, 95B4567B1DD185FE0895C3CDE96DD3BE236A50B3098835EE48224C6817A2AD81 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
15:52:43.0745 0x1b30 igfx - ok
15:52:43.0761 0x1b30 [ 1DBE918F1EDE43C8D49B6D9A7DEA25F3, 62D0CA581F53EBA39F11864DFA15B533EB8A0A987962BEE70D6372C51ACD40FD ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
15:52:43.0776 0x1b30 igfxCUIService1.0.0.0 - ok
15:52:43.0776 0x1b30 IKEEXT - ok
15:52:43.0792 0x1b30 [ 87E738E189EB31E2EB07F609C930D068, A19927C8C56F27D7BBD2D7A3A1700EF3C34D63E18D5505DA08D7E8BEDF2CB912 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
15:52:43.0823 0x1b30 intaud_WaveExtensible - ok
15:52:43.0839 0x1b30 [ C6128F2E3DC6156C6F8828F9F1B96010, 612C1191AFB8F69BA5634E8C52BDDE608F57D98FA4C76C5A337676A5F1E8191D ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
15:52:43.0886 0x1b30 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
15:52:43.0886 0x1b30 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - warning
15:52:43.0901 0x1b30 [ 729AB4F0608E95EFF8FDEF23596283E2, 62A2091FF440C65505AB3E38436A86D9B0978BCB9485960EFCE0C5CBC8E06201 ] Intel(R) Capability Licensing Service TCP IP Interface c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
15:52:43.0933 0x1b30 Intel(R) Capability Licensing Service TCP IP Interface - ok
15:52:43.0933 0x1b30 [ B32A84262049E43DB2FDB70F2EAF3BEE, B80214F5A697F7C163E62448FAC4FC71E798114E1C0FBB52C3A16534208849B7 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
15:52:43.0948 0x1b30 Intel(R) ME Service - ok
15:52:43.0948 0x1b30 intelide - ok
15:52:43.0948 0x1b30 intelpep - ok
15:52:43.0964 0x1b30 intelppm - ok
15:52:43.0964 0x1b30 IoQos - ok
15:52:43.0964 0x1b30 IpFilterDriver - ok
15:52:43.0964 0x1b30 iphlpsvc - ok
15:52:43.0980 0x1b30 IPMIDRV - ok
15:52:43.0980 0x1b30 IPNAT - ok
15:52:43.0980 0x1b30 IRENUM - ok
15:52:43.0980 0x1b30 isapnp - ok
15:52:43.0980 0x1b30 iScsiPrt - ok
15:52:43.0995 0x1b30 [ 56D480702478880805F4E74F2BA02382, D1292175BBC38D105E298F7E62C7E113DB540C1878892F1D4E1E2602DECDCAA0 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
15:52:44.0011 0x1b30 iwdbus - ok
15:52:44.0011 0x1b30 [ 08B14887C0B98101F8EC207817A0D734, DF2B2C16F9C8EA05533AE26C3302C41D5B67966D8E55ED8625353AE1D70FBD29 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:52:44.0026 0x1b30 jhi_service - ok
15:52:44.0026 0x1b30 kbdclass - ok
15:52:44.0026 0x1b30 kbdhid - ok
15:52:44.0042 0x1b30 kdnic - ok
15:52:44.0042 0x1b30 KeyIso - ok
15:52:44.0042 0x1b30 KSecDD - ok
15:52:44.0042 0x1b30 KSecPkg - ok
15:52:44.0058 0x1b30 ksthunk - ok
15:52:44.0058 0x1b30 KtmRm - ok
15:52:44.0058 0x1b30 LanmanServer - ok
15:52:44.0058 0x1b30 LanmanWorkstation - ok
15:52:44.0073 0x1b30 lfsvc - ok
15:52:44.0073 0x1b30 LicenseManager - ok
15:52:44.0073 0x1b30 lltdio - ok
15:52:44.0089 0x1b30 lltdsvc - ok
15:52:44.0089 0x1b30 lmhosts - ok
15:52:44.0089 0x1b30 [ 920F6774762DE8D8477088B6F38FBD6C, DA056D27FE775835CD6F8F5F3143179D818C20658304E21100B534C24079916C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:52:44.0105 0x1b30 LMS - ok
15:52:44.0120 0x1b30 LSI_SAS - ok
15:52:44.0120 0x1b30 LSI_SAS2i - ok
15:52:44.0120 0x1b30 LSI_SAS3i - ok
15:52:44.0120 0x1b30 LSI_SSS - ok
15:52:44.0136 0x1b30 LSM - ok
15:52:44.0136 0x1b30 luafv - ok
15:52:44.0136 0x1b30 MapsBroker - ok
15:52:44.0136 0x1b30 megasas - ok
15:52:44.0151 0x1b30 megasr - ok
15:52:44.0151 0x1b30 [ D71FD7A4FDB01C554AE144037B688DF1, 74D33303DA559A3A2EB809FC0EC3722D24F7F1A37BC7370680CFEB951BE735AF ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
15:52:44.0167 0x1b30 MEIx64 - ok
15:52:44.0167 0x1b30 mlx4_bus - ok
15:52:44.0167 0x1b30 MMCSS - ok
15:52:44.0183 0x1b30 Modem - ok
15:52:44.0183 0x1b30 monitor - ok
15:52:44.0183 0x1b30 mouclass - ok
15:52:44.0183 0x1b30 mouhid - ok
15:52:44.0198 0x1b30 mountmgr - ok
15:52:44.0198 0x1b30 [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:52:44.0214 0x1b30 MozillaMaintenance - ok
15:52:44.0214 0x1b30 mpsdrv - ok
15:52:44.0214 0x1b30 MpsSvc - ok
15:52:44.0230 0x1b30 MRxDAV - ok
15:52:44.0230 0x1b30 mrxsmb - ok
15:52:44.0230 0x1b30 mrxsmb10 - ok
15:52:44.0230 0x1b30 mrxsmb20 - ok
15:52:44.0245 0x1b30 MsBridge - ok
15:52:44.0245 0x1b30 MSDTC - ok
15:52:44.0245 0x1b30 Msfs - ok
15:52:44.0261 0x1b30 msgpiowin32 - ok
15:52:44.0261 0x1b30 mshidkmdf - ok
15:52:44.0261 0x1b30 mshidumdf - ok
15:52:44.0261 0x1b30 msisadrv - ok
15:52:44.0276 0x1b30 MSiSCSI - ok
15:52:44.0276 0x1b30 msiserver - ok
15:52:44.0276 0x1b30 MSKSSRV - ok
15:52:44.0292 0x1b30 MsLldp - ok
15:52:44.0292 0x1b30 MSPCLOCK - ok
15:52:44.0292 0x1b30 MSPQM - ok
15:52:44.0292 0x1b30 MsRPC - ok
15:52:44.0308 0x1b30 mssmbios - ok
15:52:44.0308 0x1b30 MSTEE - ok
15:52:44.0308 0x1b30 MTConfig - ok
15:52:44.0308 0x1b30 Mup - ok
15:52:44.0323 0x1b30 mvumis - ok
15:52:44.0323 0x1b30 NativeWifiP - ok
15:52:44.0323 0x1b30 NcaSvc - ok
15:52:44.0339 0x1b30 NcbService - ok
15:52:44.0339 0x1b30 NcdAutoSetup - ok
15:52:44.0339 0x1b30 ndfltr - ok
15:52:44.0339 0x1b30 NDIS - ok
15:52:44.0355 0x1b30 NdisCap - ok
15:52:44.0355 0x1b30 NdisImPlatform - ok
15:52:44.0355 0x1b30 NdisTapi - ok
15:52:44.0355 0x1b30 Ndisuio - ok
15:52:44.0370 0x1b30 NdisVirtualBus - ok
15:52:44.0370 0x1b30 NdisWan - ok
15:52:44.0370 0x1b30 ndiswanlegacy - ok
15:52:44.0370 0x1b30 ndproxy - ok
15:52:44.0386 0x1b30 Ndu - ok
15:52:44.0386 0x1b30 NetBIOS - ok
15:52:44.0386 0x1b30 NetBT - ok
15:52:44.0401 0x1b30 Netlogon - ok
15:52:44.0401 0x1b30 Netman - ok
15:52:44.0401 0x1b30 netprofm - ok
15:52:44.0417 0x1b30 NetSetupSvc - ok
15:52:44.0417 0x1b30 NetTcpPortSharing - ok
15:52:44.0417 0x1b30 netvsc - ok
15:52:44.0433 0x1b30 NgcCtnrSvc - ok
15:52:44.0433 0x1b30 NgcSvc - ok
15:52:44.0433 0x1b30 NlaSvc - ok
15:52:44.0433 0x1b30 Npfs - ok
15:52:44.0448 0x1b30 npsvctrig - ok
15:52:44.0448 0x1b30 nsi - ok
15:52:44.0448 0x1b30 nsiproxy - ok
15:52:44.0448 0x1b30 NTFS - ok
15:52:44.0464 0x1b30 Null - ok
15:52:44.0464 0x1b30 nvraid - ok
15:52:44.0464 0x1b30 nvstor - ok
15:52:44.0464 0x1b30 nv_agp - ok
15:52:44.0480 0x1b30 OneSyncSvc - ok
15:52:44.0480 0x1b30 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:52:44.0495 0x1b30 ose - ok
15:52:44.0605 0x1b30 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:52:44.0730 0x1b30 osppsvc - ok
15:52:44.0745 0x1b30 p2pimsvc - ok
15:52:44.0745 0x1b30 p2psvc - ok
15:52:44.0761 0x1b30 Parport - ok
15:52:44.0761 0x1b30 partmgr - ok
15:52:44.0761 0x1b30 PcaSvc - ok
15:52:44.0761 0x1b30 pci - ok
15:52:44.0776 0x1b30 pciide - ok
15:52:44.0776 0x1b30 pcmcia - ok
15:52:44.0776 0x1b30 pcw - ok
15:52:44.0776 0x1b30 pdc - ok
15:52:44.0792 0x1b30 PEAUTH - ok
15:52:44.0792 0x1b30 percsas2i - ok
15:52:44.0792 0x1b30 percsas3i - ok
15:52:44.0823 0x1b30 PerfHost - ok
15:52:44.0823 0x1b30 PimIndexMaintenanceSvc - ok
15:52:44.0823 0x1b30 pla - ok
15:52:44.0839 0x1b30 PlugPlay - ok
15:52:44.0839 0x1b30 PNRPAutoReg - ok
15:52:44.0839 0x1b30 PNRPsvc - ok
15:52:44.0839 0x1b30 PolicyAgent - ok
15:52:44.0855 0x1b30 Power - ok
15:52:44.0855 0x1b30 PptpMiniport - ok
15:52:44.0917 0x1b30 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
15:52:45.0042 0x1b30 PrintNotify - ok
15:52:45.0058 0x1b30 Processor - ok
15:52:45.0058 0x1b30 ProfSvc - ok
15:52:45.0058 0x1b30 Psched - ok
15:52:45.0058 0x1b30 QWAVE - ok
15:52:45.0073 0x1b30 QWAVEdrv - ok
15:52:45.0073 0x1b30 RasAcd - ok
15:52:45.0073 0x1b30 RasAgileVpn - ok
15:52:45.0073 0x1b30 RasAuto - ok
15:52:45.0089 0x1b30 Rasl2tp - ok
15:52:45.0089 0x1b30 RasMan - ok
15:52:45.0089 0x1b30 RasPppoe - ok
15:52:45.0089 0x1b30 RasSstp - ok
15:52:45.0105 0x1b30 rdbss - ok
15:52:45.0105 0x1b30 rdpbus - ok
15:52:45.0105 0x1b30 RDPDR - ok
15:52:45.0120 0x1b30 RdpVideoMiniport - ok
15:52:45.0120 0x1b30 rdyboost - ok
15:52:45.0120 0x1b30 ReFSv1 - ok
15:52:45.0120 0x1b30 RemoteAccess - ok
15:52:45.0136 0x1b30 RemoteRegistry - ok
15:52:45.0136 0x1b30 RetailDemo - ok
15:52:45.0136 0x1b30 RpcEptMapper - ok
15:52:45.0136 0x1b30 RpcLocator - ok
15:52:45.0151 0x1b30 RpcSs - ok
15:52:45.0151 0x1b30 [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] RSP2STOR C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
15:52:45.0167 0x1b30 RSP2STOR - ok
15:52:45.0167 0x1b30 rspndr - ok
15:52:45.0167 0x1b30 rt640x64 - ok
15:52:45.0183 0x1b30 s3cap - ok
15:52:45.0183 0x1b30 SamSs - ok
15:52:45.0183 0x1b30 sbp2port - ok
15:52:45.0198 0x1b30 SCardSvr - ok
15:52:45.0198 0x1b30 ScDeviceEnum - ok
15:52:45.0198 0x1b30 scfilter - ok
15:52:45.0198 0x1b30 Schedule - ok
15:52:45.0214 0x1b30 SCPolicySvc - ok
15:52:45.0214 0x1b30 sdbus - ok
15:52:45.0214 0x1b30 SDRSVC - ok
15:52:45.0214 0x1b30 sdstor - ok
15:52:45.0230 0x1b30 seclogon - ok
15:52:45.0230 0x1b30 SENS - ok
15:52:45.0230 0x1b30 SensorDataService - ok
15:52:45.0230 0x1b30 SensorService - ok
15:52:45.0245 0x1b30 SensrSvc - ok
15:52:45.0245 0x1b30 SerCx - ok
15:52:45.0245 0x1b30 SerCx2 - ok
15:52:45.0245 0x1b30 Serenum - ok
15:52:45.0261 0x1b30 Serial - ok
15:52:45.0261 0x1b30 sermouse - ok
15:52:45.0276 0x1b30 SessionEnv - ok
15:52:45.0276 0x1b30 sfloppy - ok
15:52:45.0276 0x1b30 SharedAccess - ok
15:52:45.0276 0x1b30 ShellHWDetection - ok
15:52:45.0292 0x1b30 SiSRaid2 - ok
15:52:45.0292 0x1b30 SiSRaid4 - ok
15:52:45.0308 0x1b30 [ E6035ADBA3F13ACF1BEDA7B5D50FDBBB, A840D072395F2394E3B55A080F8F17CC3A02E8BCAFE8B8EC0374ECA1EFF05C23 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:52:45.0323 0x1b30 SkypeUpdate - ok
15:52:45.0323 0x1b30 [ 158A62561751F396DDA43EC653963DDC, 70F97D81E6A8AABD2A696E11E8A47B0DA8C3D21AE2C12FFEA85795FFE7518810 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
15:52:45.0339 0x1b30 SmbDrvI - ok
15:52:45.0339 0x1b30 smphost - ok
15:52:45.0339 0x1b30 SmsRouter - ok
15:52:45.0355 0x1b30 SNMPTRAP - ok
15:52:45.0355 0x1b30 spaceport - ok
15:52:45.0355 0x1b30 SpbCx - ok
15:52:45.0355 0x1b30 Spooler - ok
15:52:45.0370 0x1b30 sppsvc - ok
15:52:45.0370 0x1b30 srv - ok
15:52:45.0370 0x1b30 srv2 - ok
15:52:45.0370 0x1b30 srvnet - ok
15:52:45.0386 0x1b30 SSDPSRV - ok
15:52:45.0386 0x1b30 SstpSvc - ok
15:52:45.0401 0x1b30 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:52:45.0401 0x1b30 ssudmdm - ok
15:52:45.0417 0x1b30 StateRepository - ok
15:52:45.0433 0x1b30 [ 2A6EDC2FBB4B9C11BB21BE3881C7A692, 74482CA4EC2B98C069A32C224BA5449AE10A8B41BFC053A4C23B6F65113A97A4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:52:45.0448 0x1b30 Steam Client Service - ok
15:52:45.0464 0x1b30 stexstor - ok
15:52:45.0464 0x1b30 stisvc - ok
15:52:45.0464 0x1b30 storahci - ok
15:52:45.0464 0x1b30 storflt - ok
15:52:45.0480 0x1b30 stornvme - ok
15:52:45.0480 0x1b30 storqosflt - ok
15:52:45.0480 0x1b30 StorSvc - ok
15:52:45.0480 0x1b30 storufs - ok
15:52:45.0495 0x1b30 storvsc - ok
15:52:45.0495 0x1b30 svsvc - ok
15:52:45.0511 0x1b30 swenum - ok
15:52:45.0526 0x1b30 swprv - ok
15:52:45.0526 0x1b30 Synth3dVsc - ok
15:52:45.0542 0x1b30 [ F7E9360AD5252D2E295AB67D46B8FE4B, 40B33FA7A269A8AA7BE3281CBB0D7375382CDAFADFA06FBED12E8C73A450B656 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:52:45.0573 0x1b30 SynTP - ok
15:52:45.0573 0x1b30 [ 3EEDF446E29B6B8F7AD5AFA59B84800B, F79B8A3810C32A0F8B2690270585FBD374C25562AD5DD52D1DD9F0D612D2017C ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
15:52:45.0605 0x1b30 SynTPEnhService - ok
15:52:45.0605 0x1b30 SysMain - ok
15:52:45.0605 0x1b30 SystemEventsBroker - ok
15:52:45.0605 0x1b30 TabletInputService - ok
15:52:45.0620 0x1b30 TapiSrv - ok
15:52:45.0620 0x1b30 Tcpip - ok
15:52:45.0620 0x1b30 Tcpip6 - ok
15:52:45.0636 0x1b30 tcpipreg - ok
15:52:45.0636 0x1b30 tdx - ok
15:52:45.0636 0x1b30 terminpt - ok
15:52:45.0636 0x1b30 TermService - ok
15:52:45.0651 0x1b30 Themes - ok
15:52:45.0651 0x1b30 tiledatamodelsvc - ok
15:52:45.0651 0x1b30 TimeBroker - ok
15:52:45.0651 0x1b30 TPM - ok
15:52:45.0667 0x1b30 TrkWks - ok
15:52:45.0667 0x1b30 TrustedInstaller - ok
15:52:45.0667 0x1b30 TsUsbFlt - ok
15:52:45.0683 0x1b30 TsUsbGD - ok
15:52:45.0683 0x1b30 tunnel - ok
15:52:45.0683 0x1b30 uagp35 - ok
15:52:45.0683 0x1b30 UASPStor - ok
15:52:45.0698 0x1b30 UcmCx0101 - ok
15:52:45.0698 0x1b30 UcmUcsi - ok
15:52:45.0698 0x1b30 Ucx01000 - ok
15:52:45.0714 0x1b30 UdeCx - ok
15:52:45.0714 0x1b30 udfs - ok
15:52:45.0714 0x1b30 UEFI - ok
15:52:45.0714 0x1b30 Ufx01000 - ok
15:52:45.0730 0x1b30 UfxChipidea - ok
15:52:45.0730 0x1b30 ufxsynopsys - ok
15:52:45.0745 0x1b30 UI0Detect - ok
15:52:45.0745 0x1b30 uliagpkx - ok
15:52:45.0745 0x1b30 umbus - ok
15:52:45.0745 0x1b30 UmPass - ok
15:52:45.0761 0x1b30 UmRdpService - ok
15:52:45.0761 0x1b30 UnistoreSvc - ok
15:52:45.0776 0x1b30 [ 9B8C9350985983E9760E1786731A8728, 78178FDE1329E5B55F77FF73C66B01279A03E2E3C3CB7E3D9DF14291D206D780 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:52:45.0792 0x1b30 UNS - ok
15:52:45.0792 0x1b30 upnphost - ok
15:52:45.0792 0x1b30 UrsChipidea - ok
15:52:45.0808 0x1b30 UrsCx01000 - ok
15:52:45.0808 0x1b30 UrsSynopsys - ok
15:52:45.0808 0x1b30 usbccgp - ok
15:52:45.0808 0x1b30 usbcir - ok
15:52:45.0823 0x1b30 usbehci - ok
15:52:45.0823 0x1b30 usbhub - ok
15:52:45.0823 0x1b30 USBHUB3 - ok
15:52:45.0839 0x1b30 usbohci - ok
15:52:45.0839 0x1b30 usbprint - ok
15:52:45.0839 0x1b30 [ 923CA145CD0A9DFBA4CBBA60AB684C2C, EFAA1E730802490E9A53718D70484832A38345FE0A670937FC546FD245DF2CC9 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:52:45.0870 0x1b30 usbscan - ok
15:52:45.0870 0x1b30 usbser - ok
15:52:45.0870 0x1b30 USBSTOR - ok
15:52:45.0870 0x1b30 usbuhci - ok
15:52:45.0886 0x1b30 usbvideo - ok
15:52:45.0886 0x1b30 USBXHCI - ok
15:52:45.0886 0x1b30 UserDataSvc - ok
15:52:45.0901 0x1b30 UserManager - ok
15:52:45.0901 0x1b30 UsoSvc - ok
15:52:45.0901 0x1b30 VaultSvc - ok
15:52:45.0901 0x1b30 vdrvroot - ok
15:52:45.0917 0x1b30 vds - ok
15:52:45.0917 0x1b30 VerifierExt - ok
15:52:45.0917 0x1b30 vhdmp - ok
15:52:45.0917 0x1b30 vhf - ok
15:52:45.0933 0x1b30 vmbus - ok
15:52:45.0933 0x1b30 VMBusHID - ok
15:52:45.0933 0x1b30 vmicguestinterface - ok
15:52:45.0948 0x1b30 vmicheartbeat - ok
15:52:45.0948 0x1b30 vmickvpexchange - ok
15:52:45.0948 0x1b30 vmicrdv - ok
15:52:45.0948 0x1b30 vmicshutdown - ok
15:52:45.0964 0x1b30 vmictimesync - ok
15:52:45.0964 0x1b30 vmicvmsession - ok
15:52:45.0964 0x1b30 vmicvss - ok
15:52:45.0964 0x1b30 volmgr - ok
15:52:45.0980 0x1b30 volmgrx - ok
15:52:45.0980 0x1b30 volsnap - ok
15:52:45.0980 0x1b30 vpci - ok
15:52:45.0980 0x1b30 vsmraid - ok
15:52:45.0995 0x1b30 VSS - ok
15:52:45.0995 0x1b30 VSTXRAID - ok
15:52:45.0995 0x1b30 vwifibus - ok
15:52:45.0995 0x1b30 vwififlt - ok
15:52:46.0011 0x1b30 vwifimp - ok
15:52:46.0011 0x1b30 W32Time - ok
15:52:46.0011 0x1b30 WacomPen - ok
15:52:46.0011 0x1b30 WalletService - ok
15:52:46.0027 0x1b30 wanarp - ok
15:52:46.0027 0x1b30 wanarpv6 - ok
15:52:46.0027 0x1b30 wbengine - ok
15:52:46.0027 0x1b30 WbioSrvc - ok
15:52:46.0042 0x1b30 Wcmsvc - ok
15:52:46.0042 0x1b30 wcncsvc - ok
15:52:46.0042 0x1b30 WcsPlugInService - ok
15:52:46.0042 0x1b30 WdBoot - ok
15:52:46.0058 0x1b30 Wdf01000 - ok
15:52:46.0058 0x1b30 WdFilter - ok
15:52:46.0058 0x1b30 WdiServiceHost - ok
15:52:46.0058 0x1b30 WdiSystemHost - ok
15:52:46.0073 0x1b30 wdiwifi - ok
15:52:46.0073 0x1b30 WdNisDrv - ok
15:52:46.0073 0x1b30 WdNisSvc - ok
15:52:46.0073 0x1b30 WebClient - ok
15:52:46.0089 0x1b30 Wecsvc - ok
15:52:46.0089 0x1b30 WEPHOSTSVC - ok
15:52:46.0089 0x1b30 wercplsupport - ok
15:52:46.0105 0x1b30 WerSvc - ok
15:52:46.0105 0x1b30 wfpcapture - ok
15:52:46.0105 0x1b30 WFPLWFS - ok
15:52:46.0105 0x1b30 WiaRpc - ok
15:52:46.0120 0x1b30 WIMMount - ok
15:52:46.0120 0x1b30 WinDefend - ok
15:52:46.0120 0x1b30 WindowsTrustedRT - ok
15:52:46.0136 0x1b30 WindowsTrustedRTProxy - ok
15:52:46.0136 0x1b30 WinHttpAutoProxySvc - ok
15:52:46.0136 0x1b30 WinMad - ok
15:52:46.0152 0x1b30 Winmgmt - ok
15:52:46.0152 0x1b30 WinRM - ok
15:52:46.0152 0x1b30 WINUSB - ok
15:52:46.0167 0x1b30 WinVerbs - ok
15:52:46.0167 0x1b30 [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
15:52:46.0167 0x1b30 WirelessButtonDriver - ok
15:52:46.0183 0x1b30 WlanSvc - ok
15:52:46.0183 0x1b30 wlidsvc - ok
15:52:46.0183 0x1b30 WmiAcpi - ok
15:52:46.0183 0x1b30 wmiApSrv - ok
15:52:46.0198 0x1b30 WMPNetworkSvc - ok
15:52:46.0198 0x1b30 Wof - ok
15:52:46.0198 0x1b30 workfolderssvc - ok
15:52:46.0214 0x1b30 wpcfltr - ok
15:52:46.0214 0x1b30 WPDBusEnum - ok
15:52:46.0214 0x1b30 WpdUpFltr - ok
15:52:46.0214 0x1b30 WpnService - ok
15:52:46.0230 0x1b30 ws2ifsl - ok
15:52:46.0230 0x1b30 wscsvc - ok
15:52:46.0230 0x1b30 WSearch - ok
15:52:46.0230 0x1b30 WSService - ok
15:52:46.0245 0x1b30 wuauserv - ok
15:52:46.0245 0x1b30 WudfPf - ok
15:52:46.0245 0x1b30 WUDFRd - ok
15:52:46.0261 0x1b30 wudfsvc - ok
15:52:46.0261 0x1b30 WUDFWpdFs - ok
15:52:46.0261 0x1b30 WUDFWpdMtp - ok
15:52:46.0261 0x1b30 WwanSvc - ok
15:52:46.0277 0x1b30 XblAuthManager - ok
15:52:46.0277 0x1b30 XblGameSave - ok
15:52:46.0277 0x1b30 xboxgip - ok
15:52:46.0277 0x1b30 XboxNetApiSvc - ok
15:52:46.0292 0x1b30 xinputhid - ok
15:52:46.0292 0x1b30 ================ Scan global ===============================
15:52:46.0292 0x1b30 [ Global ] - ok
15:52:46.0292 0x1b30 ================ Scan MBR ==================================
15:52:46.0308 0x1b30 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:52:46.0323 0x1b30 \Device\Harddisk0\DR0 - ok
15:52:46.0323 0x1b30 ================ Scan VBR ==================================
15:52:46.0323 0x1b30 [ 37971970F0C18BFADE6E0BE8A22A913A ] \Device\Harddisk0\DR0\Partition1
15:52:46.0323 0x1b30 \Device\Harddisk0\DR0\Partition1 - ok
15:52:46.0339 0x1b30 [ 74FE9540E3505264A3DFAC5C0B227939 ] \Device\Harddisk0\DR0\Partition2
15:52:46.0339 0x1b30 \Device\Harddisk0\DR0\Partition2 - ok
15:52:46.0339 0x1b30 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
15:52:46.0339 0x1b30 \Device\Harddisk0\DR0\Partition3 - ok
15:52:46.0339 0x1b30 [ B35104017B9A8D597C8B734CF5FA6242 ] \Device\Harddisk0\DR0\Partition4
15:52:46.0339 0x1b30 \Device\Harddisk0\DR0\Partition4 - ok
15:52:46.0339 0x1b30 [ 4DB2E92B82DF3784F71C55C06767A04D ] \Device\Harddisk0\DR0\Partition5
15:52:46.0339 0x1b30 \Device\Harddisk0\DR0\Partition5 - ok
15:52:46.0355 0x1b30 [ B07D8FBE59773F78BC058734D79FC4D4 ] \Device\Harddisk0\DR0\Partition6
15:52:46.0355 0x1b30 \Device\Harddisk0\DR0\Partition6 - ok
15:52:46.0355 0x1b30 ================ Scan generic autorun ======================
15:52:46.0355 0x1b30 SynTPEnh - ok
15:52:46.0355 0x1b30 Logitech Download Assistant - ok
15:52:46.0386 0x1b30 [ E8C75839EBCE358DF1F82153130CBA09, 361692167916E436E428767B16A7E0F1DBD58C8A1A63FA8987F97A945C4756C2 ] C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
15:52:46.0433 0x1b30 LogiOptionsAppBroker - ok
15:52:46.0433 0x1b30 [ F52E42E75D2DFCCE7F5756E733909F3B, 190F9B352764461A057CF01B610332A5C2AAF149EEF4A2BF6E6329822648485E ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
15:52:46.0448 0x1b30 IAStorIcon - ok
15:52:46.0464 0x1b30 [ 27F8A7A78773427E5D931628F89D6839, 61A312590322109BEA9EA70345E6FB40435D9BACE2B9CFF3ADF68C7B3D6FA163 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
15:52:46.0495 0x1b30 avgnt - ok
15:52:46.0511 0x1b30 [ 57C635C41750117D206C90DA9C599777, D5291ED79FC08217758FB526FC8CCC9D374B65B49446104D271C36B0C1298446 ] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
15:52:46.0558 0x1b30 BrMfcWnd - detected UnsignedFile.Multi.Generic ( 1 )
15:52:46.0558 0x1b30 BrMfcWnd ( UnsignedFile.Multi.Generic ) - warning
15:52:46.0573 0x1b30 [ 4DE3EF07E0854547309C6B40235A9D44, F73D8E6D98583865D1C8DB728058D83C72A3908E21E04EF313FCB829C040A1EC ] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
15:52:46.0573 0x1b30 ControlCenter3 - detected UnsignedFile.Multi.Generic ( 1 )
15:52:46.0573 0x1b30 ControlCenter3 ( UnsignedFile.Multi.Generic ) - warning
15:52:46.0589 0x1b30 [ F5060B034D37EA26D325A4319806E202, D43ACE85421DB29A6B6E8080D838152AB3858F83C2B373731945460E217C7D9F ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
15:52:46.0589 0x1b30 Avira SystrayStartTrigger - ok
15:52:46.0620 0x1b30 OneDriveSetup - ok
15:52:46.0620 0x1b30 OneDriveSetup - ok
15:52:46.0683 0x1b30 [ 86BF17A265E1B4BA41325623EC132E66, 4414B5F01A78B76BFC1A7C39F595645A09E674FA6DE7991F31BA6673EEB23F9E ] C:\Program Files (x86)\Steam\steam.exe
15:52:46.0745 0x1b30 Steam - ok
15:52:46.0761 0x1b30 [ 6ECE746BB283927604DA192CA0D1403D, 327E1E908B6DB1C8414B31DB277EF5EABA340B2EE7FEE19349860B3C8F7778FE ] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE
15:52:46.0777 0x1b30 EPLTarget\P0000000000000000 - ok
15:52:46.0792 0x1b30 [ FC040252FB2AA74545D8B17FE9CD4D78, 5517B34263A25E5460E09635D5B593D0551EF35C3DC94BFBE3E5B4F12D9C20E6 ] C:\Users\zorro\AppData\Local\Microsoft\OneDrive\OneDrive.exe
15:52:46.0808 0x1b30 OneDrive - ok
15:52:46.0808 0x1b30 Skype - ok
15:52:46.0823 0x1b30 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.12.420 ), 0x41000 ( enabled : updated )
15:52:46.0839 0x1b30 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x62100 ( disabled : updated )
15:52:46.0855 0x1b30 Win FW state via NFP2: enabled ( trusted )
15:52:46.0855 0x1b30 ============================================================
15:52:46.0855 0x1b30 Scan finished
15:52:46.0855 0x1b30 ============================================================
15:52:46.0870 0x1774 Detected object count: 4
15:52:46.0870 0x1774 Actual detected object count: 4
15:54:23.0172 0x1774 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:23.0172 0x1774 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:23.0172 0x1774 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:23.0172 0x1774 Intel(R) Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:23.0172 0x1774 BrMfcWnd ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:23.0172 0x1774 BrMfcWnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:54:23.0172 0x1774 ControlCenter3 ( UnsignedFile.Multi.Generic ) - skipped by user
15:54:23.0172 0x1774 ControlCenter3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:40.0087 0x193c Deinitialize success
|
|
15.09.2015, 16:26
| #12 |
| /// the machine /// TB-Ausbilder | Inkasso Trojaner Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.09.2015, 20:25
| #13 |
| | Inkasso Trojaner ok, hier kommt mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 15.09.2015 Suchlaufzeit: 20:44 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.09.15.06 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: zorro Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 373457 Abgelaufene Zeit: 5 Min., 56 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, In Quarantäne, [6bc7949ca8e364d2a80e1616d231fb05], Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.007 - Bericht erstellt am 15/09/2015 um 21:04:42
# Aktualisiert am 08/09/2015 von Xplode
# Datenbank : 2015-09-10.1 [Server]
# Betriebssystem : Windows 10 Home (x64)
# Benutzername : zorro - ZORRO-LAPTOP
# Gestartet von : C:\Users\zorro\Downloads\AdwCleaner_5.007.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{b64d9b05-48e1-4ceb-bf58-e0643994e900}.xpi
[-] Datei Gelöscht : C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\user.js
***** [ Verknüpfungen ] *****
[-] Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung Desinfiziert : C:\Users\zorro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung Desinfiziert : C:\Users\zorro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
[-] Verknüpfung Desinfiziert : C:\Users\zorro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Geplante Tasks ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Schlüssel Gelöscht : HKCU\Software\APN PIP
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\simplytech
[-] Schlüssel Gelöscht : HKCU\Software\Linkey
[-] Schlüssel Gelöscht : HKCU\Software\Kromtech
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\APN PIP
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\simplytech
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Linkey
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Kromtech
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dynamo Combo
***** [ Internetbrowser ] *****
[-] [C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[-] [C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[-] [C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[-] [C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1431813063&z=ff20560caf29eacd2acad55g6zbc4g6begec3e0qeg&from=smt&uid=KINGSTONXSV300S37A120G_50026B774C02DD98&q={[...]
[-] [C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4564 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 10 Home x64
Ran by zorro on 15.09.2015 at 21:17:19,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Dynamo Combo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Dynamo Combo
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\zorro\AppData\Roaming\mozilla\firefox\profiles\DLqFl98w.default\prefs.js
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, smt);
user_pref(browser.search.searchengine.uid, KINGSTONXSV300S37A120G_50026B774C02DD98);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.09.2015 at 21:19:19,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
durchgeführt von zorro (Administrator) auf ZORRO-LAPTOP (15-09-2015 21:23:31)
Gestartet von C:\Users\zorro\Downloads
Geladene Profile: zorro (Verfügbare Profile: zorro)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [LogiOptionsAppBroker] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1549256 2015-08-04] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2015-01-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e88830a0-70b1-4852-badf-bec964923f4e}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default
FF NewTab: hxxp://www.google.de
FF Homepage: hxxps://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\abs@avira.com [2015-08-12]
FF Extension: YouTube Unblocker - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-09-01]
FF Extension: Ghostery - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\firefox@ghostery.com.xpi [2015-01-31]
FF Extension: {88309fd1-cacd-4904-9730-a0786869d225} - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{88309fd1-cacd-4904-9730-a0786869d225}.xpi [2015-06-26]
FF Extension: Adblock Plus - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]
FF Extension: PDFAddon - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{e337fd67-0148-4d1a-8cb6-1d7085814f28}.xpi [2015-07-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-30] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-30] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-07] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-15 21:19 - 2015-09-15 21:19 - 00001230 _____ C:\Users\zorro\Desktop\JRT.txt
2015-09-15 21:17 - 2015-09-09 20:11 - 01800104 _____ (Malwarebytes Corporation) C:\Users\zorro\Desktop\JRT.exe
2015-09-15 21:15 - 2015-09-15 21:16 - 01799392 _____ (Malwarebytes Corporation) C:\Users\zorro\Downloads\JRT_7600.exe
2015-09-15 21:05 - 2015-09-15 21:05 - 00016148 _____ C:\WINDOWS\system32\ZORRO-LAPTOP_zorro_HistoryPrediction.bin
2015-09-15 21:03 - 2015-09-15 21:04 - 00000000 ____D C:\AdwCleaner
2015-09-15 21:00 - 2015-09-15 21:00 - 01660416 _____ C:\Users\zorro\Downloads\AdwCleaner_5.007.exe
2015-09-15 20:56 - 2015-09-15 20:56 - 00001285 _____ C:\Users\zorro\Desktop\mbam.txt
2015-09-15 20:41 - 2015-09-15 20:41 - 00001171 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-15 20:41 - 2015-09-15 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-09-15 20:41 - 2015-09-15 20:41 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-09-15 20:41 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-15 20:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-15 20:36 - 2015-09-15 20:40 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\zorro\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-14 15:50 - 2015-09-14 15:50 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\zorro\Downloads\tdsskiller.exe
2015-09-14 15:22 - 2015-09-15 20:54 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 15:22 - 2015-09-14 17:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-14 15:21 - 2015-09-14 15:44 - 00000000 ____D C:\Users\zorro\Desktop\mbar
2015-09-14 15:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-14 15:19 - 2015-09-14 15:20 - 16563304 _____ (Malwarebytes Corp.) C:\Users\zorro\Downloads\mbar-1.09.2.1008.exe
2015-09-14 03:46 - 2015-09-14 03:46 - 02785665 _____ (PortableApps.com) C:\Users\zorro\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-09-14 03:46 - 2015-09-14 03:46 - 00000000 ____D C:\Users\zorro\Downloads\RevoUninstallerPortable
2015-09-13 14:54 - 2015-09-14 15:18 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-09-13 14:53 - 2015-09-13 14:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\zorro\Downloads\revosetup95.exe
2015-09-11 11:43 - 2015-09-15 20:39 - 00000000 ____D C:\Users\zorro\Downloads\FRST-OlderVersion
2015-09-11 11:42 - 2015-09-11 11:42 - 00001494 _____ C:\Users\zorro\Downloads\FRST64 - Shortcut.lnk
2015-09-09 20:06 - 2015-09-11 11:44 - 00043280 _____ C:\Users\zorro\Desktop\FRST.txt
2015-09-09 20:06 - 2015-09-09 20:06 - 00043237 _____ C:\Users\zorro\Desktop\Addition.txt
2015-09-09 20:05 - 2015-09-15 21:23 - 00013946 _____ C:\Users\zorro\Downloads\FRST.txt
2015-09-09 20:05 - 2015-09-09 20:05 - 00043237 _____ C:\Users\zorro\Downloads\Addition.txt
2015-09-09 20:04 - 2015-09-15 21:23 - 00000000 ____D C:\FRST
2015-09-09 20:04 - 2015-09-15 20:39 - 02191360 _____ (Farbar) C:\Users\zorro\Downloads\FRST64.exe
2015-09-09 19:56 - 2015-09-09 19:56 - 00216722 _____ C:\Users\zorro\Desktop\OTL.Txt
2015-09-09 19:56 - 2015-09-09 19:56 - 00092536 _____ C:\Users\zorro\Desktop\Extras.Txt
2015-09-09 19:19 - 2015-09-09 19:19 - 00002231 _____ C:\Users\zorro\Desktop\HijackThis - CHIP Downloader.lnk
2015-09-09 19:05 - 2015-09-09 19:22 - 00012989 _____ C:\Users\zorro\Desktop\hijackthis.log
2015-09-09 18:56 - 2015-09-09 18:56 - 01162528 _____ C:\Users\zorro\Downloads\HijackThis - CHIP-Installer.exe
2015-09-09 18:51 - 2015-09-09 19:56 - 00216722 _____ C:\Users\zorro\Downloads\OTL.Txt
2015-09-09 18:51 - 2015-09-09 19:24 - 00092536 _____ C:\Users\zorro\Downloads\Extras.Txt
2015-09-09 18:45 - 2015-09-09 18:45 - 00602112 _____ (OldTimer Tools) C:\Users\zorro\Downloads\OTL.exe
2015-09-09 18:10 - 2015-09-09 18:10 - 00000000 ____D C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH-1
2015-09-09 18:00 - 2015-09-09 18:00 - 00000000 ____D C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH
2015-09-09 17:21 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 17:21 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 17:21 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 17:21 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 17:21 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 17:21 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 17:21 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 17:21 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 17:21 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 17:21 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 17:21 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 17:21 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 17:21 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 17:21 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 17:21 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 17:21 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 17:21 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 17:21 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 17:21 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 17:21 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 17:21 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 17:21 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 17:21 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 17:21 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 17:21 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 17:21 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 17:21 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 17:21 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 17:21 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 17:21 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 17:21 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 17:21 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 19:43 - 2015-09-07 19:43 - 04318760 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2015-09-07 05:20 - 2015-09-07 05:20 - 00000220 _____ C:\Users\zorro\Desktop\Deus Ex Game of the Year Edition.url
2015-09-03 16:26 - 2015-09-03 16:26 - 00002421 _____ C:\Users\zorro\Desktop\Ubi Soft Product Registration.lnk
2015-09-03 16:25 - 2015-09-03 15:28 - 00505104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2015-09-03 16:25 - 2015-09-03 15:28 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2015-09-03 16:25 - 2015-09-03 15:28 - 00115016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.OCX
2015-09-03 16:25 - 2015-09-03 15:28 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2015-09-03 16:25 - 2015-09-03 15:28 - 00069632 _____ C:\WINDOWS\SysWOW64\xmltok.dll
2015-09-03 16:25 - 2015-09-03 15:28 - 00036864 _____ C:\WINDOWS\SysWOW64\xmlparse.dll
2015-09-03 16:25 - 2015-09-03 15:28 - 00035840 _____ C:\WINDOWS\SysWOW64\comdlg32.oca
2015-09-03 16:25 - 2015-09-03 15:28 - 00029184 _____ C:\WINDOWS\SysWOW64\MSINET.oca
2015-09-03 16:25 - 2015-09-03 15:28 - 00028432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxmlr.dll
2015-09-03 16:25 - 2015-09-03 15:28 - 00026096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmlinst.exe
2015-09-03 16:25 - 2015-09-03 15:28 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2015-09-03 16:22 - 2015-09-03 16:25 - 00000000 ____D C:\Program Files (x86)\Ubi Soft
2015-09-03 16:22 - 2015-09-03 16:22 - 00001094 _____ C:\Users\Public\Desktop\Splinter Cell spielen.lnk
2015-09-03 16:22 - 2015-09-03 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft
2015-08-31 13:56 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-31 13:56 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-31 13:56 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-31 13:56 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-31 13:56 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-31 13:56 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-31 13:56 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-31 13:56 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-31 13:56 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-31 13:56 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-31 13:56 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-31 13:56 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-31 13:56 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-31 13:56 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-31 13:56 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-31 13:56 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-31 13:56 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-31 13:56 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-31 13:56 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-31 13:56 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-31 13:56 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-31 13:56 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-31 13:56 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-31 13:56 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-31 13:56 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-31 13:56 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-31 13:56 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-31 13:56 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-31 13:56 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-31 13:56 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-31 13:56 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-31 13:56 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-31 13:56 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-31 13:56 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-31 13:56 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-31 13:56 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-31 13:56 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-31 13:56 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-31 13:56 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-31 13:56 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-31 13:56 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-19 13:48 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 13:48 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 13:48 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 13:48 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 13:48 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 13:48 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 13:48 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 13:48 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 13:48 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 13:48 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 13:48 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 13:48 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 13:48 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 13:48 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 13:48 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 13:48 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 13:48 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 13:48 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 13:48 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 13:48 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 13:48 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 13:48 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 13:48 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 13:48 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 13:48 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 13:48 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 13:48 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 13:48 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 13:48 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 13:48 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 13:48 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 13:48 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 13:48 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 13:48 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 13:48 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 13:48 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 13:48 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 13:48 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 13:48 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 13:48 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 13:48 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 13:48 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 13:48 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 13:48 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 13:48 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 13:48 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 13:48 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 13:48 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 13:48 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 13:48 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 13:48 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 13:48 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 13:48 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 13:48 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 13:48 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 13:48 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 13:48 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 13:48 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 13:48 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 13:48 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 13:48 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 13:48 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 13:48 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 13:48 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 13:48 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 13:48 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 13:48 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 13:48 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 13:48 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-15 21:17 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-15 21:12 - 2015-08-02 17:16 - 01793546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-15 21:12 - 2015-07-10 18:34 - 00773380 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-15 21:12 - 2015-07-10 18:34 - 00154706 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-15 21:11 - 2015-08-09 14:24 - 00000000 ____D C:\Users\zorro\AppData\Roaming\Skype
2015-09-15 21:10 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-15 21:07 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-15 21:05 - 2015-08-02 17:06 - 00000000 ____D C:\Users\zorro
2015-09-15 21:05 - 2015-08-02 17:03 - 00012828 _____ C:\WINDOWS\PFRO.log
2015-09-15 21:05 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-15 21:05 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-15 21:05 - 2015-01-11 02:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-15 21:04 - 2015-01-10 22:51 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-15 21:04 - 2015-01-10 22:51 - 00001118 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-15 20:44 - 2015-01-13 19:44 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-15 20:21 - 2015-01-10 22:38 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA220534-56FD-4E55-902A-3BFAB4995E34}
2015-09-15 17:25 - 2015-08-02 17:15 - 00002396 _____ C:\Users\zorro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-15 17:25 - 2015-01-28 01:55 - 00000000 __RDO C:\Users\zorro\OneDrive
2015-09-15 14:00 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-14 16:18 - 2015-01-10 19:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-14 15:33 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SchCache
2015-09-14 15:23 - 2015-05-26 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 14:13 - 2015-07-10 14:20 - 00017701 _____ C:\WINDOWS\setupact.log
2015-09-14 14:12 - 2015-03-24 17:24 - 00000425 _____ C:\WINDOWS\BRWMARK.INI
2015-09-10 19:26 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-09-10 18:13 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 18:13 - 2015-07-10 14:20 - 00345080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 18:13 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 17:56 - 2015-01-28 03:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 17:55 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 00:10 - 2015-01-10 22:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-09 00:10 - 2015-01-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-07 19:32 - 2015-03-28 03:23 - 00000000 ____D C:\Users\zorro\Desktop\Tor Browser
2015-09-04 01:12 - 2015-05-03 01:04 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-09-03 17:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-03 16:22 - 2015-01-10 19:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-01 14:55 - 2015-01-10 18:29 - 00000000 ____D C:\Users\zorro\AppData\Local\Packages
2015-09-01 03:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-01 03:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-01 02:25 - 2015-05-10 20:56 - 00000000 ____D C:\Program Files (x86)\Wolfenstein - Enemy Territory
2015-08-26 18:37 - 2015-01-10 19:57 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-19 14:08 - 2015-08-02 17:13 - 00000000 ____D C:\Users\zorro\AppData\Local\Comms
Einige Dateien in TEMP:
====================
C:\Users\zorro\AppData\Local\Temp\avgnt.exe
C:\Users\zorro\AppData\Local\Temp\sqlite3.dll
C:\Users\zorro\AppData\Local\Temp\_isD160.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-13 15:09
==================== Ende von FRST.txt ============================
|
|
16.09.2015, 16:44
| #14 |
| /// the machine /// TB-Ausbilder | Inkasso TrojanerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.09.2015, 19:57
| #15 |
| | Inkasso Trojaner Ok, das ESET log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fe979758f8c7dd419fb524e3e399ed69
# end=init
# utc_time=2015-09-16 05:45:44
# local_time=2015-09-16 07:45:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25793
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=fe979758f8c7dd419fb524e3e399ed69
# end=updated
# utc_time=2015-09-16 05:53:29
# local_time=2015-09-16 07:53:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=fe979758f8c7dd419fb524e3e399ed69
# engine=25793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-16 06:19:15
# local_time=2015-09-16 08:19:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5881480 5901567 0 0
# scanned=273000
# found=10
# cleaned=0
# scan_time=1544
sh=3D0E8B466F55B4146DD0D83599BCDEA2A8D181C8 ft=1 fh=70f8e2859b5aac6f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\zorro\AppData\Local\Temp\DMR\dmr_72.exe"
sh=3D0E8B466F55B4146DD0D83599BCDEA2A8D181C8 ft=1 fh=70f8e2859b5aac6f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\zorro\AppData\Local\Temp\DMR\dmr_84.exe"
sh=F99737AF06F3E7B09021C4C8C4EBAB9900D00C42 ft=0 fh=0000000000000000 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH\Ausgleich an Michael Zormeier - Inkasso Abteilung Mail & Media GmbH 09.09.2015.zip"
sh=F99737AF06F3E7B09021C4C8C4EBAB9900D00C42 ft=0 fh=0000000000000000 vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH-1\Ausgleich an Michael Zormeier - Inkasso Abteilung Mail & Media GmbH 09.09.2015.zip"
sh=CD7214907E4F9EA943705F731BAD73AB1FF532C2 ft=1 fh=e6f06d3be0c801dd vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH-1\Ausgleich an Michael Zormeier - Inkasso Abteilung Mail & Media GmbH 09.09.2015\Michael Zormeier Rechnung - Inkasso Abteilung Mail & Media GmbH.com"
sh=41AE2244599276C6E376705D13C93883D1DAAC45 ft=1 fh=ceccd91a287db319 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\zorro\Downloads\HijackThis - CHIP-Installer.exe"
sh=4F42D20BF74AE009CD335E218903A01BC3D92A6E ft=1 fh=299bb97278efdf1b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\zorro\Downloads\Little Fighter II - CHIP-Installer(1).exe"
sh=A7DCE445D0C1D97DC902CE2A76C787521BEA004A ft=1 fh=f00366bb0aa3c490 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\zorro\Downloads\Little Fighter II - CHIP-Installer.exe"
sh=5B95315844B22672C2E867D8E3D45D9F05ED2016 ft=1 fh=6e4c94e41237e20f vn="Win32/Somoto.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\zorro\Downloads\setup_Project64_2.2.exe"
sh=B773F12E2C3DB3BC272FBB1AB82F96AB8425B792 ft=1 fh=5e8d7a216e294cbc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\zorro\Downloads\Tor Browser Paket - CHIP-Installer.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.008
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 18.0.0.232
Adobe Reader XI
Mozilla Firefox 38.0.5 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
durchgeführt von zorro (Administrator) auf ZORRO-LAPTOP (16-09-2015 20:54:34)
Gestartet von C:\Users\zorro\Downloads
Geladene Profile: zorro (Verfügbare Profile: zorro)
Platform: Windows 10 Home (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.00.77\LogiOptionsMgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
() C:\Program Files\WindowsApps\Microsoft.BingNews_4.5.168.0_x86__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.3DBuilder_10.9.6.0_x64__8wekyb3d8bbwe\Builder3D.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [LogiOptionsAppBroker] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1549256 2015-08-04] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2015-01-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e88830a0-70b1-4852-badf-bec964923f4e}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-58352319-3725806726-3140065513-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default
FF NewTab: hxxp://www.google.de
FF Homepage: hxxps://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\abs@avira.com [2015-08-12]
FF Extension: YouTube Unblocker - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\youtubeunblocker__web@unblocker.yt [2015-09-01]
FF Extension: Ghostery - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\firefox@ghostery.com.xpi [2015-01-31]
FF Extension: {88309fd1-cacd-4904-9730-a0786869d225} - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{88309fd1-cacd-4904-9730-a0786869d225}.xpi [2015-06-26]
FF Extension: Adblock Plus - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]
FF Extension: PDFAddon - C:\Users\zorro\AppData\Roaming\Mozilla\Firefox\Profiles\DLqFl98w.default\Extensions\{e337fd67-0148-4d1a-8cb6-1d7085814f28}.xpi [2015-07-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-08-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-30] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-30] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-07] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137288 2015-08-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-08-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-16 20:50 - 2015-09-16 20:51 - 00852704 _____ C:\Users\zorro\Downloads\SecurityCheck.exe
2015-09-16 20:24 - 2015-09-16 20:24 - 00016148 _____ C:\WINDOWS\system32\ZORRO-LAPTOP_zorro_HistoryPrediction.bin
2015-09-16 19:43 - 2015-09-16 19:45 - 02870984 _____ (ESET) C:\Users\zorro\Downloads\esetsmartinstaller_deu.exe
2015-09-16 16:08 - 2015-09-16 16:08 - 00000000 ___RD C:\Users\zorro\3D Objects
2015-09-15 21:19 - 2015-09-15 21:19 - 00001230 _____ C:\Users\zorro\Desktop\JRT.txt
2015-09-15 21:17 - 2015-09-09 20:11 - 01800104 _____ (Malwarebytes Corporation) C:\Users\zorro\Desktop\JRT.exe
2015-09-15 21:15 - 2015-09-15 21:16 - 01799392 _____ (Malwarebytes Corporation) C:\Users\zorro\Downloads\JRT_7600.exe
2015-09-15 21:03 - 2015-09-15 21:04 - 00000000 ____D C:\AdwCleaner
2015-09-15 21:00 - 2015-09-15 21:00 - 01660416 _____ C:\Users\zorro\Downloads\AdwCleaner_5.007.exe
2015-09-15 20:56 - 2015-09-15 20:56 - 00001285 _____ C:\Users\zorro\Desktop\mbam.txt
2015-09-15 20:41 - 2015-09-15 20:41 - 00001171 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-09-15 20:41 - 2015-09-15 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-09-15 20:41 - 2015-09-15 20:41 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-09-15 20:41 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-15 20:41 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-15 20:36 - 2015-09-15 20:40 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\zorro\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-14 15:50 - 2015-09-14 15:50 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\zorro\Downloads\tdsskiller.exe
2015-09-14 15:22 - 2015-09-15 20:54 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 15:22 - 2015-09-14 17:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-14 15:21 - 2015-09-14 15:44 - 00000000 ____D C:\Users\zorro\Desktop\mbar
2015-09-14 15:21 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-14 15:19 - 2015-09-14 15:20 - 16563304 _____ (Malwarebytes Corp.) C:\Users\zorro\Downloads\mbar-1.09.2.1008.exe
2015-09-14 03:46 - 2015-09-14 03:46 - 02785665 _____ (PortableApps.com) C:\Users\zorro\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-09-14 03:46 - 2015-09-14 03:46 - 00000000 ____D C:\Users\zorro\Downloads\RevoUninstallerPortable
2015-09-13 14:54 - 2015-09-14 15:18 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-09-13 14:53 - 2015-09-13 14:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\zorro\Downloads\revosetup95.exe
2015-09-11 11:43 - 2015-09-15 20:39 - 00000000 ____D C:\Users\zorro\Downloads\FRST-OlderVersion
2015-09-11 11:42 - 2015-09-11 11:42 - 00001494 _____ C:\Users\zorro\Downloads\FRST64 - Shortcut.lnk
2015-09-09 20:06 - 2015-09-11 11:44 - 00043280 _____ C:\Users\zorro\Desktop\FRST.txt
2015-09-09 20:06 - 2015-09-09 20:06 - 00043237 _____ C:\Users\zorro\Desktop\Addition.txt
2015-09-09 20:05 - 2015-09-16 20:54 - 00015933 _____ C:\Users\zorro\Downloads\FRST.txt
2015-09-09 20:05 - 2015-09-09 20:05 - 00043237 _____ C:\Users\zorro\Downloads\Addition.txt
2015-09-09 20:04 - 2015-09-16 20:54 - 00000000 ____D C:\FRST
2015-09-09 20:04 - 2015-09-15 20:39 - 02191360 _____ (Farbar) C:\Users\zorro\Downloads\FRST64.exe
2015-09-09 19:56 - 2015-09-09 19:56 - 00216722 _____ C:\Users\zorro\Desktop\OTL.Txt
2015-09-09 19:56 - 2015-09-09 19:56 - 00092536 _____ C:\Users\zorro\Desktop\Extras.Txt
2015-09-09 19:19 - 2015-09-09 19:19 - 00002231 _____ C:\Users\zorro\Desktop\HijackThis - CHIP Downloader.lnk
2015-09-09 19:05 - 2015-09-09 19:22 - 00012989 _____ C:\Users\zorro\Desktop\hijackthis.log
2015-09-09 18:56 - 2015-09-09 18:56 - 01162528 _____ C:\Users\zorro\Downloads\HijackThis - CHIP-Installer.exe
2015-09-09 18:51 - 2015-09-09 19:56 - 00216722 _____ C:\Users\zorro\Downloads\OTL.Txt
2015-09-09 18:51 - 2015-09-09 19:24 - 00092536 _____ C:\Users\zorro\Downloads\Extras.Txt
2015-09-09 18:45 - 2015-09-09 18:45 - 00602112 _____ (OldTimer Tools) C:\Users\zorro\Downloads\OTL.exe
2015-09-09 18:10 - 2015-09-09 18:10 - 00000000 ____D C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH-1
2015-09-09 18:00 - 2015-09-09 18:00 - 00000000 ____D C:\Users\zorro\Documents\Forderung stornierten Zahlung Ihrer Bestellung Mail & Media GmbH
2015-09-09 17:21 - 2015-09-02 03:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 17:21 - 2015-09-02 02:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 17:21 - 2015-09-02 02:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 17:21 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 17:21 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 17:21 - 2015-08-27 08:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 17:21 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 17:21 - 2015-08-27 07:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 17:21 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 17:21 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 17:21 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 17:21 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 17:21 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 17:21 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 17:21 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 17:21 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 17:21 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 17:21 - 2015-08-27 07:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 17:21 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 17:21 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 17:21 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 17:21 - 2015-08-27 07:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 17:21 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 17:21 - 2015-08-27 07:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 17:21 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 17:21 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 17:21 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 17:21 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 17:21 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 17:21 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 17:21 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 17:21 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 19:43 - 2015-09-07 19:43 - 04318760 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2015-09-07 05:20 - 2015-09-07 05:20 - 00000220 _____ C:\Users\zorro\Desktop\Deus Ex Game of the Year Edition.url
2015-09-03 16:26 - 2015-09-03 16:26 - 00002421 _____ C:\Users\zorro\Desktop\Ubi Soft Product Registration.lnk
2015-09-03 16:25 - 2015-09-03 15:28 - 00505104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2015-09-03 16:25 - 2015-09-03 15:28 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2015-09-03 16:25 - 2015-09-03 15:28 - 00115016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.OCX
2015-09-03 16:25 - 2015-09-03 15:28 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VB5DB.DLL
2015-09-03 16:25 - 2015-09-03 15:28 - 00069632 _____ C:\WINDOWS\SysWOW64\xmltok.dll
2015-09-03 16:25 - 2015-09-03 15:28 - 00036864 _____ C:\WINDOWS\SysWOW64\xmlparse.dll
2015-09-03 16:25 - 2015-09-03 15:28 - 00035840 _____ C:\WINDOWS\SysWOW64\comdlg32.oca
2015-09-03 16:25 - 2015-09-03 15:28 - 00029184 _____ C:\WINDOWS\SysWOW64\MSINET.oca
2015-09-03 16:25 - 2015-09-03 15:28 - 00028432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxmlr.dll
2015-09-03 16:25 - 2015-09-03 15:28 - 00026096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xmlinst.exe
2015-09-03 16:25 - 2015-09-03 15:28 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2015-09-03 16:22 - 2015-09-03 16:25 - 00000000 ____D C:\Program Files (x86)\Ubi Soft
2015-09-03 16:22 - 2015-09-03 16:22 - 00001094 _____ C:\Users\Public\Desktop\Splinter Cell spielen.lnk
2015-09-03 16:22 - 2015-09-03 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft
2015-08-31 13:56 - 2015-08-20 08:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-31 13:56 - 2015-08-20 08:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-31 13:56 - 2015-08-20 08:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-31 13:56 - 2015-08-20 07:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-31 13:56 - 2015-08-20 07:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-31 13:56 - 2015-08-20 07:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-31 13:56 - 2015-08-20 07:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-31 13:56 - 2015-08-18 09:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-31 13:56 - 2015-08-18 09:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-31 13:56 - 2015-08-18 09:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-31 13:56 - 2015-08-18 09:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-31 13:56 - 2015-08-18 09:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-31 13:56 - 2015-08-18 09:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-31 13:56 - 2015-08-18 09:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-31 13:56 - 2015-08-18 09:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-31 13:56 - 2015-08-18 09:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-31 13:56 - 2015-08-18 09:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-31 13:56 - 2015-08-18 09:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-31 13:56 - 2015-08-18 08:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-31 13:56 - 2015-08-18 08:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-31 13:56 - 2015-08-18 08:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-31 13:56 - 2015-08-18 08:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-31 13:56 - 2015-08-18 08:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-31 13:56 - 2015-08-18 08:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-31 13:56 - 2015-08-18 08:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-31 13:56 - 2015-08-18 08:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-31 13:56 - 2015-08-18 08:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-31 13:56 - 2015-08-18 08:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-31 13:56 - 2015-08-18 08:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-31 13:56 - 2015-08-18 08:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-31 13:56 - 2015-08-18 08:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-31 13:56 - 2015-08-18 08:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-31 13:56 - 2015-08-18 08:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-31 13:56 - 2015-08-18 08:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-31 13:56 - 2015-08-18 08:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-31 13:56 - 2015-08-18 08:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-31 13:56 - 2015-08-18 08:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-31 13:56 - 2015-08-18 08:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-31 13:56 - 2015-08-18 08:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-31 13:56 - 2015-08-18 08:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-31 13:56 - 2015-08-18 06:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-19 13:48 - 2015-08-13 06:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 13:48 - 2015-08-13 06:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 13:48 - 2015-08-13 05:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 13:48 - 2015-08-11 12:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 13:48 - 2015-08-11 12:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 13:48 - 2015-08-11 12:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 13:48 - 2015-08-11 12:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 13:48 - 2015-08-11 12:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 13:48 - 2015-08-11 12:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 13:48 - 2015-08-11 12:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 13:48 - 2015-08-11 11:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 13:48 - 2015-08-11 11:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 13:48 - 2015-08-11 11:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 13:48 - 2015-08-11 11:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 13:48 - 2015-08-11 11:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 13:48 - 2015-08-11 11:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 13:48 - 2015-08-11 11:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 13:48 - 2015-08-11 11:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 13:48 - 2015-08-11 11:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 13:48 - 2015-08-11 11:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 13:48 - 2015-08-11 11:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 13:48 - 2015-08-11 11:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 13:48 - 2015-08-11 11:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 13:48 - 2015-08-11 11:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 13:48 - 2015-08-11 11:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 13:48 - 2015-08-11 11:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 13:48 - 2015-08-11 11:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 13:48 - 2015-08-11 11:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 13:48 - 2015-08-11 11:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 13:48 - 2015-08-11 11:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 13:48 - 2015-08-11 11:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 13:48 - 2015-08-11 11:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 13:48 - 2015-08-11 11:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 13:48 - 2015-08-11 11:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 13:48 - 2015-08-11 11:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 13:48 - 2015-08-11 11:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 13:48 - 2015-08-11 11:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 13:48 - 2015-08-11 11:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 13:48 - 2015-08-11 11:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 13:48 - 2015-08-11 11:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 13:48 - 2015-08-11 11:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 13:48 - 2015-08-11 11:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 13:48 - 2015-08-11 11:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 13:48 - 2015-08-11 11:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 13:48 - 2015-08-11 11:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 13:48 - 2015-08-11 11:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 13:48 - 2015-08-11 11:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 13:48 - 2015-08-11 10:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 13:48 - 2015-08-11 10:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 13:48 - 2015-08-11 10:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 13:48 - 2015-08-11 10:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 13:48 - 2015-08-11 10:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 13:48 - 2015-08-11 10:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 13:48 - 2015-08-11 10:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 13:48 - 2015-08-11 10:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 13:48 - 2015-08-11 10:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 13:48 - 2015-08-11 10:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 13:48 - 2015-08-11 10:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 13:48 - 2015-08-11 10:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 13:48 - 2015-08-11 10:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 13:48 - 2015-08-11 10:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 13:48 - 2015-08-11 10:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 13:48 - 2015-08-11 10:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 13:48 - 2015-08-11 10:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 13:48 - 2015-08-11 10:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 13:48 - 2015-08-11 10:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 13:48 - 2015-08-11 10:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 13:48 - 2015-08-11 10:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 13:48 - 2015-08-11 10:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 13:48 - 2015-08-11 10:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-09-16 20:52 - 2015-07-10 14:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-16 20:46 - 2015-08-09 14:24 - 00000000 ____D C:\Users\zorro\AppData\Roaming\Skype
2015-09-16 20:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-16 20:44 - 2015-01-13 19:44 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-16 20:03 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-16 17:30 - 2015-01-10 22:38 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA220534-56FD-4E55-902A-3BFAB4995E34}
2015-09-16 16:50 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-16 16:08 - 2015-08-02 17:06 - 00000000 ____D C:\Users\zorro
2015-09-16 11:32 - 2015-08-02 17:16 - 01793546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-16 11:32 - 2015-07-10 18:34 - 00773380 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-16 11:32 - 2015-07-10 18:34 - 00154706 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-16 11:30 - 2015-01-10 18:29 - 00000000 ____D C:\Users\zorro\AppData\Local\Packages
2015-09-16 11:27 - 2015-01-11 02:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-16 11:26 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-15 21:05 - 2015-08-02 17:03 - 00012828 _____ C:\WINDOWS\PFRO.log
2015-09-15 21:05 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-15 21:04 - 2015-01-10 22:51 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-15 21:04 - 2015-01-10 22:51 - 00001118 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-15 17:25 - 2015-08-02 17:15 - 00002396 _____ C:\Users\zorro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-15 17:25 - 2015-01-28 01:55 - 00000000 __RDO C:\Users\zorro\OneDrive
2015-09-14 16:18 - 2015-01-10 19:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-14 15:33 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SchCache
2015-09-14 15:23 - 2015-05-26 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 14:13 - 2015-07-10 14:20 - 00017701 _____ C:\WINDOWS\setupact.log
2015-09-14 14:12 - 2015-03-24 17:24 - 00000425 _____ C:\WINDOWS\BRWMARK.INI
2015-09-10 19:26 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-09-10 18:13 - 2015-07-10 18:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 18:13 - 2015-07-10 14:20 - 00345080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 18:13 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 17:56 - 2015-01-28 03:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 17:55 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-09 00:10 - 2015-01-10 22:46 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-09 00:10 - 2015-01-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-07 19:32 - 2015-03-28 03:23 - 00000000 ____D C:\Users\zorro\Desktop\Tor Browser
2015-09-04 01:12 - 2015-05-03 01:04 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-09-03 17:45 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-03 16:22 - 2015-01-10 19:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-01 03:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-01 03:16 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-01 02:25 - 2015-05-10 20:56 - 00000000 ____D C:\Program Files (x86)\Wolfenstein - Enemy Territory
2015-08-26 18:37 - 2015-01-10 19:57 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-19 14:08 - 2015-08-02 17:13 - 00000000 ____D C:\Users\zorro\AppData\Local\Comms
Einige Dateien in TEMP:
====================
C:\Users\zorro\AppData\Local\Temp\avgnt.exe
C:\Users\zorro\AppData\Local\Temp\sqlite3.dll
C:\Users\zorro\AppData\Local\Temp\_isD160.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-09-13 15:09
==================== Ende von FRST.txt ============================
|
|
| Themen zu Inkasso Trojaner |
| auswerten, computer, datei, dateien, dokumente, durchgeführt, e-mail, einfach, erhalte, erhalten, fixen, folge, folgen, heute, hijack, hijackthis, inkasso, ms-dos anwendung, rechnung, troja, trojaner, unternehmen, windows, windows10, würde, zurücksetzen, öffnen |
dann auf 
und dann auf 
. 
Linear-Darstellung
