|
Plagegeister aller Art und deren Bekämpfung: Windows 7 (64bit): TR/Crypt.ZPACK.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.09.2015, 19:07 | #1 |
| Windows 7 (64bit): TR/Crypt.ZPACK.Gen2 Hi, ich habe einfach im Internet gesurft und plötzlich kam eine Meldung von Avira Antivirus, dass TR/Crypt.ZPACK.Gen2 in C:\User\lucky8\AppData\Local\Temp\Cws0mZn6.exe.part gefunden wurde. Ich habe meinen Firefox Cache gelöscht, den Temp Ordnerinhalt gelöscht und Kaspersky TDSSKiller drüberlaufen lassen. Weder dieser, noch Avira Antivir oder Malwarebytes Antimalware haben etwas gefunden. Wie poste ich den Malwarebytes Log? Den einzigen Log den ich finden konnte ist der Log ueber die Updates von Malwarebytes. Vielen Dank für jede Hilfe. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:24 on 20/09/2015 (xxx) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Log: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015 durchgeführt von lucky8 (Administrator) auf MINE (20-09-2015 18:25:31) Gestartet von C:\Users\lucky8\Desktop Geladene Profile: lucky8 (Verfügbare Profile: lucky8) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Opera) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AuthenTec, Inc) C:\Program Files\TrueSuite\TrueSuite.Service.exe (AMD) C:\Windows\System32\atiesrxx.exe (SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe () C:\Program Files\ATKGFNEX\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Fork Ltd.) C:\Asus F8Va\platform\windows\cronsvc.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AuthenTec Inc.) C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (AuthenTec, Inc.) C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.) C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe () C:\Program Files (x86)\Launchy\Launchy.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (Mindjet) C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe () C:\Program Files (x86)\Everything\Everything.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-16] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2830120 2011-10-03] (Synaptics Incorporated) HKLM\...\Run: [ClientAppLogon] => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-10-10] (AuthenTec, Inc.) HKLM\...\Run: [ClientAppLogon32] => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-10-10] (AuthenTec, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.) HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [37728 2011-09-14] (Mindjet) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-26] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\Run: [GBMPro8Agentx64] => C:\Program Files\GBackupManagerPro8x64\GBMAgent.exe [249984 2008-09-21] (Genie-soft) HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\Run: [Google Update] => C:\Users\lucky8\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.) HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\Run: [WizMouse] => C:\Program Files (x86)\WizMouse\WizMouse.exe [121648 2011-09-30] () HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [652048 2011-11-23] (SANDBOXIE L.T.D) HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\Run: [Facebook Update] => C:\Users\lucky8\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-08] (Facebook Inc.) HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [774680 2013-06-07] (ZONER software) ShellIconOverlayIdentifiers: [TSFPLOlayIcon] -> {F4DD9208-8229-492D-BCBF-2955F7AC38F4} => C:\Program Files\TrueSuite\TrueSuite.FPLOlayIcon.dll [2011-10-10] (AuthenTec, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk [2013-08-16] ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk [2014-10-28] ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) Startup: C:\Users\lucky8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk [2012-01-16] ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.192.1 Tcpip\..\Interfaces\{DC5576C0-402C-4612-B845-F49C0366D99E}: [DhcpNameServer] 192.168.192.1 Internet Explorer: ================== HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ BHO: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll [2011-10-10] (AuthenTec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll Keine Datei BHO-x32: TrueSuite WebStore -> {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation) BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll [2011-09-14] (Mindjet) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll [2011-10-10] (AuthenTec Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation) DPF: HKLM-x32 {CAA6C3B6-662B-4D14-BB64-EADB88213BFE} hxxp://192.168.1.67/IPCamPluginTM.cab FireFox: ======== FF ProfilePath: C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-3873337503-2129652553-3438850724-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2012-08-14] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-3873337503-2129652553-3438850724-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lucky8\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-3873337503-2129652553-3438850724-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\lucky8\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-3873337503-2129652553-3438850724-1001: @talk.google.com/O1DPlugin -> C:\Users\lucky8\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-3873337503-2129652553-3438850724-1001: @tools.google.com/Google Update;version=3 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin HKU\S-1-5-21-3873337503-2129652553-3438850724-1001: @tools.google.com/Google Update;version=9 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-02-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-02-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-02-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-02-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-02-28] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-12-09] (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\lucky8\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\lucky8\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Extension: Avira Browser Safety - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\abs@avira.com [2015-09-17] FF Extension: Ant Video Downloader - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\anttoolbar@ant.com [2015-09-12] FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\artur.dubovoy@gmail.com [2015-09-17] FF Extension: German Dictionary - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-07-04] FF Extension: Dictionary Switcher - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\dictionary-switcher@design-noir.de [2015-05-31] FF Extension: United States English Spellchecker - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24] FF Extension: ColorfulTabs - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2015-09-12] FF Extension: FireShot - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2015-06-08] FF Extension: Autocopy - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F} [2015-06-02] FF Extension: WOT - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-10] FF Extension: AutoPager - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\autopager@mozilla.org.xpi [2012-01-17] FF Extension: Drag & DropZones - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\dendzones@captaincaveman.nl.xpi [2012-01-19] FF Extension: Video Downloader Professional - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\ffext_basicvideoext@startpage24.xpi [2015-09-12] FF Extension: Firebug - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\firebug@software.joehewitt.com.xpi [2012-01-19] FF Extension: pastego - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\pastego@jeremy.xpi [2012-01-19] FF Extension: Tab Scope - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\tabscope@xuldev.org.xpi [2012-01-19] FF Extension: All-in-One Sidebar - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-01-19] FF Extension: Session Manager - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012-01-19] FF Extension: FlashGot - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-01-17] FF Extension: ProxTube - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-08-05] FF Extension: Grab and Drag - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{477c4c36-24eb-11da-94d4-00e08161165f}.xpi [2012-01-19] FF Extension: ScrapBook - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2012-01-19] FF Extension: SmoothWheel (mozdev.org) - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2012-01-19] FF Extension: Dr.Web Anti-Virus Link Checker - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi [2015-08-26] FF Extension: NoScript - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-01-19] FF Extension: Close Button - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{962e0d4d-6b89-4b73-aa72-df03360da12e}.xpi [2012-01-19] FF Extension: BugMeNot Plugin - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2012-01-19] FF Extension: Video DownloadHelper - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-23] FF Extension: Fast Video Download - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2015-09-12] FF Extension: SoundCloud Downloader - Technowise - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-03-20] FF Extension: Adblock Plus - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-19] FF Extension: BetterPrivacy - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-01-19] FF Extension: QuickProxy - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}.xpi [2012-01-19] FF Extension: Tab Mix Plus - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-01-19] FF Extension: Tabs Menu - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{dc5d9a10-2736-11da-8cd6-0800200c9a66}.xpi [2012-01-19] FF Extension: DownThemAll! - C:\Users\lucky8\AppData\Roaming\Mozilla\Firefox\Profiles\n41a38cs.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012-01-17] FF Extension: TrueSuite Website Log On - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com [2015-08-27] FF Extension: TrueSuite WebStore - C:\Program Files (x86)\Mozilla Firefox\extensions\webstore@truesuite.com [2015-08-27] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Native Client) - C:\Users\lucky8\AppData\Local\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => Keine Datei CHR Plugin: (Chrome PDF Viewer) - C:\Users\lucky8\AppData\Local\Google\Chrome\Application\45.0.2454.93\pdf.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Users\lucky8\AppData\Local\Google\Chrome\Application\45.0.2454.93\gcswf32.dll => Keine Datei CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Keine Datei CHR Plugin: (TrueSuite) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkfnepfpdlmgpagkanfefpppcicnloj\1.0_0\npwebsitelogon.dll (AuthenTec, Inc) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll => Keine Datei CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Java(TM) Platform SE 7 U2) - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll => Keine Datei CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\lucky8\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll => Keine Datei CHR Profile: C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2013-08-26] CHR Extension: (Turn Off the Lights) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2012-01-19] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2012-01-19] CHR Extension: (YouTube) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-16] CHR Extension: (Adblock Plus) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-30] CHR Extension: (Google-Suche) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-16] CHR Extension: (Avira Browserschutz) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-09] CHR Extension: (Website Logon) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkfnepfpdlmgpagkanfefpppcicnloj [2012-01-16] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20] CHR Extension: (Google Mail-Checker) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2012-01-19] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR Extension: (Google Mail) - C:\Users\lucky8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-16] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hnkfnepfpdlmgpagkanfefpppcicnloj] - C:\Program Files\TrueSuite\x86\tschrome.crx [2011-09-27] StartMenuInternet: Google Chrome - C:\Users\lucky8\AppData\Local\Google\Chrome\Application\chrome.exe Opera: ======= OPR Extension: (adblockforopera) - C:\Users\lucky8\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2015-03-19] OPR Extension: (Ghostery) - C:\Users\lucky8\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2015-03-19] OPR Extension: (weboftrust) - C:\Users\lucky8\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-03-19] OPR Extension: (honestbleeps) - C:\Users\lucky8\AppData\Roaming\Opera Software\Opera Stable\Extensions\gfdcmdcpehpkengmkhkbpifajmbhfgae [2015-03-19] OPR Extension: (Gemorroj (based on BugMeNot by dreamcarved)) - C:\Users\lucky8\AppData\Roaming\Opera Software\Opera Stable\Extensions\kilkkhbfombmjjffdefjhgicjdchjplh [2015-03-19] OPR Extension: (Dr.Web Link Checker) - C:\Users\lucky8\AppData\Roaming\Opera Software\Opera Stable\Extensions\kokchgogfgeiahpenhpekopebfikfhil [2015-03-19] OPR Extension: (Adblock Plus) - C:\Users\lucky8\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-03-19] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-27] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-26] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-26] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [Datei ist nicht signiert] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG) R2 CronService; C:\Asus F8Va\platform\windows\cronsvc.exe [23552 2014-01-23] (Fork Ltd.) [Datei ist nicht signiert] R2 FPLService; C:\Program Files\TrueSuite\TrueSuite.Service.exe [291656 2011-10-10] (AuthenTec, Inc) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) S2 MBAMScheduler; G:\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; G:\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [94992 2011-11-23] (SANDBOXIE L.T.D) S2 SkypeUpdate; E:\Programme\Skype\Updater\Updater.exe [315496 2014-12-11] (Skype Technologies) R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [973688 2014-04-01] () [Datei ist nicht signiert] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-18] (Avira Operations GmbH & Co. KG) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [158336 2011-11-23] (SANDBOXIE L.T.D) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] () U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-20 18:25 - 2015-09-20 18:26 - 00029969 _____ C:\Users\lucky8\Desktop\FRST.txt 2015-09-20 18:25 - 2015-09-20 18:25 - 00000000 ____D C:\FRST 2015-09-20 18:24 - 2015-09-20 18:24 - 00000474 _____ C:\Users\lucky8\Desktop\defogger_disable.log 2015-09-20 18:24 - 2015-09-20 18:24 - 00000000 _____ C:\Users\lucky8\defogger_reenable 2015-09-20 18:23 - 2015-09-20 18:23 - 00380416 _____ C:\Users\lucky8\Desktop\Gmer-19357.exe 2015-09-20 18:23 - 2015-09-15 16:45 - 02191360 _____ (Farbar) C:\Users\lucky8\Desktop\FRST64.exe 2015-09-20 18:22 - 2015-09-20 18:22 - 00050477 _____ C:\Users\lucky8\Desktop\Defogger.exe 2015-09-20 01:40 - 2015-09-20 01:41 - 00283192 _____ C:\Windows\Minidump\092015-83320-01.dmp 2015-09-19 22:37 - 2015-09-19 22:37 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\lucky8\Downloads\tdsskiller.exe 2015-09-19 22:27 - 2015-09-19 22:27 - 00000613 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-19 22:24 - 2015-09-20 12:42 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-12 22:29 - 2015-08-18 02:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-09-12 22:29 - 2015-08-15 07:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-12 22:29 - 2015-08-15 07:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-12 22:29 - 2015-08-15 07:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-09-12 22:29 - 2015-08-15 07:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-12 22:29 - 2015-08-15 06:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-12 22:29 - 2015-08-15 06:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-09-12 22:29 - 2015-08-15 06:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-09-12 22:29 - 2015-08-15 06:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-09-12 22:29 - 2015-08-15 06:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-09-12 22:29 - 2015-08-15 06:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-12 22:29 - 2015-08-15 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-09-12 22:29 - 2015-08-15 06:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-09-12 22:29 - 2015-08-15 06:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-09-12 22:29 - 2015-08-15 06:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-09-12 22:29 - 2015-08-15 05:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-09-12 22:29 - 2015-08-05 18:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-12 22:29 - 2015-08-05 18:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-12 22:29 - 2015-08-05 18:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-09-12 22:29 - 2015-07-15 04:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-09-12 22:29 - 2015-07-15 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-09-12 22:29 - 2015-07-09 18:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2015-09-12 22:29 - 2015-07-09 18:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2015-09-12 22:29 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2015-09-12 22:29 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2015-09-12 22:28 - 2015-08-18 02:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-12 22:28 - 2015-08-15 07:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-12 22:28 - 2015-08-15 07:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-12 22:28 - 2015-08-15 07:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-12 22:28 - 2015-08-15 07:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-12 22:28 - 2015-08-15 07:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-12 22:28 - 2015-08-15 07:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-12 22:28 - 2015-08-15 07:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-12 22:28 - 2015-08-15 07:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-12 22:28 - 2015-08-15 07:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-12 22:28 - 2015-08-15 07:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-12 22:28 - 2015-08-15 07:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-12 22:28 - 2015-08-15 07:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-12 22:28 - 2015-08-15 07:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-12 22:28 - 2015-08-15 07:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-12 22:28 - 2015-08-15 06:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-12 22:28 - 2015-08-15 06:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-09-12 22:28 - 2015-08-15 06:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-12 22:28 - 2015-08-15 06:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-12 22:28 - 2015-08-15 06:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-12 22:28 - 2015-08-15 06:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-09-12 22:28 - 2015-08-15 06:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-09-12 22:28 - 2015-08-15 06:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-12 22:28 - 2015-08-15 06:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-09-12 22:28 - 2015-08-15 06:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-09-12 22:28 - 2015-08-15 06:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-09-12 22:28 - 2015-08-15 06:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-09-12 22:28 - 2015-08-15 06:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-09-12 22:28 - 2015-08-15 06:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-09-12 22:28 - 2015-08-15 06:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-12 22:28 - 2015-08-15 06:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-12 22:28 - 2015-08-15 06:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-12 22:28 - 2015-08-15 06:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-09-12 22:28 - 2015-08-15 06:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-12 22:28 - 2015-08-15 06:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-09-12 22:28 - 2015-08-15 06:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-09-12 22:28 - 2015-08-15 06:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-12 22:28 - 2015-08-15 06:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-09-12 22:28 - 2015-08-15 06:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-09-12 22:28 - 2015-08-15 06:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-09-12 22:28 - 2015-08-15 05:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-12 22:28 - 2015-08-15 05:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-09-12 22:28 - 2015-08-15 05:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-12 22:28 - 2015-08-15 05:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-09-12 22:28 - 2015-07-23 01:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-09-12 22:28 - 2015-07-23 01:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-12 22:28 - 2015-07-23 01:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-12 22:28 - 2015-07-23 01:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-09-12 22:28 - 2015-07-23 01:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-09-12 22:28 - 2015-07-23 01:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-09-12 22:28 - 2015-07-23 01:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-09-12 22:28 - 2015-07-23 01:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-09-12 22:28 - 2015-07-23 01:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-09-12 22:28 - 2015-07-23 01:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-12 22:28 - 2015-07-23 01:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-09-12 22:28 - 2015-07-23 01:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-09-12 22:28 - 2015-07-23 01:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-12 22:28 - 2015-07-23 01:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-12 22:28 - 2015-07-23 00:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-12 22:28 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-09-12 22:28 - 2015-07-22 18:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-09-12 22:28 - 2015-07-22 18:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-09-12 22:28 - 2015-07-22 18:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-09-12 22:28 - 2015-07-22 18:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-09-12 22:28 - 2015-07-22 18:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-09-12 22:28 - 2015-07-22 18:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-09-12 22:28 - 2015-07-22 18:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-09-12 22:28 - 2015-07-22 18:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-09-12 22:28 - 2015-07-22 18:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-09-12 22:28 - 2015-07-22 18:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-09-12 22:28 - 2015-07-22 18:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-09-12 22:28 - 2015-07-22 18:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-09-12 22:28 - 2015-07-22 18:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-09-12 22:28 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-09-12 22:28 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-09-12 22:28 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-09-12 22:28 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-09-12 22:28 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-09-12 22:28 - 2015-07-22 17:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-09-12 22:28 - 2015-07-22 17:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-12 22:28 - 2015-07-22 17:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-12 22:28 - 2015-07-22 17:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-12 22:27 - 2015-08-27 19:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-12 22:27 - 2015-08-27 19:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-12 22:27 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-12 22:27 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-12 22:27 - 2015-08-27 18:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-09-12 22:27 - 2015-08-27 18:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-09-12 22:27 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-09-12 22:27 - 2015-08-27 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-09-12 22:27 - 2015-07-23 00:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-12 22:27 - 2015-07-23 00:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-09-12 22:27 - 2015-07-23 00:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-12 22:27 - 2015-07-22 18:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-09-12 22:27 - 2015-07-22 18:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 18:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 17:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-09-12 22:27 - 2015-07-22 17:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-09-12 22:27 - 2015-07-22 17:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 17:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 17:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-09-12 22:27 - 2015-07-22 17:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-09-12 22:27 - 2015-06-25 11:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-09-12 22:27 - 2015-06-25 11:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-09-12 22:27 - 2015-06-25 11:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-09-12 22:27 - 2015-06-25 10:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-09-12 22:26 - 2015-08-04 19:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-09-12 22:26 - 2015-08-04 19:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-09-12 22:26 - 2015-08-04 18:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-12 22:26 - 2015-08-04 18:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-12 22:26 - 2015-08-04 18:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-12 22:26 - 2015-08-04 18:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-12 22:26 - 2015-08-04 18:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-12 22:26 - 2015-08-04 18:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-09-12 22:26 - 2015-08-04 17:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-12 22:25 - 2015-09-02 04:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-12 22:25 - 2015-09-02 04:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-12 22:25 - 2015-09-02 04:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-12 22:25 - 2015-09-02 04:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-12 22:25 - 2015-09-02 03:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-09-12 22:25 - 2015-09-02 03:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-09-12 22:25 - 2015-09-02 03:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-09-12 22:25 - 2015-09-02 03:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-09-12 22:25 - 2015-09-02 02:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-12 22:25 - 2015-09-02 02:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-12 22:25 - 2015-09-02 02:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-09-12 22:25 - 2015-08-26 19:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-12 22:25 - 2015-08-26 19:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-12 22:25 - 2015-08-26 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-12 22:25 - 2015-08-26 19:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-12 22:25 - 2015-08-26 19:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-12 22:25 - 2015-08-26 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-12 22:25 - 2015-08-26 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-12 22:25 - 2015-08-26 19:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-12 22:25 - 2015-08-26 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-12 22:25 - 2015-08-26 19:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-12 22:25 - 2015-08-26 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-09-12 22:25 - 2015-08-26 18:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-09-12 22:25 - 2015-08-26 18:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-09-12 22:25 - 2015-08-26 18:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-09-12 22:25 - 2015-08-26 18:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-09-12 22:25 - 2015-08-26 18:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-08-27 22:21 - 2015-08-29 21:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-09-20 18:24 - 2012-01-15 03:20 - 00000000 ____D C:\Users\lucky8 2015-09-20 18:22 - 2009-07-14 05:45 - 00017120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-20 18:22 - 2009-07-14 05:45 - 00017120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-20 18:20 - 2012-10-21 22:03 - 00000029 _____ C:\Windows\SysWOW64\TempWmicBatchFile.bat 2015-09-20 18:16 - 2014-10-28 20:02 - 00000000 ____D C:\ProgramData\twonkyserver 2015-09-20 17:47 - 2014-04-08 16:42 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001UA.job 2015-09-20 17:47 - 2014-04-08 16:42 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001Core.job 2015-09-20 17:29 - 2012-01-16 18:35 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001UA.job 2015-09-20 12:42 - 2014-10-28 20:02 - 00000000 ____D C:\Users\lucky8\AppData\Roaming\TwonkyServer 2015-09-20 01:40 - 2012-09-03 20:03 - 00000000 ____D C:\Windows\Minidump 2015-09-20 01:40 - 2012-01-15 13:38 - 01014026 _____ C:\Windows\PFRO.log 2015-09-20 01:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-20 01:40 - 2009-07-14 05:51 - 00149845 _____ C:\Windows\setupact.log 2015-09-20 00:08 - 2015-04-20 21:20 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-09-19 22:36 - 2012-01-16 18:35 - 00000000 ____D C:\Program Files (x86)\Everything 2015-09-19 22:34 - 2012-04-06 22:36 - 00000000 ____D C:\Users\lucky8\AppData\Roaming\Azureus 2015-09-19 22:28 - 2012-01-16 18:34 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001Core.job 2015-09-19 22:27 - 2015-02-14 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-09-18 21:43 - 2012-01-15 03:15 - 01154127 _____ C:\Windows\WindowsUpdate.log 2015-09-18 20:52 - 2009-07-14 18:58 - 00699682 _____ C:\Windows\system32\perfh007.dat 2015-09-18 20:52 - 2009-07-14 18:58 - 00149790 _____ C:\Windows\system32\perfc007.dat 2015-09-18 20:52 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-17 22:23 - 2012-01-16 18:35 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001UA 2015-09-17 22:23 - 2012-01-16 18:34 - 00003700 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001Core 2015-09-17 21:22 - 2015-01-29 21:38 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1422563909 2015-09-17 21:22 - 2012-01-16 18:34 - 00000000 ____D C:\Program Files (x86)\Opera 2015-09-16 23:11 - 2012-01-17 10:32 - 00000000 ____D C:\Users\lucky8\AppData\Roaming\Skype 2015-09-13 03:34 - 2009-07-14 05:45 - 00383224 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-13 03:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-09-13 03:14 - 2012-01-17 22:27 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-13 03:08 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini 2015-09-12 21:46 - 2012-12-06 21:09 - 00000000 ____D C:\Users\lucky8\dwhelper 2015-09-12 21:38 - 2015-04-20 21:20 - 00003880 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-09-12 21:38 - 2012-04-14 09:03 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-09-12 21:38 - 2012-01-16 18:35 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-12 21:15 - 2012-01-16 19:50 - 00000000 ____D C:\Users\lucky8\AppData\Roaming\Macromedia 2015-09-12 21:04 - 2014-08-08 12:55 - 00000000 ____D C:\ProgramData\Package Cache 2015-09-12 21:04 - 2013-09-17 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-09-05 22:32 - 2009-07-14 19:18 - 00000000 ____D C:\Windows\ShellNew 2015-09-05 22:32 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-09-05 22:29 - 2012-01-17 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2015-09-05 22:29 - 2012-01-17 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-08-29 21:38 - 2012-07-07 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-08-22 17:37 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-01-17 15:34 - 2012-11-15 23:52 - 0007609 _____ () C:\Users\lucky8\AppData\Local\resmon.resmoncfg 2014-10-28 20:02 - 2014-10-28 20:02 - 0000011 _____ () C:\ProgramData\.tv7 Einige Dateien in TEMP: ==================== C:\Users\lucky8\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-09-13 04:16 ==================== Ende von FRST.txt ============================ FRST Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:15-09-2015 durchgeführt von lucky8 (2015-09-20 18:26:51) Gestartet von C:\Users\lucky8\Desktop Windows 7 Professional Service Pack 1 (X64) (2012-01-15 02:20:50) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3873337503-2129652553-3438850724-500 - Administrator - Disabled) Gast (S-1-5-21-3873337503-2129652553-3438850724-501 - Limited - Disabled) GuestUser (S-1-5-21-3873337503-2129652553-3438850724-1004 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3873337503-2129652553-3438850724-1002 - Limited - Enabled) lucky8 (S-1-5-21-3873337503-2129652553-3438850724-1001 - Administrator - Enabled) => C:\Users\lucky8 lucky9 (S-1-5-21-3873337503-2129652553-3438850724-1003 - Administrator - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) AdFender (HKLM-x32\...\AdFender) (Version: 1.75 - AdFender, Inc.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK) ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0053 - ASUS) ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS) AuthenTec TrueSuite (HKLM\...\{ECC7F2EE-ECE6-4082-8588-50415A40AB0F}) (Version: 4.0.1.140 - AuthenTec, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bonjour-Druckdienste (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) calibre (HKLM-x32\...\{097E183F-FE88-41B8-ABE0-C730DD4AE48F}) (Version: 2.22.0 - Kovid Goyal) Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - ) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP) Cisco AnyConnect VPN Client (HKLM-x32\...\{CE6ED5AE-4F78-4B50-ADA5-A8F24DBDC673}) (Version: 2.5.2018 - Cisco Systems, Inc.) Cisco DART (HKLM-x32\...\{80B70B4B-C90C-4938-A956-76F5021DE412}) (Version: 2.4.0200 - Cisco Systems, Inc.) ClassicPro© v1.15 (HKLM-x32\...\ClassicPro) (Version: 1.15 - Skin Consortium) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Davory (HKLM-x32\...\Davory) (Version: - ) dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: Release 14 (FLAC 1.2.1) - Illustrate) dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 14 - Illustrate) dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14 - Illustrate) dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 20 (Vorbis v1.3.1) - Illustrate) dBpoweramp WavPack Codec (HKLM-x32\...\dBpoweramp WavPack Codec) (Version: Release 8 (WavPack v4.60) - Illustrate) dBpoweramp Windows Media Audio 10 Codec (HKLM-x32\...\dBpoweramp Windows Media Audio 10 Codec) (Version: Release 7 - Illustrate) DH Mobility Modder.NET (HKLM-x32\...\MobilityDotNET) (Version: 1.2.1.0 - Ruud Ketelaars) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.2.5149 - Thomson Reuters) Eraser 6.0.9.2343 (HKLM\...\{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}) (Version: 6.0.2343 - The Eraser Project) Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - ) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) FreeFileSync v4.6 (HKLM-x32\...\FreeFileSync) (Version: 4.6 - ZenJu) Genie Backup Manager Pro 8.0 (x64) (HKLM\...\{299CC263-D4A2-4536-9874-9C9F75B2F475}_is1) (Version: 8.0.365.535 - Genie-Soft) Gold Wave Editor Pro v10.5.5 (HKLM-x32\...\Gold Wave Editor Pro_is1) (Version: - GoldMedia Development Inc.) Google Chrome (HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.) Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google) iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) inSSIDer 2.0 (HKLM\...\{57019733-78E6-43DE-8E6D-55349F0FDE6F}) (Version: 2.0.7 - MetaGeek) IsoBuster 2.8.5 (HKLM-x32\...\IsoBuster_is1) (Version: 2.8.5 - Smart Projects) iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation) Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version: - Code Jelly) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Mendeley Desktop 1.3.1 (HKLM-x32\...\Mendeley Desktop) (Version: 1.3.1 - Mendeley Ltd.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mindjet MindManager 2012 (HKLM-x32\...\{2005E0A6-ED25-4B8A-801C-F3A0B846A317}) (Version: 10.0.445 - Mindjet) Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) Opera Stable 32.0.1948.25 (HKLM-x32\...\Opera 32.0.1948.25) (Version: 32.0.1948.25 - Opera Software) PDF-XChange 2012 Pro (HKLM\...\{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1) (Version: 5.0.264.0 - Tracker Software Products Ltd) PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software) PhotoFiltre Studio X (HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\PhotoFiltre Studio X) (Version: - ) POIbase 1.041 (HKLM-x32\...\POIbase_is1) (Version: - POIbase) PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5939 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform) ReNamer (HKLM-x32\...\ReNamer_is1) (Version: 5.60 - Denis Kozlov) ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - ) Revo Uninstaller 1.93 (HKLM-x32\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group) RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.55.03 - RICOH) Sandboxie 3.62 (64-bit) (HKLM\...\Sandboxie) (Version: 3.62 - SANDBOXIE L.T.D) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version: - Microsoft) Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories) Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 (HKLM-x32\...\{38019B39-5B9E-4CA5-A322-2529F46573DD}) (Version: 6.5 - Silicon Laboratories, Inc.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.26.2 - Synaptics Incorporated) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.12313 - TeamViewer) TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation) Twonky Server (HKLM-x32\...\TwonkyServer) (Version: 7.2.7.0 - PacketVideo) Ulead PhotoImpact 12 (HKLM-x32\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - ) VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation) Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) WinDirStat 1.1.2 (HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\...\WinDirStat) (Version: - ) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) Wireshark 1.10.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.1 - The Wireshark developer community, hxxp://www.wireshark.org) WizMouse v1.6.0.2 (HKLM-x32\...\WizMouse_is1) (Version: - Antibody Software) Wunderlist (HKLM-x32\...\{3031A053-DC97-4D03-9179-BF6F98F63FA2}) (Version: 1.2.4 - None provided) Zoner Photo Studio 15 (HKLM\...\ZonerPhotoStudio15_DE_is1) (Version: 15.0.1.7 - ZONER software) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll Keine Datei CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll Keine Datei CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll Keine Datei CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll Keine Datei CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll Keine Datei CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll Keine Datei CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll Keine Datei CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll Keine Datei CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3873337503-2129652553-3438850724-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\lucky8\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll Keine Datei ==================== Wiederherstellungspunkte ========================= ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2013-03-04 21:52 - 00607853 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 aconti.net 127.0.0.1 secure.aconti.net 127.0.0.1 www.aconti.net #[Dialer.Aconti] 127.0.0.1 am1.activemeter.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] 127.0.0.1 ad2games.com 127.0.0.1 cms.ad2click.nl 127.0.0.1 ads.ad2games.com 127.0.0.1 content.ad20.net 127.0.0.1 core.ad20.net 127.0.0.1 banner.ad.nu Da befinden sich 1000 zusätzliche Einträge. ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0DB6B0EC-2327-4BE6-9394-68276E57697C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001Core => C:\Users\lucky8\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {1858F3DC-5831-445A-B2EF-293E547FF693} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001UA => C:\Users\lucky8\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-08] (Facebook Inc.) Task: {1A2BB52B-CD05-429D-9AA9-16E875FFCD32} - System32\Tasks\Opera scheduled Autoupdate 1422563909 => C:\Program Files (x86)\Opera\launcher.exe [2015-09-11] (Opera Software) Task: {242937C2-8DAA-4557-A55F-59126CD1A84B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8ABA28FC-C037-4527-B1C4-AA86A9A5D14F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001UA => C:\Users\lucky8\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {A4519B0E-154E-4A26-9792-24A047CD3682} - System32\Tasks\{0E2C0025-CAC4-44B2-ACA3-81440FB9229D} => pcalua.exe -a "E:\Software\Dbpoweramp 14.2\Codecs\Latest Versions\dBpoweramp-dMC-DSP.exe" -d "E:\Software\Dbpoweramp 14.2\Codecs\Latest Versions" Task: {C0FE6800-A777-46F4-A21D-7D87179D7230} - System32\Tasks\Everything (zulassen) => C:\Program Files (x86)\Everything\Everything.exe [2009-03-13] () Task: {D8AB826B-67CC-427F-AA61-02F675FABC79} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-09-12] (Adobe Systems Incorporated) Task: {FED2FDBF-5A33-49CE-9977-95E9F02AF32A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001Core => C:\Users\lucky8\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-08] (Facebook Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001Core.job => C:\Users\lucky8\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001UA.job => C:\Users\lucky8\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001Core.job => C:\Users\lucky8\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3873337503-2129652553-3438850724-1001UA.job => C:\Users\lucky8\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2012-01-15 14:22 - 2007-08-08 00:08 - 00094208 ____N () C:\Program Files\ATKGFNEX\GFNEXSrv.exe 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-01 13:36 - 2014-04-01 13:36 - 00973688 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe 2012-01-17 00:05 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2012-01-20 14:01 - 2011-10-26 17:41 - 00318976 ____N () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2012-01-16 18:35 - 2010-04-03 14:05 - 00380928 ____N () C:\Program Files (x86)\Launchy\Launchy.exe 2009-03-13 02:18 - 2009-03-13 02:18 - 00602624 ____N () C:\Program Files (x86)\Everything\Everything.exe 2012-01-16 18:35 - 2009-12-16 23:13 - 08314880 ____N () C:\Program Files (x86)\Launchy\QtGui4.dll 2012-01-16 18:35 - 2009-12-16 22:54 - 02236416 ____N () C:\Program Files (x86)\Launchy\QtCore4.dll 2012-01-16 18:35 - 2009-12-16 22:56 - 00712704 ____N () C:\Program Files (x86)\Launchy\QtNetwork4.dll 2012-01-16 18:35 - 2009-12-17 01:18 - 00233472 ____N () C:\Program Files (x86)\Launchy\imageformats\qmng4.dll 2012-01-16 18:35 - 2010-04-03 14:06 - 00081920 ____N () C:\Program Files (x86)\Launchy\plugins\calcy.dll 2012-01-16 18:35 - 2010-04-03 14:05 - 00090112 ____N () C:\Program Files (x86)\Launchy\plugins\controly.dll 2012-01-16 18:35 - 2010-04-03 14:06 - 00024064 ____N () C:\Program Files (x86)\Launchy\plugins\gcalc.dll 2012-01-16 18:35 - 2010-04-03 14:06 - 00094208 ____N () C:\Program Files (x86)\Launchy\plugins\runner.dll 2012-01-16 18:35 - 2010-04-03 14:05 - 00057344 ____N () C:\Program Files (x86)\Launchy\plugins\verby.dll 2012-01-16 18:35 - 2010-04-03 14:05 - 00122880 ____N () C:\Program Files (x86)\Launchy\plugins\weby.dll 2011-09-14 13:02 - 2011-09-14 13:02 - 00150856 ____N () C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3873337503-2129652553-3438850724-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lucky8\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.192.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{D500DB23-67EC-4E1E-B4E8-8FACFB4C2DAB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{1E3AC452-17CA-4639-857F-8963316E3C04}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{7B41CE2B-0780-44A7-936E-F642B750BA0C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{8CF4C85E-072D-4B12-A4D2-CD4CB3452D3A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{E22C71F8-3B82-4DD8-89D1-41E72E435165}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D9B44DF5-C73D-4A77-8C2B-215582DD5A94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{98C8DC5A-C182-4DFF-B1CE-C1933C2DE564}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{F8098B9D-3FAD-466D-92AD-7EE2F081C734}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8D226881-7D89-4FFA-AD4A-B64DE69B9566}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{CA34EB53-407B-4D1A-9312-F6114C53F0AD}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [UDP Query User{AE67ED08-C91C-4D50-895D-92DFC32C1256}C:\program files (x86)\opera\opera.exe] => (Allow) C:\program files (x86)\opera\opera.exe FirewallRules: [TCP Query User{87377ECC-9DC5-44CA-83B9-49B3ADEE1999}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{2C7D9A78-B7B5-45FB-8F47-DF5D89C3DBC0}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [TCP Query User{C5E43B0E-3E12-4094-88BD-FBB87706F894}C:\program files (x86)\adfender\adfender.exe] => (Allow) C:\program files (x86)\adfender\adfender.exe FirewallRules: [UDP Query User{D769A3D8-6971-44B2-8501-7A3FA8A02B77}C:\program files (x86)\adfender\adfender.exe] => (Allow) C:\program files (x86)\adfender\adfender.exe FirewallRules: [{FE413098-1C01-4F44-A519-C0AA050FF43A}] => (Allow) %ProgramFiles% (x86)\Everything\Everything.exe FirewallRules: [TCP Query User{38A32C50-E57A-4AF0-865A-7859A08C9CC3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{DB823077-C574-4C06-93A0-A7808D3811D5}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [{77D818DB-226E-4C24-B429-6348ECA1913A}] => (Allow) C:\Program Files (x86)\POIbase\POIbase.exe FirewallRules: [{9BF420AB-849D-40DE-ADB8-F1CDA2964AF6}] => (Allow) C:\Program Files (x86)\POIbase\POIbase.exe FirewallRules: [{EAF226ED-41AF-44DA-9D3B-0EBB344EE81A}] => (Allow) C:\Program Files (x86)\POIbase\POIbase.exe FirewallRules: [{4A023215-A963-4C90-8C66-8CEC141A7044}] => (Allow) C:\Program Files (x86)\POIbase\POIbase.exe FirewallRules: [{1EF9C129-FA3D-4CBD-81B3-0DFDC306503B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{36D4217A-4353-47DC-A2FB-50AB8EEF9E48}] => (Allow) LPort=2869 FirewallRules: [{905F1C92-0208-4B6F-AFBF-9E0BD1612C21}] => (Allow) LPort=1900 FirewallRules: [{C34C51E9-ED68-4D2B-9332-FDFF00D34751}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{160AE443-01EE-4F80-860E-6E2ADABCFAC1}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{24EF3567-C324-4F22-B77B-65EEAA4383F8}] => (Allow) C:\Program Files (x86)\Illustrate\dBpoweramp\CDGrab.exe FirewallRules: [{BC14A241-990E-48C3-B292-901EDB425589}] => (Allow) C:\Program Files (x86)\Illustrate\dBpoweramp\CDGrab.exe FirewallRules: [{81876A81-3781-41B4-BFCC-8B13B4DC2F4B}] => (Allow) C:\Program Files (x86)\Illustrate\dBpoweramp\CDGrab.exe FirewallRules: [{35B9FF47-3331-4278-BA61-D20B08A936EE}] => (Allow) C:\Program Files (x86)\Illustrate\dBpoweramp\CDGrab.exe FirewallRules: [TCP Query User{8463949C-7DFB-4453-A8FD-219C92BA0AAE}C:\users\lucky8\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\lucky8\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light FirewallRules: [UDP Query User{BDBD70C8-71DC-4E58-888F-672857723CD7}C:\users\lucky8\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light] => (Allow) C:\users\lucky8\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light FirewallRules: [TCP Query User{709CF5BB-407F-46C8-B9EC-80A1D52794EA}E:\programme\skype\phone\skype.exe] => (Allow) E:\programme\skype\phone\skype.exe FirewallRules: [UDP Query User{693D5B9D-0115-47BD-96E7-7D27DC584530}E:\programme\skype\phone\skype.exe] => (Allow) E:\programme\skype\phone\skype.exe FirewallRules: [TCP Query User{406CD580-3EAC-4BAD-B21C-1558346565DF}E:\programme\skype\phone\skype.exe] => (Allow) E:\programme\skype\phone\skype.exe FirewallRules: [UDP Query User{5DD9848F-FD9E-4504-934E-A0CC747A8AA9}E:\programme\skype\phone\skype.exe] => (Allow) E:\programme\skype\phone\skype.exe FirewallRules: [{3344198F-7951-454B-913F-681A53C280EA}] => (Allow) C:\Users\lucky8\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{2B496D28-767D-4691-97D2-D4F31D345AE0}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{156400E6-BF75-4BE7-8A2F-984996530CE8}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{38A33D1A-DD7B-4258-9A3B-57EA5F711479}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe FirewallRules: [{67345DCA-AA64-4F8B-94DB-105CF45D87DF}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe FirewallRules: [{BDB7A580-8402-4396-A63F-CA05AD99326B}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe FirewallRules: [{0BC17E7B-AAAE-407F-9517-A8F539AFA06F}] => (Allow) C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe FirewallRules: [TCP Query User{FEF6DE57-6AFC-4967-B19F-B7A7D4BAA6E6}C:\program files (x86)\twonky\twonkyserver\twonkyserver.exe] => (Block) C:\program files (x86)\twonky\twonkyserver\twonkyserver.exe FirewallRules: [UDP Query User{2F552B09-941C-4787-8802-D1DF717A53BB}C:\program files (x86)\twonky\twonkyserver\twonkyserver.exe] => (Block) C:\program files (x86)\twonky\twonkyserver\twonkyserver.exe FirewallRules: [{492BFFD4-E177-44F3-9650-D5AE9633251B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C65B91A1-0C2B-49A3-BA08-1289431C1674}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{640DF8F2-7149-4480-B84D-8C62932C1025}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (09/20/2015 05:47:07 PM) (Source: Google Update) (EventID: 20) (User: MiNE) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (09/20/2015 02:47:06 PM) (Source: Google Update) (EventID: 20) (User: MiNE) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (09/20/2015 12:50:52 PM) (Source: Google Update) (EventID: 20) (User: MiNE) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (09/20/2015 12:42:29 PM) (Source: Google Update) (EventID: 20) (User: MiNE) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (09/20/2015 01:41:24 AM) (Source: LPR Print Monitor) (EventID: 2007) (User: ) Description: Johns-iMac:Johns-iMac.local Error: (09/19/2015 11:47:08 PM) (Source: Google Update) (EventID: 20) (User: MiNE) Description: Network Request Error. Error: 0x80072ee7. Http status code: 0. Url=https://www.facebook.com/omaha/update.php Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=IE, wpad=1, script=. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying WinHTTP. Send request returned 0x80072ee7. Http status code 0. trying CUP:iexplore. Send request returned 0x80004005. Http status code 0. Trying config: source=, direct connection. trying CUP:WinHTTP. Send request returned 0x80072ee7. Http s Error: (09/19/2015 06:10:50 PM) (Source: LPR Print Monitor) (EventID: 2007) (User: ) Description: Johns-iMac:Johns-iMac.local Error: (09/18/2015 08:57:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SynTPEnh.exe, Version: 15.3.26.2, Zeitstempel: 0x4e8a30c9 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0xfd0 Startzeit der fehlerhaften Anwendung: 0xSynTPEnh.exe0 Pfad der fehlerhaften Anwendung: SynTPEnh.exe1 Pfad des fehlerhaften Moduls: SynTPEnh.exe2 Berichtskennung: SynTPEnh.exe3 Error: (09/18/2015 08:45:33 PM) (Source: LPR Print Monitor) (EventID: 2007) (User: ) Description: Johns-iMac:Johns-iMac.local Error: (09/17/2015 09:17:17 PM) (Source: LPR Print Monitor) (EventID: 2007) (User: ) Description: Johns-iMac:Johns-iMac.local Systemfehler: ============= Error: (09/20/2015 02:22:53 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (09/20/2015 02:15:23 AM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (09/20/2015 02:15:23 AM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (09/20/2015 02:15:23 AM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (09/20/2015 02:15:23 AM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (09/20/2015 02:15:23 AM) (Source: atapi) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error: (09/20/2015 01:41:01 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007a (0xfffff6fc400087b0, 0xffffffffc0000185, 0x0000000033045860, 0xfffff880010f6ab8)C:\Windows\MEMORY.DMP092015-83320-01 Error: (09/20/2015 01:40:07 AM) (Source: atikmdag) (EventID: 10261) (User: ) Description: Display is not active Error: (09/20/2015 01:40:07 AM) (Source: atikmdag) (EventID: 19468) (User: ) Description: CPLIB :: General - Invalid Parameter Error: (09/20/2015 01:40:08 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 20.09.2015 um 01:37:15 unerwartet heruntergefahren. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz Prozentuale Nutzung des RAM: 56% Installierter physikalischer RAM: 4095.11 MB Verfügbarer physikalischer RAM: 1788.27 MB Summe virtueller Speicher: 8188.43 MB Verfügbarer virtueller Speicher: 5258.28 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:45.9 GB) (Free:1.31 GB) NTFS Drive e: () (Fixed) (Total:55 GB) (Free:18.83 GB) NTFS Drive g: () (Fixed) (Total:47.09 GB) (Free:7.31 GB) NTFS Drive h: () (Removable) (Total:1.88 GB) (Free:1.27 GB) FAT Drive m: (Volume) (Fixed) (Total:1241.96 GB) (Free:856.98 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8D1C393D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=45.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=150 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=102.1 GB) - (Type=05) ======================================================== Disk: 1 (Size: 1.9 GB) (Disk ID: 00070DAB) Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06) ======================================================== Disk: 2 (Size: 931.5 GB) (Disk ID: DA50514C) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 3. ==================== Ende von Addition.txt ============================ Gmer Log: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-09-20 18:41:09 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: Gmer-19357.exe; Driver: C:\Users\lucky8\AppData\Local\Temp\pxldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075a51401 2 bytes JMP 76a6b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075a51419 2 bytes JMP 76a6b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075a51431 2 bytes JMP 76ae8f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075a5144a 2 bytes CALL 76a44885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075a514dd 2 bytes JMP 76ae8832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075a514f5 2 bytes JMP 76ae8a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075a5150d 2 bytes JMP 76ae8728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075a51525 2 bytes JMP 76ae8af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075a5153d 2 bytes JMP 76a5fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075a51555 2 bytes JMP 76a668df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075a5156d 2 bytes JMP 76ae8ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075a51585 2 bytes JMP 76ae8b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075a5159d 2 bytes JMP 76ae86ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075a515b5 2 bytes JMP 76a5fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075a515cd 2 bytes JMP 76a6b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075a516b2 2 bytes JMP 76ae8eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2724] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075a516bd 2 bytes JMP 76ae8681 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075a51401 2 bytes JMP 76a6b20b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075a51419 2 bytes JMP 76a6b336 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075a51431 2 bytes JMP 76ae8f39 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075a5144a 2 bytes CALL 76a44885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075a514dd 2 bytes JMP 76ae8832 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075a514f5 2 bytes JMP 76ae8a08 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075a5150d 2 bytes JMP 76ae8728 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075a51525 2 bytes JMP 76ae8af2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075a5153d 2 bytes JMP 76a5fc98 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075a51555 2 bytes JMP 76a668df C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075a5156d 2 bytes JMP 76ae8ff1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075a51585 2 bytes JMP 76ae8b52 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075a5159d 2 bytes JMP 76ae86ec C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075a515b5 2 bytes JMP 76a5fd31 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075a515cd 2 bytes JMP 76a6b2cc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075a516b2 2 bytes JMP 76ae8eb4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Launchy\Launchy.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075a516bd 2 bytes JMP 76ae8681 C:\Windows\syswow64\kernel32.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015affd6d4d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015affd6d4d@001e45d6c5a5 0xDB 0xBE 0x4E 0x2C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015affd6d4d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015affd6d4d@001e45d6c5a5 0xDB 0xBE 0x4E 0x2C ... ---- EOF - GMER 2.1 ---- |
20.09.2015, 19:42 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 (64bit): TR/Crypt.ZPACK.Gen2 Hi,
__________________typisch Avira. Bestimmt mal wieder ein Fehlalarm. Warum hast du ein Professional Windows aber einen "kostenlosen" Scanner der ständig daneben langt und bei dem der hersteller auch noch meint die Kunden verarschen zu müssen?
__________________ |
20.09.2015, 19:50 | #3 |
| Windows 7 (64bit): TR/Crypt.ZPACK.Gen2 Also ist es laut den logs ein Fehlalarm ?
__________________Diese komische Cws0mZn6.exe.part kam mir schon seltsam vor. Was fuer einen Scanner empfiehlst du denn? Nutze ja noch die Premiumversion von Malwarebytes. |
20.09.2015, 22:31 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7 (64bit): TR/Crypt.ZPACK.Gen2 MSE oder EAM...
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows 7 (64bit): TR/Crypt.ZPACK.Gen2 |
antimalware, antivirus, appdata, avira, cache, device driver, dnsapi.dll, einfach, einzige, firefox, gelöscht, interne, internet, kaspersky, konnte, lightning, log, lucky, lws.exe, malwarebytes, malwarebytes antimalware, meldung, memory.dmp, plötzlich, poste, temp, tr/crypt.zpack.gen, updates, windows, windows 7 |