| |
| |||||||
Überwachung, Datenschutz und Spam: tradeadexchange adware in Chrome 45.0.Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
12.10.2015, 14:21
| #1 |
 |  tradeadexchange adware in Chrome 45.0. Hallo Leute, ich habe mir (vermutlich auf Twitch) Adware eingefangen. Ich bin dort Moderator in einem größeren Deutschen Stream, und bin letztens ausversehen beim bannen in einer Zeile verrutscht und habe auf einen Link geklickt. Nun habe ich das Problem, wie in diesem Forum auch schon einige andere; das sich per Zufall ab und zu beim klicken ein neuer Tab öffnet, mit mehreren Weiterleitungen über tradeadexchange.com, bis ich dann letztendlich auf einer Seite wie browserfeedback.com mit *tollen Prämien* lande  Normalerweise bin ich sehr vorsichtig unterwegs, und das ist auch das 1. mal seit Jahren das ich mir etwas 'eingefangen' habe. Ich habe direkt als sich das 1. mal diese Weiterleitung öffnete folgendes bereits getan: -Chrome Shortcut unter die Lupe genommen -Chrome Extensions durchwühlt -Chrome Einstellungen (Suche, Tab...) nachgeschaut -Malewarebytes Anti-Maleware einen Bedrohungslauf machen lassen -Adwcleaner laufen lassen -mit procexp geguckt ob ich evtl einen laufenden Prozess dazu finde nichts gefunden.  Dann habe ich erst einmal den Freund und Helfer Dr. Google um Rat gebeten; von den ersten 50 Ergebnissen verweisen ca. 45 auf die gleichen Tools - SpyHunter und RegHunter. Alle Seiten nehmen eine fast identische Anleitung und wurden zur fast selben Zeit erstellt. Die Tools funktionieren nur wie in der Anleitung beschrieben, wenn man sie in der Vollversion erwirbt. Sehr merkwürdig, haben wir da die 'Drahtzieher' gefunden?  Naja darum soll es nicht gehen, ich bin dann hier auf das Trojaner Board gekommen, habe nach 'tradeadexchange' gesucht, und direkt bemerkt ich war nicht der einzige mit dem Problem. Wie in den anderen Themen beschrieben, habe ich mir noch den ESET Scan runtergeladen, dazu den Shortcut Cleaner und zu guter letzt das Junkware Removal Tool. ESET hat nichts gefunden, Shortcut Cleaner ebenso wenig. Das Junkware Removal Tool hat etwas gefunden, allerdings gehört das zu einer Chrome VPN Erweiterung die ich mir angeschafft habe, nachdem ich bereits 'infiziert' war. Ein installiertes Programm konnte ich im Revo Uninstaller auch nicht feststellen. Würde mich über Hilfe sehr freuen, denn ich bin mit meinem Halbwissen am Ende. Aktuelle Logs von FRST liegen bereits parat und werde ich dann falls verlangt, direkt posten können. Ich hoffe ich bin hier richtig, ich war mir nicht zu sicher ob ich hier oder in Loganalyse posten soll.. MfG Timo |
|
12.10.2015, 14:50
| #2 |
| /// Malwareteam  | tradeadexchange adware in Chrome 45.0. Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld  Bitte ALLE Logs die du bis jetzt hast Posten, also FRST, MBAM, SC Cleaner, JRT, ESET und was sonst noch da ist  SpyHunter ist übrigens Schrott, aber scheinbar bekommt man Geld wann man auf die verlinkt 
__________________ |
|
12.10.2015, 15:07
| #3 |
| | tradeadexchange adware in Chrome 45.0. Vielen Dank für deine schnelle Antwort :-)
__________________Gut dann fangen wir mal mit den Logs an, das sind die jeweiligen neuesten Logs; MBAM Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/10/12 02:59:37 +0200</date>
<logfile>mbam-log-2015-10-12 (02-59-35).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.10.11.05</malware-database>
<rootkit-database>v2015.10.06.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>Timo</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>395334</objects>
<time>380</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
SC CLEANER Code:
ATTFilter Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 10 Pro
Program started at: 10/12/2015 04:40:35 AM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Timo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Timo\Desktop\
Searching C:\Users\Public\Desktop\
0 bad shortcuts found.
Program finished at: 10/12/2015 04:40:36 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Pro x64
Ran by Timo on 12.10.2015 at 4:28:55,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully deleted: [Service] drvagent64 [Reboot required]
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Users\Timo\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage
Successfully deleted: [File] C:\Users\Timo\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Users\Timo\Appdata\Local\crashrpt
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Timo\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
[C:\Users\Timo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Timo\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gkojfkhlekighikafcpjkiklfbnlmeio
[C:\Users\Timo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Timo\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gkojfkhlekighikafcpjkiklfbnlmeio
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.10.2015 at 4:31:55,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:11-10-2015 02 durchgeführt von Timo (Administrator) auf LAPTOP-TIMO (12-10-2015 14:27:31) Gestartet von C:\Users\Timo\Downloads Geladene Profile: Timo (Verfügbare Profile: Timo) Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-18\...\RunOnce: [iCloud] => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe" ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => Keine Datei ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => Keine Datei ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.136.1 Tcpip\..\Interfaces\{3fa7f4cb-147c-4fc6-86d8-7af25dcfe03c}: [DhcpNameServer] 192.168.136.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-48998432-2819405660-1205221929-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-13] (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-13] (Oracle Corporation) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft) FireFox: ======== FF ProfilePath: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\ll36yyqu.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-09] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-13] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.) FF Extension: YouTube Unblocker - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\ll36yyqu.default\Extensions\youtubeunblocker@unblocker.yt [2015-09-09] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\ll36yyqu.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-09-09] FF Extension: Adblock Plus - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\ll36yyqu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-09] FF Extension: BetterPrivacy - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\ll36yyqu.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-09-09] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-09-14] Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.de/" CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (BetterTTV) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-10-01] CHR Extension: (Google Docs) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-22] CHR Extension: (Google Drive) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-22] CHR Extension: (Dark Skin for Youtube™) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2015-10-11] CHR Extension: (YouTube) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-22] CHR Extension: (Google-Suche) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-22] CHR Extension: (Hola Besseres Internet) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-12] CHR Extension: (Adblock Super) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-23] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-22] CHR Extension: (Night Sky) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nloeakflilfdokdfcajijlikmcjjgphe [2015-09-23] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-22] CHR Extension: (TunnelBear VPN) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2015-10-11] CHR Extension: (Google Mail) - C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-22] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation) R3 NxpCap64; C:\Windows\system32\DRIVERS\NxpCap64.sys [1719936 2012-12-14] (NXP Semiconductors Germany GmbH) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [194392 2015-09-14] (IDRIX) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) S3 X6va034; \??\C:\WINDOWS\SysWOW64\Drivers\X6va034 [26840 2015-10-10] () S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-12 14:27 - 2015-10-12 14:27 - 00015476 _____ C:\Users\Timo\Downloads\FRST.txt 2015-10-12 14:27 - 2015-10-12 14:27 - 00000000 ____D C:\FRST 2015-10-12 14:26 - 2015-10-12 14:27 - 02195968 _____ (Farbar) C:\Users\Timo\Downloads\FRST64.exe 2015-10-12 14:12 - 2015-10-12 14:12 - 00016148 _____ C:\WINDOWS\system32\LAPTOP-TIMO_Timo_HistoryPrediction.bin 2015-10-12 04:44 - 2015-10-12 13:54 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log 2015-10-12 04:40 - 2015-10-12 04:40 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Timo\Downloads\sc-cleaner.exe 2015-10-12 04:40 - 2015-10-12 04:40 - 00001824 _____ C:\Users\Timo\Desktop\sc-cleaner.txt 2015-10-12 04:31 - 2015-10-12 04:32 - 00001741 _____ C:\Users\Timo\Desktop\JRT.txt 2015-10-12 03:29 - 2015-10-12 03:29 - 00000000 ____D C:\Users\Timo\AppData\Roaming\VSRevoGroup 2015-10-12 03:27 - 2015-10-12 03:27 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Timo\Downloads\revosetup95.exe 2015-10-12 03:27 - 2015-10-12 03:27 - 00001337 _____ C:\Users\Timo\Desktop\Revo Uninstaller.lnk 2015-10-12 03:27 - 2015-10-12 03:27 - 00000000 ____D C:\Program Files (x86)\VS Revo Group 2015-10-12 03:00 - 2015-10-12 04:08 - 01798976 _____ (Malwarebytes) C:\Users\Timo\Desktop\JRT.exe 2015-10-12 01:52 - 2015-10-12 03:03 - 02870984 _____ (ESET) C:\Users\Timo\Desktop\esetsmartinstaller_enu.exe 2015-10-12 01:46 - 2015-10-12 01:46 - 00000000 _____ C:\autoexec.bat 2015-10-10 04:44 - 2015-10-10 04:44 - 00000000 ____D C:\Users\Timo\Documents\BLOCKIFY 2015-10-10 04:42 - 2015-10-10 04:42 - 13440375 _____ C:\Users\Timo\Downloads\Blockify_Lite_0.5.zip 2015-10-10 04:15 - 2015-10-10 04:15 - 01682432 _____ C:\Users\Timo\Desktop\adwcleaner_5.013.exe 2015-10-10 03:11 - 2015-10-10 03:11 - 00026840 _____ C:\WINDOWS\SysWOW64\Drivers\X6va034 2015-10-10 03:11 - 2015-10-10 03:11 - 00000000 ____D C:\Users\Timo\Documents\Cross Fire 2015-10-10 03:11 - 2015-10-10 03:11 - 00000000 ____D C:\CFLog 2015-10-10 02:22 - 2015-10-10 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E[POD]bot 2015-10-10 02:22 - 2004-03-29 17:23 - 00090112 _____ (MindVision Software) C:\WINDOWS\unvise32.exe 2015-10-10 01:58 - 2015-10-10 01:58 - 00000898 _____ C:\Users\Public\Desktop\Counter-Strike.exe.lnk 2015-10-10 01:58 - 2015-10-10 01:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 2015-10-10 00:49 - 2015-10-10 00:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-10-09 21:56 - 2015-10-09 21:58 - 00000000 ____D C:\WINDOWS\SysWOW64\directx 2015-10-09 21:38 - 2015-10-09 21:38 - 00000000 ____D C:\Users\Timo\Documents\STAR WARS Battlefront Beta 2015-10-09 20:13 - 2015-10-10 00:48 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Origin 2015-10-09 20:13 - 2015-10-09 20:13 - 00000000 ____D C:\ProgramData\Package Cache 2015-10-09 20:12 - 2015-10-10 00:49 - 00000000 ____D C:\ProgramData\Origin 2015-10-06 22:34 - 2015-10-06 22:59 - 00000000 ____D C:\Users\Timo\Documents\Hunting Unlimited 2010 2015-10-06 22:31 - 2015-10-06 22:31 - 00000000 ____D C:\Users\Timo\Documents\Drakensang_TRoT 2015-10-06 22:11 - 2015-10-06 22:11 - 00000000 ____D C:\Users\Timo\Documents\Commander 2015-10-06 21:50 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2015-10-06 21:50 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2015-10-06 21:50 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2015-10-06 21:50 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2015-10-06 21:50 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2015-10-06 21:50 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2015-10-06 21:50 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2015-10-06 21:20 - 2015-10-07 18:06 - 00000000 ____D C:\Users\Timo\Documents\18 WoS Extreme Trucker 2015-10-06 21:07 - 2015-10-06 21:41 - 00000366 _____ C:\Users\Timo\Documents\g2a.txt 2015-10-03 16:40 - 2015-10-03 16:42 - 00000975 _____ C:\Users\Timo\Downloads\bttv_settings.backup 2015-10-01 09:39 - 2015-09-25 02:13 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2015-10-01 09:39 - 2015-09-25 01:24 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2015-10-01 09:39 - 2015-09-25 01:23 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2015-10-01 09:39 - 2015-09-25 01:17 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-10-01 09:39 - 2015-09-25 01:08 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-10-01 09:39 - 2015-09-25 01:06 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2015-10-01 09:39 - 2015-09-25 01:01 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2015-10-01 09:39 - 2015-09-25 01:00 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2015-10-01 09:39 - 2015-09-25 00:42 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-10-01 09:39 - 2015-09-25 00:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2015-10-01 09:39 - 2015-09-25 00:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll 2015-10-01 09:39 - 2015-09-25 00:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2015-10-01 09:39 - 2015-09-17 08:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2015-10-01 09:39 - 2015-09-17 08:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2015-10-01 09:39 - 2015-09-17 08:49 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-10-01 09:39 - 2015-09-17 08:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2015-10-01 09:39 - 2015-09-17 08:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2015-10-01 09:39 - 2015-09-17 08:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys 2015-10-01 09:39 - 2015-09-17 08:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2015-10-01 09:39 - 2015-09-17 08:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-10-01 09:39 - 2015-09-17 08:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2015-10-01 09:39 - 2015-09-17 08:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-10-01 09:39 - 2015-09-17 08:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2015-10-01 09:39 - 2015-09-17 08:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2015-10-01 09:39 - 2015-09-17 08:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2015-10-01 09:39 - 2015-09-17 08:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2015-10-01 09:39 - 2015-09-17 08:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2015-10-01 09:39 - 2015-09-17 08:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2015-10-01 09:39 - 2015-09-17 08:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2015-10-01 09:39 - 2015-09-17 08:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2015-10-01 09:39 - 2015-09-17 08:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2015-10-01 09:39 - 2015-09-17 08:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2015-10-01 09:39 - 2015-09-17 08:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2015-10-01 09:39 - 2015-09-17 08:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2015-10-01 09:39 - 2015-09-17 08:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2015-10-01 09:39 - 2015-09-17 08:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2015-10-01 09:39 - 2015-09-17 08:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll 2015-10-01 09:39 - 2015-09-17 08:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2015-10-01 09:39 - 2015-09-17 08:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2015-10-01 09:39 - 2015-09-17 08:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2015-10-01 09:39 - 2015-09-17 08:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2015-10-01 09:39 - 2015-09-17 08:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2015-10-01 09:39 - 2015-09-17 08:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2015-10-01 09:39 - 2015-09-17 08:12 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-10-01 09:39 - 2015-09-17 08:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2015-10-01 09:39 - 2015-09-17 08:07 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-10-01 09:39 - 2015-09-17 08:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll 2015-10-01 09:39 - 2015-09-17 08:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-10-01 09:39 - 2015-09-17 08:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2015-10-01 09:39 - 2015-09-17 08:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2015-10-01 09:39 - 2015-09-17 08:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2015-10-01 09:39 - 2015-09-17 08:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2015-10-01 09:39 - 2015-09-17 08:00 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-10-01 09:39 - 2015-09-17 08:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2015-10-01 09:39 - 2015-09-17 08:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-10-01 09:39 - 2015-09-17 07:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2015-10-01 09:39 - 2015-09-17 07:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2015-10-01 09:39 - 2015-09-17 07:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2015-10-01 09:39 - 2015-09-17 07:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2015-10-01 09:39 - 2015-09-17 07:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2015-10-01 09:39 - 2015-09-17 07:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2015-10-01 09:39 - 2015-09-17 07:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-10-01 09:39 - 2015-09-17 07:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2015-10-01 09:39 - 2015-09-17 07:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2015-10-01 09:39 - 2015-09-17 07:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2015-10-01 09:39 - 2015-09-17 07:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2015-10-01 09:39 - 2015-09-17 07:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-10-01 09:39 - 2015-09-17 07:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2015-10-01 09:39 - 2015-09-17 07:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2015-10-01 09:39 - 2015-09-17 07:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2015-10-01 09:39 - 2015-09-17 07:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll 2015-10-01 09:39 - 2015-09-17 07:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2015-10-01 09:39 - 2015-09-17 07:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-10-01 09:39 - 2015-09-17 07:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2015-10-01 09:39 - 2015-09-17 07:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2015-10-01 09:39 - 2015-09-17 07:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-10-01 09:39 - 2015-09-17 07:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-10-01 09:39 - 2015-09-17 07:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2015-10-01 09:39 - 2015-09-17 07:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-10-01 09:39 - 2015-09-17 07:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2015-10-01 09:39 - 2015-09-17 07:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2015-10-01 09:39 - 2015-09-17 07:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2015-10-01 09:39 - 2015-09-17 07:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2015-10-01 09:39 - 2015-09-17 07:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2015-10-01 09:39 - 2015-09-17 07:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2015-10-01 09:39 - 2015-09-17 07:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2015-10-01 09:39 - 2015-09-17 07:47 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-10-01 09:39 - 2015-09-17 07:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2015-10-01 09:39 - 2015-09-17 07:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2015-10-01 09:39 - 2015-09-17 07:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2015-10-01 09:39 - 2015-09-17 07:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2015-10-01 09:39 - 2015-09-17 07:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2015-10-01 09:39 - 2015-09-17 07:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2015-10-01 09:39 - 2015-09-17 07:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-10-01 09:39 - 2015-09-17 07:45 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-10-01 09:39 - 2015-09-17 07:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2015-10-01 09:39 - 2015-09-17 07:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2015-10-01 09:39 - 2015-09-17 07:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2015-10-01 09:39 - 2015-09-17 07:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2015-10-01 09:39 - 2015-09-17 07:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2015-10-01 09:39 - 2015-09-17 07:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2015-10-01 09:39 - 2015-09-17 07:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2015-10-01 09:39 - 2015-09-17 07:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-10-01 09:39 - 2015-09-17 07:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2015-10-01 09:39 - 2015-09-17 07:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2015-10-01 09:39 - 2015-09-17 07:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2015-10-01 09:39 - 2015-09-17 07:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-10-01 09:39 - 2015-09-17 07:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2015-10-01 09:39 - 2015-09-17 07:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-10-01 09:39 - 2015-09-17 07:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2015-10-01 09:39 - 2015-09-17 07:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-10-01 09:39 - 2015-09-17 07:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll 2015-10-01 09:39 - 2015-09-17 07:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2015-10-01 09:39 - 2015-09-17 07:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-10-01 09:39 - 2015-09-17 07:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2015-10-01 09:39 - 2015-09-17 07:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2015-10-01 09:39 - 2015-09-17 07:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2015-10-01 09:39 - 2015-09-17 07:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-10-01 09:39 - 2015-09-17 07:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2015-10-01 09:39 - 2015-09-17 07:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2015-10-01 09:39 - 2015-09-17 07:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2015-10-01 09:39 - 2015-09-17 07:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-10-01 09:39 - 2015-09-17 07:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2015-10-01 09:39 - 2015-09-17 07:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2015-10-01 09:39 - 2015-09-17 07:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2015-10-01 09:39 - 2015-09-17 07:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2015-10-01 09:39 - 2015-09-17 07:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2015-10-01 09:39 - 2015-09-17 07:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2015-10-01 09:39 - 2015-09-17 07:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2015-10-01 09:39 - 2015-09-13 04:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2015-10-01 09:39 - 2015-09-13 03:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2015-10-01 09:38 - 2015-09-25 02:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2015-10-01 09:38 - 2015-09-25 02:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2015-10-01 09:38 - 2015-09-25 01:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2015-10-01 09:38 - 2015-09-25 01:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2015-10-01 09:38 - 2015-09-25 01:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2015-10-01 09:38 - 2015-09-25 01:07 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-10-01 09:38 - 2015-09-25 01:05 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2015-10-01 09:38 - 2015-09-25 01:01 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2015-10-01 09:38 - 2015-09-25 01:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2015-10-01 09:38 - 2015-09-25 01:00 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2015-10-01 09:38 - 2015-09-25 01:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll 2015-10-01 09:38 - 2015-09-25 00:53 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2015-10-01 09:38 - 2015-09-25 00:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2015-10-01 09:38 - 2015-09-25 00:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2015-10-01 09:38 - 2015-09-25 00:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll 2015-10-01 09:38 - 2015-09-25 00:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll 2015-10-01 09:38 - 2015-09-25 00:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2015-10-01 09:38 - 2015-09-25 00:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2015-10-01 09:38 - 2015-09-19 07:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2015-10-01 09:38 - 2015-09-17 08:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-10-01 09:38 - 2015-09-17 08:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2015-10-01 09:38 - 2015-09-17 08:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-10-01 09:38 - 2015-09-17 08:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-10-01 09:38 - 2015-09-17 08:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2015-10-01 09:38 - 2015-09-17 08:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-10-01 09:38 - 2015-09-17 08:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2015-10-01 09:38 - 2015-09-17 08:39 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-10-01 09:38 - 2015-09-17 08:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-10-01 09:38 - 2015-09-17 08:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-10-01 09:38 - 2015-09-17 08:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2015-10-01 09:38 - 2015-09-17 08:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2015-10-01 09:38 - 2015-09-17 08:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2015-10-01 09:38 - 2015-09-17 08:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2015-10-01 09:38 - 2015-09-17 08:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2015-10-01 09:38 - 2015-09-17 08:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2015-10-01 09:38 - 2015-09-17 08:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll 2015-10-01 09:38 - 2015-09-17 08:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe 2015-10-01 09:38 - 2015-09-17 08:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2015-10-01 09:38 - 2015-09-17 08:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2015-10-01 09:38 - 2015-09-17 08:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2015-10-01 09:38 - 2015-09-17 08:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2015-10-01 09:38 - 2015-09-17 08:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2015-10-01 09:38 - 2015-09-17 08:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2015-10-01 09:38 - 2015-09-17 08:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2015-10-01 09:38 - 2015-09-17 08:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2015-10-01 09:38 - 2015-09-17 08:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2015-10-01 09:38 - 2015-09-17 08:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2015-10-01 09:38 - 2015-09-17 08:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll 2015-10-01 09:38 - 2015-09-17 07:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2015-10-01 09:38 - 2015-09-17 07:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2015-10-01 09:38 - 2015-09-17 07:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll 2015-10-01 09:38 - 2015-09-17 07:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2015-10-01 09:38 - 2015-09-17 07:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2015-10-01 09:38 - 2015-09-17 07:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2015-10-01 09:38 - 2015-09-17 07:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll 2015-10-01 09:38 - 2015-09-17 07:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-10-01 09:38 - 2015-09-17 07:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2015-10-01 09:38 - 2015-09-17 07:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll 2015-10-01 09:38 - 2015-09-17 07:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2015-10-01 09:38 - 2015-09-17 07:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2015-10-01 09:38 - 2015-09-17 07:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-10-01 09:38 - 2015-09-17 07:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2015-10-01 09:38 - 2015-09-17 07:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2015-10-01 09:38 - 2015-09-17 07:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2015-10-01 09:38 - 2015-09-17 07:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2015-10-01 09:38 - 2015-09-17 07:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2015-10-01 09:38 - 2015-09-17 07:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll 2015-10-01 09:38 - 2015-09-17 07:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll 2015-10-01 09:38 - 2015-09-17 07:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys 2015-10-01 09:38 - 2015-09-17 07:49 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-10-01 09:38 - 2015-09-17 07:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll 2015-10-01 09:38 - 2015-09-17 07:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll 2015-10-01 09:38 - 2015-09-17 07:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2015-10-01 09:38 - 2015-09-17 07:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll 2015-10-01 09:38 - 2015-09-17 07:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll 2015-10-01 09:38 - 2015-09-17 07:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll 2015-10-01 09:38 - 2015-09-17 07:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll 2015-10-01 09:38 - 2015-09-17 07:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2015-10-01 09:38 - 2015-09-17 07:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2015-10-01 09:38 - 2015-09-17 07:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2015-10-01 09:38 - 2015-09-17 07:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2015-10-01 09:38 - 2015-09-17 07:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll 2015-10-01 09:38 - 2015-09-17 07:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll 2015-10-01 09:38 - 2015-09-17 07:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2015-10-01 09:38 - 2015-09-17 07:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2015-10-01 09:38 - 2015-09-17 07:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2015-10-01 09:38 - 2015-09-17 07:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll 2015-10-01 09:38 - 2015-09-17 07:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2015-10-01 09:38 - 2015-09-17 07:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-10-01 09:38 - 2015-09-17 07:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll 2015-10-01 09:38 - 2015-09-17 07:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2015-10-01 09:38 - 2015-09-17 07:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2015-10-01 09:38 - 2015-09-17 07:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2015-09-30 14:23 - 2015-10-01 15:35 - 00001520 _____ C:\Users\Timo\Desktop\Herunterfahren.lnk 2015-09-30 14:23 - 2015-09-30 14:28 - 00001466 _____ C:\Users\Timo\Desktop\Neustart.lnk 2015-09-30 14:23 - 2015-09-30 14:27 - 00001451 _____ C:\Users\Timo\Desktop\Abbruch.lnk 2015-09-30 14:21 - 2015-10-01 15:36 - 00000044 _____ C:\Users\Timo\Documents\Herunterfahren.cmd 2015-09-30 14:21 - 2015-09-30 14:22 - 00000011 _____ C:\Users\Timo\Documents\Abbruch.cmd 2015-09-30 14:21 - 2015-09-30 14:21 - 00000034 _____ C:\Users\Timo\Documents\Neustart.cmd 2015-09-30 13:15 - 2015-10-01 10:32 - 00001479 _____ C:\Users\Timo\Desktop\RAINMETER.lnk 2015-09-30 13:13 - 2015-09-30 13:14 - 00000042 _____ C:\Users\Timo\Documents\RAINMETER.bat 2015-09-30 04:00 - 2015-09-30 04:44 - 00003778 _____ C:\WINDOWS\System32\Tasks\Schattenkopie C 2015-09-30 03:41 - 2015-09-30 03:41 - 00051564 _____ C:\Users\Timo\Documents\com-Schattenkopierer.exe 2015-09-28 01:38 - 2015-09-28 01:40 - 09091692 _____ C:\Users\Timo\Downloads\Redstone-Schaltkreise v1.8.zip 2015-09-25 15:10 - 2015-09-25 15:10 - 04117346 _____ C:\Users\Timo\Downloads\MotioninJoy_071001_signed.zip 2015-09-25 00:25 - 2015-09-25 00:25 - 00000000 ____D C:\Users\Timo\Documents\minecraf 2015-09-24 20:30 - 2015-09-27 18:50 - 00000000 ____D C:\Users\Timo\AppData\Roaming\.minecraft 2015-09-24 20:27 - 2015-09-24 21:41 - 00000000 ____D C:\Users\Timo\Downloads\Minecraft-SP-175-Windows-1.exe_ 2015-09-24 20:02 - 2015-10-10 04:49 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2015-09-24 19:53 - 2015-09-24 19:53 - 00000788 _____ C:\Users\Timo\Desktop\NFSMW.lnk 2015-09-24 19:42 - 2015-09-24 19:42 - 00000000 ____D C:\Users\Timo\Documents\NFS Most Wanted 2015-09-24 19:42 - 2015-09-24 19:42 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted 2015-09-24 19:42 - 2015-09-24 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Most Wanted 2015-09-24 19:03 - 2015-09-24 19:03 - 00000795 _____ C:\Users\Timo\Desktop\NFSU2.lnk 2015-09-24 19:02 - 2015-09-24 19:02 - 00003318 _____ C:\WINDOWS\System32\Tasks\{1A5300EC-7EC0-432D-9079-854490BD0A5C} 2015-09-24 18:58 - 2015-09-24 18:58 - 00000000 ____D C:\Users\Timo\AppData\Local\NFS Underground 2 2015-09-24 18:58 - 2015-09-24 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NFS Underground 2 2015-09-23 23:23 - 2015-09-23 23:50 - 00000000 ____D C:\Program Files (x86)\ProgDVB 2015-09-22 15:15 - 2015-09-28 11:20 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-22 15:15 - 2015-09-22 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-09-22 15:14 - 2015-09-30 04:28 - 00001130 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-22 15:14 - 2015-09-30 04:28 - 00001126 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-22 15:14 - 2015-09-30 03:06 - 00003702 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-22 15:14 - 2015-09-30 03:06 - 00003478 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-22 15:14 - 2015-09-22 15:53 - 00000000 ____D C:\Users\Timo\AppData\Local\Google 2015-09-22 15:14 - 2015-09-22 15:15 - 00000000 ____D C:\Program Files (x86)\Google 2015-09-21 23:06 - 2015-10-10 04:41 - 00308224 ___SH C:\Users\Timo\Downloads\Thumbs.db 2015-09-21 23:00 - 2015-09-21 23:00 - 00000000 ____D C:\Users\Timo\Downloads\sf 2015-09-20 14:03 - 2015-09-27 13:27 - 00000000 ____D C:\Users\Timo\AppData\Local\The Settlers Online 2015-09-20 14:01 - 2015-09-20 14:01 - 00000217 _____ C:\Users\Timo\Desktop\The Settlers Online.url 2015-09-19 21:02 - 2015-09-19 21:02 - 00001605 _____ C:\Users\Public\Desktop\Free YouTube To MP3 Converter.lnk 2015-09-19 21:02 - 2015-09-19 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-09-19 21:01 - 2015-09-19 21:02 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2015-09-19 21:01 - 2015-09-19 21:01 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack 2015-09-19 21:00 - 2015-09-19 21:02 - 00000000 ____D C:\Users\Timo\AppData\Roaming\DVDVideoSoft 2015-09-18 15:31 - 2015-09-18 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-09-18 15:31 - 2015-09-18 15:31 - 00000000 ____D C:\Program Files\iTunes 2015-09-18 15:31 - 2015-09-18 15:31 - 00000000 ____D C:\Program Files\iPod 2015-09-18 15:31 - 2015-09-18 15:31 - 00000000 ____D C:\Program Files (x86)\iTunes 2015-09-18 15:30 - 2015-09-18 15:31 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-09-18 15:30 - 2015-09-18 15:30 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-09-18 15:30 - 2015-09-18 15:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2015-09-18 15:30 - 2015-09-18 15:30 - 00000000 ____D C:\Program Files\Bonjour 2015-09-18 15:30 - 2015-09-18 15:30 - 00000000 ____D C:\Program Files (x86)\Bonjour 2015-09-18 15:30 - 2015-09-18 15:30 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2015-09-18 15:25 - 2015-09-18 15:31 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Syncios 2015-09-18 15:25 - 2015-09-18 15:25 - 00001060 _____ C:\Users\Public\Desktop\Syncios.lnk 2015-09-18 15:25 - 2015-09-18 15:25 - 00000000 ____D C:\Users\Timo\Documents\Syncios 2015-09-18 15:25 - 2015-09-18 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syncios 2015-09-18 15:24 - 2015-09-18 15:25 - 00000000 ____D C:\Program Files (x86)\Syncios 2015-09-18 00:06 - 2015-09-18 00:06 - 00008233 _____ C:\Users\Timo\AppData\Local\recently-used.xbel 2015-09-17 23:16 - 2015-09-17 23:19 - 02599699 _____ C:\Users\Timo\Documents\rth.xcf 2015-09-17 21:50 - 2015-09-17 21:50 - 00000000 ____D C:\Users\Timo\AppData\Local\webkit 2015-09-17 21:46 - 2015-10-10 17:11 - 00000000 ____D C:\Users\Timo\AppData\Local\Spotify 2015-09-17 21:46 - 2015-09-17 21:46 - 00001886 _____ C:\Users\Timo\Desktop\Spotify.lnk 2015-09-17 21:46 - 2015-09-17 21:46 - 00001872 _____ C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-09-17 21:45 - 2015-10-10 15:46 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Spotify 2015-09-15 21:56 - 2015-09-30 14:29 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-09-15 02:31 - 2015-09-15 02:31 - 00022200 _____ (Phoenix Technologies) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS 2015-09-15 02:27 - 2015-09-15 02:34 - 00000000 ____D C:\ProgramData\Freemake 2015-09-15 02:27 - 2015-09-15 02:27 - 00000000 ____D C:\Users\Timo\Documents\Freemake 2015-09-15 02:01 - 2015-09-15 02:01 - 00000000 ____D C:\Users\Timo\AppData\LocalLow\Apple Computer 2015-09-15 02:01 - 2015-09-15 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-09-15 02:01 - 2015-09-15 02:01 - 00000000 ____D C:\Program Files (x86)\QuickTime 2015-09-15 01:47 - 2015-09-15 01:47 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2015-09-15 00:55 - 2015-09-15 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-09-15 00:54 - 2015-10-12 13:54 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2015-09-15 00:54 - 2015-09-15 00:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-09-15 00:42 - 2015-10-12 13:54 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-09-15 00:42 - 2015-09-15 00:42 - 00001171 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-09-15 00:42 - 2015-09-15 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-09-15 00:42 - 2015-09-15 00:42 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-15 00:42 - 2015-09-15 00:42 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-09-15 00:42 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-09-15 00:42 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-09-15 00:42 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-09-14 22:09 - 2015-09-14 22:09 - 00000000 ____D C:\Users\Timo\AppData\Roaming\VeraCrypt 2015-09-14 22:07 - 2015-09-14 22:07 - 00194392 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys 2015-09-14 22:07 - 2015-09-14 22:07 - 00000888 _____ C:\Users\Public\Desktop\VeraCrypt.lnk 2015-09-14 22:07 - 2015-09-14 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt 2015-09-14 22:07 - 2015-09-14 22:07 - 00000000 ____D C:\Program Files\VeraCrypt 2015-09-14 22:02 - 2015-09-14 22:02 - 00230840 _____ (TrueCrypt Foundation) C:\WINDOWS\system32\Drivers\truecrypt.sys 2015-09-14 20:55 - 2015-09-14 20:55 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys 2015-09-14 20:55 - 2015-09-14 20:55 - 00000000 ____D C:\Users\Public\Documents\Logishrd 2015-09-14 20:55 - 2015-09-14 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-09-14 20:54 - 2015-09-14 20:55 - 00000000 ____D C:\ProgramData\Logishrd 2015-09-14 20:54 - 2015-09-14 20:55 - 00000000 ____D C:\Program Files\Common Files\Logishrd 2015-09-14 20:54 - 2015-09-14 20:54 - 00000000 ____D C:\Program Files\Logitech 2015-09-14 20:53 - 2015-09-14 20:55 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Logitech 2015-09-14 20:53 - 2015-09-14 20:54 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Logishrd 2015-09-14 20:40 - 2015-09-14 20:40 - 03933496 _____ (Logitech, Inc.) C:\WINDOWS\system32\LogiLDA.DLL 2015-09-14 20:40 - 2015-09-14 20:40 - 02458936 _____ (Logitech, Inc.) C:\WINDOWS\system32\LdaCx2.dll 2015-09-14 16:44 - 2015-09-18 00:06 - 00000000 ____D C:\Users\Timo\AppData\Local\gtk-2.0 2015-09-14 16:44 - 2015-09-14 16:44 - 00000000 ____D C:\Users\Timo\.thumbnails 2015-09-14 16:43 - 2015-09-18 00:07 - 00000000 ____D C:\Users\Timo\.gimp-2.8 2015-09-14 16:43 - 2015-09-14 16:43 - 00000000 ____D C:\Users\Timo\AppData\Local\gegl-0.2 2015-09-14 16:42 - 2015-09-14 16:42 - 00000864 _____ C:\Users\Public\Desktop\GIMP 2.lnk 2015-09-14 16:42 - 2015-09-14 16:42 - 00000864 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-09-14 02:05 - 2015-10-12 04:50 - 00000000 ____D C:\Users\Timo\AppData\Local\ClassicShell 2015-09-14 02:05 - 2015-09-14 02:05 - 00000000 ____D C:\Users\Timo\AppData\Roaming\ClassicShell 2015-09-14 02:05 - 2015-09-14 02:05 - 00000000 ____D C:\ProgramData\ClassicShell 2015-09-14 02:03 - 2015-09-14 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2015-09-14 02:03 - 2015-09-14 02:03 - 00000000 ____D C:\Program Files\Classic Shell 2015-09-14 02:00 - 2015-09-14 02:00 - 00000000 ____D C:\Users\Timo\AppData\Local\Clover 2015-09-14 01:46 - 2015-10-10 00:51 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2015-09-14 01:46 - 2015-09-14 01:47 - 00000000 ____D C:\Program Files\CCleaner 2015-09-14 01:46 - 2015-09-14 01:46 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-09-14 01:46 - 2015-09-14 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-09-13 19:49 - 2015-10-12 04:38 - 00000000 ____D C:\AdwCleaner 2015-09-13 18:34 - 2015-09-13 18:34 - 00001248 _____ C:\Users\Timo\Desktop\AIDA64 Extreme.lnk 2015-09-13 18:34 - 2015-09-13 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire 2015-09-13 18:34 - 2015-09-13 18:34 - 00000000 ____D C:\Program Files (x86)\FinalWire 2015-09-13 18:31 - 2015-09-13 18:32 - 00000000 ____D C:\Users\Timo\Documents\7Z 2015-09-13 18:29 - 2015-09-13 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-09-13 18:29 - 2015-09-13 18:29 - 00000000 ____D C:\Program Files\7-Zip 2015-09-13 16:49 - 2015-09-13 16:49 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo 2015-09-13 15:50 - 2015-09-13 16:30 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Rainmeter 2015-09-13 15:50 - 2015-09-13 16:16 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk 2015-09-13 15:50 - 2015-09-13 16:16 - 00000000 ____D C:\Program Files\Rainmeter 2015-09-13 15:50 - 2015-09-13 15:50 - 00000000 ____D C:\Users\Timo\Documents\Rainmeter 2015-09-13 15:21 - 2015-09-13 15:29 - 00002219 _____ C:\Users\Timo\Desktop\JDownloader 2.lnk 2015-09-13 15:21 - 2015-09-13 15:21 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-09-13 15:20 - 2015-09-15 01:13 - 00000000 ____D C:\Users\Timo\AppData\Local\JDownloader v2.0 2015-09-13 15:08 - 2015-10-12 14:02 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4980E5F8-3375-410C-A149-285779B3AB9E} 2015-09-13 15:08 - 2015-09-13 15:08 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-09-13 15:08 - 2015-09-13 15:08 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Sun 2015-09-13 15:08 - 2015-09-13 15:08 - 00000000 ____D C:\Users\Timo\AppData\LocalLow\Sun 2015-09-13 15:08 - 2015-09-13 15:08 - 00000000 ____D C:\Users\Timo\.oracle_jre_usage 2015-09-13 15:08 - 2015-09-13 15:08 - 00000000 ____D C:\ProgramData\Oracle 2015-09-13 15:08 - 2015-09-13 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-13 15:08 - 2015-09-13 15:08 - 00000000 ____D C:\Program Files (x86)\Java 2015-09-13 15:06 - 2015-09-13 15:06 - 00000000 ____D C:\Users\Timo\AppData\LocalLow\Oracle 2015-09-13 15:03 - 2015-09-15 01:33 - 00000000 ____D C:\ProgramData\AVAST Software 2015-09-12 16:26 - 2015-10-09 04:10 - 00000000 ____D C:\Users\Timo\AppData\Roaming\TS3Client 2015-09-12 16:26 - 2015-10-06 10:41 - 00000000 ____D C:\Users\Timo\AppData\Local\TeamSpeak 3 Client 2015-09-12 16:26 - 2015-09-13 14:46 - 00001318 _____ C:\Users\Timo\Desktop\TeamSpeak 3 Client.lnk 2015-09-12 16:26 - 2015-09-12 16:26 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-12 14:04 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2015-10-12 13:58 - 2015-09-09 00:31 - 01790124 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-10-12 13:58 - 2015-07-10 18:34 - 00772342 _____ C:\WINDOWS\system32\perfh007.dat 2015-10-12 13:58 - 2015-07-10 18:34 - 00154170 _____ C:\WINDOWS\system32\perfc007.dat 2015-10-12 13:54 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-10-12 04:50 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\sru 2015-10-12 04:50 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI 2015-10-12 04:45 - 2015-09-09 21:07 - 00135680 ___SH C:\Users\Timo\Desktop\Thumbs.db 2015-10-12 02:27 - 2015-09-09 14:12 - 00000000 ____D C:\Users\Timo\AppData\Roaming\Skype 2015-10-12 01:45 - 2015-09-09 00:21 - 00000000 ____D C:\Users\Timo 2015-10-10 04:54 - 2015-09-09 13:59 - 00034304 ___SH C:\Users\Timo\Documents\Thumbs.db 2015-10-06 22:31 - 2015-09-08 22:40 - 00007590 _____ C:\Users\Timo\AppData\Local\Resmon.ResmonCfg 2015-10-06 21:50 - 2015-09-09 22:51 - 00000000 ____D C:\Users\Timo\Documents\My Games 2015-10-03 13:36 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache 2015-10-02 13:55 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\Recovery 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\F12 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\appraiser 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Provisioning 2015-10-01 15:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\L2Schemas 2015-10-01 14:36 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2015-10-01 04:38 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-09-30 03:56 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\restore 2015-09-24 20:04 - 2015-05-11 13:56 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Timo\Desktop\procexp.exe 2015-09-23 23:24 - 2015-09-08 20:02 - 00000000 ____D C:\Users\Timo\AppData\Local\VirtualStore 2015-09-18 15:30 - 2015-09-09 12:55 - 00000000 ____D C:\ProgramData\Apple 2015-09-18 00:08 - 2015-09-10 22:00 - 00000136 _____ C:\Users\Timo\Desktop\Skyrim.lnk 2015-09-16 12:54 - 2015-09-08 20:02 - 00000000 ____D C:\Users\Timo\AppData\Local\Packages 2015-09-15 18:12 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-09-15 18:12 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-14 20:54 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-09-14 03:07 - 2015-09-09 00:21 - 00000000 ___RD C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-09-13 19:52 - 2015-09-09 12:52 - 00000918 _____ C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2015-09-13 16:45 - 2015-07-10 12:59 - 00006656 _____ C:\WINDOWS\system32\lpcio.dll ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-09-18 00:06 - 2015-09-18 00:06 - 0008233 _____ () C:\Users\Timo\AppData\Local\recently-used.xbel 2015-09-08 22:40 - 2015-10-06 22:31 - 0007590 _____ () C:\Users\Timo\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-10-06 11:19 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:11-10-2015 02
durchgeführt von Timo (2015-10-12 14:28:10)
Gestartet von C:\Users\Timo\Downloads
Windows 10 Pro (X64) (2015-09-08 22:27:14)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-48998432-2819405660-1205221929-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-48998432-2819405660-1205221929-503 - Limited - Disabled)
Gast (S-1-5-21-48998432-2819405660-1205221929-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-48998432-2819405660-1205221929-1005 - Limited - Enabled)
Timo (S-1-5-21-48998432-2819405660-1205221929-1001 - Administrator - Enabled) => C:\Users\Timo
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.)
Apple Application Support (32-Bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Counter-Strike (HKLM-x32\...\Counter-Strike) (Version: - )
E[POD]bot (HKLM-x32\...\E[POD]bot) (Version: - )
Free YouTube To MP3 Converter version 4.0.0.915 (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.0.0.915 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Need for Speed Most Wanted (black edition) (HKLM-x32\...\Need for Speed Most Wanted) (Version: 1.3 - Electronic Arts)
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: 1.2 - Electronic Arts)
Pressure (HKLM-x32\...\Steam App 224220) (Version: - Chasing Carrots)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2461 - )
Redline (HKLM-x32\...\Steam App 328460) (Version: - Accolade, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seven Kingdoms 2 HD (HKLM-x32\...\Steam App 338800) (Version: - Enlight Software Limited)
Sid Meier's Colonization (Classic) (HKLM-x32\...\Steam App 327400) (Version: - MicroProse Software, Inc)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-48998432-2819405660-1205221929-1001\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Syncios Version 4.3.3 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 4.3.3 - Anvsoft, Inc.)
TeamSpeak 3 Client (HKU\S-1-5-21-48998432-2819405660-1205221929-1001\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Settlers Online (HKLM-x32\...\Steam App 354640) (Version: - Blue Byte)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.13 - IDRIX)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
30-09-2015 03:56:16 com! Schattenkopierer
05-10-2015 19:07:14 com! Schattenkopierer
06-10-2015 21:49:05 DirectX wurde installiert
10-10-2015 00:50:13 Removed SmartDVB
12-10-2015 03:59:42 com! Schattenkopierer
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {080EE043-E629-47E9-8992-3275F18B4AAC} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {09B0F716-4F8D-4748-A252-3AF2AE7015A3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {18A75985-BE75-46F8-ACDB-8060DE8734A4} - System32\Tasks\{C48A404A-9400-4DC7-A8F8-3F8BF2745A52} => pcalua.exe -a "C:\Users\Timo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XT384DQP\R235168.exe" -d C:\Users\Timo\Desktop
Task: {1B2BE19E-038D-4307-B025-831073C3F00F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {1E967FA4-4258-46A4-A933-81D1262264A6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2213B2E1-D127-4949-8B62-2EE91A845A70} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {22F2246E-6A83-482E-8A8B-69BAC37FB7F9} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {3011A829-E3D8-4933-9150-66B56BCC8A03} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {3B48E37F-A2A9-41EA-B91D-D10869AEC28C} - System32\Tasks\{1A5300EC-7EC0-432D-9079-854490BD0A5C} => pcalua.exe -a D:\Timo\Programme\NFSU2\#JIMBO\change_language.exe -d D:\Timo\Programme\NFSU2\#JIMBO
Task: {3F358ED4-B1F5-482E-8FE2-B9034992B062} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {48F8C2B5-6061-4FEE-B816-EAEBBD814104} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5568FD37-FF57-464C-AF43-CDF322318BEC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {638CC729-6CA5-4876-B6B0-B0653EDE508B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {68840CBA-91D6-450A-881B-0C63B6EE0FFD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {6B2CA3FE-E4B2-4BFA-B213-09C9DF7E3A7C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6CDE987B-68FE-4492-BA65-76C7E8B771D9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6FE5D59B-C3CD-46D1-9C6B-793E18BB5A89} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {7147D9A2-2FCF-4AD7-8F34-3747023C00EC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {73AA9B1A-3CE7-4DF4-AEDB-AB398749CD9C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7C6F399F-F01A-4F83-92B2-0DB7A7377F43} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {7CC558C4-BEB3-43AF-AE40-C2FCBD74D9C5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {8C229602-2FF3-44ED-95F9-C2EA2EEBC2F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {91A0DBC4-4E8F-471F-8A48-62FBB855AD0A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {A6D6C639-E6ED-4A7C-8E31-862FD9526A30} - System32\Tasks\Schattenkopie C => C:\Users\Timo\Documents\com-Schattenkopierer.exe [2015-09-30] ()
Task: {AA0B6FB1-0755-43BC-87DD-48AB9D422597} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AAD3C2EB-10E5-473F-B314-F6958D313ADF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B01CCDD9-3D6F-41D4-B492-E2E1117C794C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B7D402DE-C1CF-4578-A487-E3B0D16C1997} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {D2EF6EE2-2F83-47B5-AE51-A6581F2F5C8C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D405EA18-8446-4BA2-A7AB-5FA7E60CB34D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {D6F6F0BC-D26E-445C-8938-EAE08FA87262} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe
Task: {E5866031-8133-43E5-9C98-2CFBBD832676} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E5A7EC28-1435-4D5F-8203-48826F089FF8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E79DF3CA-2887-4EDB-9D38-3A4C76D2C5EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {EE3815B8-FCB1-4101-98CA-BB873D19BBDF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F8577046-744D-4CDB-860F-A38ABF3BF308} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {FBBD020F-B3C7-4102-85BE-FDD8E4E0A6CE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-09-09 00:36 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-09 00:36 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 09:39 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 09:39 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 09:39 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 09:39 - 2015-09-17 07:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 09:38 - 2015-09-17 07:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 09:38 - 2015-09-17 07:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 09:39 - 2015-09-17 07:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-28 11:20 - 2015-09-24 20:56 - 01868104 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-28 11:20 - 2015-09-24 20:56 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-03 12:29 - 2015-10-03 12:29 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-10-03 12:29 - 2015-10-03 12:29 - 10814464 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-09-18 12:35 - 2015-09-18 12:35 - 03495936 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-48998432-2819405660-1205221929-1001\Software\Classes\.exe: => <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-48998432-2819405660-1205221929-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Timo\Documents\wallpaper\anonymous_guy_fawkes_mask_mask_machete_99814_2048x1365.jpg
DNS Servers: 192.168.136.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Syncios device service"
HKU\S-1-5-21-48998432-2819405660-1205221929-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-48998432-2819405660-1205221929-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-48998432-2819405660-1205221929-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-48998432-2819405660-1205221929-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-48998432-2819405660-1205221929-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-48998432-2819405660-1205221929-1001\...\StartupApproved\Run: => "Spotify"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C2DC5358-231A-424D-AA71-90166B722D86}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{317E676A-00E3-4832-810A-8C58810EB967}] => (Allow) D:\Timo\Programme\Steam\Steam.exe
FirewallRules: [{7CA4C078-D0C7-43AE-A434-273B7E45118F}] => (Allow) D:\Timo\Programme\Steam\Steam.exe
FirewallRules: [{5EFFEED8-B6FB-48DA-9728-B17C47471AE9}] => (Allow) D:\Timo\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{4E7DA9F9-0081-4B91-AD33-E1A147BF3C1B}] => (Allow) D:\Timo\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{E71A2659-CD51-446D-893A-025031E89AD6}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{752650F6-CF59-4CD6-87D6-4741A32D1EC9}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{48DDEFD1-8F23-4A41-AE29-5E27C36DAE6D}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{94F4017A-EC5E-4A7F-81BD-2A914F9E78BB}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{F524F6D0-3F8D-4E58-9AB6-7672F3CE3E16}C:\users\timo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\timo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D51920F8-52AF-422A-9DA6-ED80DE51A834}C:\users\timo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\timo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{817175F4-1DF9-4FB7-9B44-57D4A0E44244}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0B04AC2-219E-4B43-8405-18698F5A5D3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EAA731A1-9483-474F-A6DD-4391F5A30169}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{06E67FA1-A802-4473-A7AB-D78F45874231}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09FAD4BD-9599-442B-B5D4-28A9CCEB8D2D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{022DB299-A0D5-4DED-8F58-3DD45A3D1D5F}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\The Settlers Online\nw.exe
FirewallRules: [{3CFCBF70-769C-42C8-9DBC-2F733516238D}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\The Settlers Online\nw.exe
FirewallRules: [{E3A2D510-ACB7-40B0-ADAD-C38C10AE7088}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{34F13967-D6C1-408D-8CF7-7EAD058C2F0A}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Seven Kingdoms 2 HD\7K2.exe
FirewallRules: [{338E8E7A-4A76-43DA-80A1-8354097B39A8}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Seven Kingdoms 2 HD\7K2.exe
FirewallRules: [{E3B5753E-40D1-45AA-8724-0186301C932B}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Darklands\dosbox_windows\dosbox.exe
FirewallRules: [{BC3CDD27-94CB-4336-AF91-93B1DE38908F}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Darklands\dosbox_windows\dosbox.exe
FirewallRules: [{1FAE5C28-F360-4A6C-AEC8-60F98149A5DB}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Darklands\dosbox_windows\daum\dosbox.exe
FirewallRules: [{B8995C9B-EB32-4B26-AC13-0CC46FDCD696}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Darklands\dosbox_windows\daum\dosbox.exe
FirewallRules: [{C5C6A21A-9B5B-422E-8F49-D924714261BD}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Sid Meier's Colonization\dosbox_windows\dosbox.exe
FirewallRules: [{D3113273-93D4-4128-9185-04D2D979FDE8}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Sid Meier's Colonization\dosbox_windows\dosbox.exe
FirewallRules: [{EB371EA1-FFD2-48AD-BD99-360600AA4F2C}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Sid Meier's Colonization\dosbox_windows\daum\dosbox.exe
FirewallRules: [{41C901AA-E354-4DC3-A33C-96CF5318135F}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Sid Meier's Colonization\dosbox_windows\daum\dosbox.exe
FirewallRules: [{8D385C53-EC93-4AB2-8F6C-A502DC64D062}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Crazy Chicken - Invasion\mh_invasion.exe
FirewallRules: [{865BE4FD-B65E-49D8-AE2A-54CDF2100C18}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Crazy Chicken - Invasion\mh_invasion.exe
FirewallRules: [{9D230F5A-964F-4FFF-99FE-D9018481E17F}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\18 Wheels of Steel Extreme Trucker\bin\win_x86\extremetrucker.exe
FirewallRules: [{81E51BDC-AB77-4B5C-9773-FF9F58C4C891}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\18 Wheels of Steel Extreme Trucker\bin\win_x86\extremetrucker.exe
FirewallRules: [{CA047988-FDA1-481B-B6CF-02BA8092CFDD}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Chicken Shoot\Kurka.exe
FirewallRules: [{1FE9FD99-06E3-46F5-BE79-B8CFE589EB51}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Chicken Shoot\Kurka.exe
FirewallRules: [{6614EDDA-D6A8-462D-8EAD-29A3DAB3ED1D}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Hunting Unlimited 2010\hu2010.exe
FirewallRules: [{C7AD9257-C8FD-46E5-8063-BF479BA3B712}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Hunting Unlimited 2010\hu2010.exe
FirewallRules: [{574B9A68-0227-441E-96A9-DF5E9804AD89}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\pressure\bin\pressure.exe
FirewallRules: [{93119601-93FB-4B37-95C6-087F78151F90}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\pressure\bin\pressure.exe
FirewallRules: [{25DBB825-1A8C-4FC3-BF64-4175A2CC5BD6}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\3SwitcheD\3SwitcheD.exe
FirewallRules: [{1115C8A8-D3C3-478A-8286-B35A4FADFA1A}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\3SwitcheD\3SwitcheD.exe
FirewallRules: [{A461E52B-F693-4E71-AD99-48663852E668}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Chicken Shoot 2\Kurka.exe
FirewallRules: [{D9D51C62-D9DB-4DA4-AB38-51C405DCCA70}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Chicken Shoot 2\Kurka.exe
FirewallRules: [{49D4EBBC-CFB8-44F6-B10E-24E6EA18F9F2}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Battle vs Chess\battlevschess.exe
FirewallRules: [{2B9314D2-2459-48A8-BF84-A54AB0CD60DE}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Battle vs Chess\battlevschess.exe
FirewallRules: [{AB02D9D0-C500-4541-A4F4-AB432D5D023B}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Commander Conquest of the Americas Gold\Commander.exe
FirewallRules: [{B90C88A3-1F89-47B1-A43F-8E0262FB37C9}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Commander Conquest of the Americas Gold\Commander.exe
FirewallRules: [{7A3C761B-E6B3-40BF-9DD5-86681EA9E4A0}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Dragonsphere\dosbox_windows\dosbox.exe
FirewallRules: [{DDB55025-A759-4A71-9E88-5985E4968410}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Dragonsphere\dosbox_windows\dosbox.exe
FirewallRules: [{E322390D-1102-4CB4-90DC-C67DCADAB7D9}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Dragonsphere\dosbox_windows\daum\dosbox.exe
FirewallRules: [{28766AE8-072C-41E6-8C82-D02FAFC61D14}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Dragonsphere\dosbox_windows\daum\dosbox.exe
FirewallRules: [{40854F6C-CC4A-46E8-85DB-BFEDFBBCD6F1}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Redline\Redline.exe
FirewallRules: [{068B7B26-C51E-40E9-8F6F-84D80DB0D5A7}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Redline\Redline.exe
FirewallRules: [{609D6C67-BCCB-4B36-926D-18C1B3BFBAD0}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Eradicator\dosbox_windows\dosbox.exe
FirewallRules: [{35513944-F36B-4E8C-BA72-9E831091BF72}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Eradicator\dosbox_windows\dosbox.exe
FirewallRules: [{2F906B1C-505F-4240-A3E5-C63B24A5E22C}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Eradicator\dosbox_windows\daum\dosbox.exe
FirewallRules: [{3491C670-EA15-49B9-B414-217DE01ABC22}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Eradicator\dosbox_windows\daum\dosbox.exe
FirewallRules: [{633E2920-06E6-4692-B22C-51201D69C7AF}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Drakensang The River of Time\drakensang.exe
FirewallRules: [{E59FC7B0-FD8A-48D0-92A0-4C878F02AC1D}] => (Allow) D:\Timo\Programme\Steam\steamapps\common\Drakensang The River of Time\drakensang.exe
FirewallRules: [TCP Query User{4CEC676F-CEF1-49D9-BF54-3ADFC4355DBB}D:\timo\programme\cs 1.6\hl.exe] => (Allow) D:\timo\programme\cs 1.6\hl.exe
FirewallRules: [UDP Query User{03A0F197-45DF-4521-8592-13DE830341A6}D:\timo\programme\cs 1.6\hl.exe] => (Allow) D:\timo\programme\cs 1.6\hl.exe
FirewallRules: [TCP Query User{341D05CA-3864-4E2B-B2FE-634FA030EE38}D:\timo\programme\cs 1.6\hltv.exe] => (Allow) D:\timo\programme\cs 1.6\hltv.exe
FirewallRules: [UDP Query User{527C3A94-D00E-405A-BB0B-B3A182759782}D:\timo\programme\cs 1.6\hltv.exe] => (Allow) D:\timo\programme\cs 1.6\hltv.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Massenspeichercontroller
Description: Massenspeichercontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Dell Wireless 5540
Description: Dell Wireless 5540
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/12/2015 04:42:14 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-48998432-2819405660-1205221929-1001}/">.
Error: (10/12/2015 03:59:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (10/12/2015 03:04:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (10/12/2015 03:03:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (10/12/2015 03:03:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (10/12/2015 03:03:56 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (10/12/2015 03:03:10 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Error: (10/12/2015 03:02:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
Systemfehler:
=============
Error: (10/12/2015 02:05:35 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:34 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:32 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:30 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (10/12/2015 02:05:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Prozentuale Nutzung des RAM: 28%
Installierter physikalischer RAM: 8180.51 MB
Verfügbarer physikalischer RAM: 5887.52 MB
Summe virtueller Speicher: 9460.51 MB
Verfügbarer virtueller Speicher: 6977.68 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:73.75 GB) (Free:24.61 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:399.15 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 8EDABFCE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 42F1619A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
 Das SpyHunter schrott ist habe ich auch schnell bemerkt nachdem ich mir das angeschaut habe   MfG |
|
12.10.2015, 16:40
| #4 |
| /// Malwareteam | tradeadexchange adware in Chrome 45.0. Hi, Schritt # 1: MBAR Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt # 2: TDSS Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt # 3: Bitte Posten
|
|
12.10.2015, 17:18
| #5 |
| | tradeadexchange adware in Chrome 45.0. Hey, beide Programme haben nichts gefunden, hier sind die Logs: MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
Database version:
main: v2015.10.11.05
rootkit: v2015.10.06.01
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16431
Timo :: LAPTOP-TIMO [administrator]
12.10.2015 18:02:42
mbar-log-2015-10-12 (18-02-42).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 394560
Time elapsed: 8 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
TDSS Code:
ATTFilter 18:13:12.0221 0x1be0 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
18:13:16.0769 0x1be0 ============================================================
18:13:16.0769 0x1be0 Current date / time: 2015/10/12 18:13:16.0769
18:13:16.0769 0x1be0 SystemInfo:
18:13:16.0769 0x1be0
18:13:16.0769 0x1be0 OS Version: 10.0.10240 ServicePack: 0.0
18:13:16.0769 0x1be0 Product type: Workstation
18:13:16.0769 0x1be0 ComputerName: LAPTOP-TIMO
18:13:16.0769 0x1be0 UserName: Timo
18:13:16.0769 0x1be0 Windows directory: C:\WINDOWS
18:13:16.0769 0x1be0 System windows directory: C:\WINDOWS
18:13:16.0769 0x1be0 Running under WOW64
18:13:16.0769 0x1be0 Processor architecture: Intel x64
18:13:16.0769 0x1be0 Number of processors: 8
18:13:16.0769 0x1be0 Page size: 0x1000
18:13:16.0769 0x1be0 Boot type: Normal boot
18:13:16.0769 0x1be0 ============================================================
18:13:16.0863 0x1be0 KLMD registered as C:\WINDOWS\system32\drivers\30172923.sys
18:13:17.0785 0x1be0 System UUID: {6C69A793-1D12-9D25-DA66-F3DE59B6F52A}
18:13:18.0910 0x1be0 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:18.0910 0x1be0 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:18.0926 0x1be0 ============================================================
18:13:18.0926 0x1be0 \Device\Harddisk0\DR0:
18:13:18.0926 0x1be0 MBR partitions:
18:13:18.0926 0x1be0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
18:13:18.0926 0x1be0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x937E800
18:13:18.0926 0x1be0 \Device\Harddisk1\DR1:
18:13:18.0926 0x1be0 MBR partitions:
18:13:18.0926 0x1be0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
18:13:18.0926 0x1be0 ============================================================
18:13:18.0926 0x1be0 C: <-> \Device\Harddisk0\DR0\Partition2
18:13:19.0207 0x1be0 D: <-> \Device\Harddisk1\DR1\Partition1
18:13:19.0207 0x1be0 ============================================================
18:13:19.0207 0x1be0 Initialize success
18:13:19.0207 0x1be0 ============================================================
18:13:49.0013 0x0c68 ============================================================
18:13:49.0013 0x0c68 Scan started
18:13:49.0013 0x0c68 Mode: Manual; SigCheck; TDLFS;
18:13:49.0013 0x0c68 ============================================================
18:13:49.0013 0x0c68 KSN ping started
18:13:51.0482 0x0c68 KSN ping finished: true
18:13:52.0342 0x0c68 ================ Scan system memory ========================
18:13:52.0342 0x0c68 System memory - ok
18:13:52.0342 0x0c68 ================ Scan services =============================
18:13:52.0420 0x0c68 1394ohci - ok
18:13:52.0420 0x0c68 3ware - ok
18:13:52.0436 0x0c68 ACPI - ok
18:13:52.0436 0x0c68 acpiex - ok
18:13:52.0436 0x0c68 acpipagr - ok
18:13:52.0436 0x0c68 AcpiPmi - ok
18:13:52.0451 0x0c68 acpitime - ok
18:13:52.0498 0x0c68 [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:13:52.0530 0x0c68 AdobeFlashPlayerUpdateSvc - ok
18:13:52.0545 0x0c68 ADP80XX - ok
18:13:52.0545 0x0c68 AFD - ok
18:13:52.0545 0x0c68 agp440 - ok
18:13:52.0561 0x0c68 ahcache - ok
18:13:52.0561 0x0c68 AJRouter - ok
18:13:52.0561 0x0c68 ALG - ok
18:13:52.0577 0x0c68 [ 7FE59496114A48A64E98E3218664A3E6, 1C11EE3686CB7F57783A5A5F56CCED71F61A46B26B0F4C4D04B1B37E8AC5A7D1 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
18:13:52.0608 0x0c68 AMD External Events Utility - ok
18:13:52.0608 0x0c68 AmdK8 - ok
18:13:52.0920 0x0c68 [ E66C25946B3D9268D8E10D3769CF4719, C273A59D3A29549E3C8BBF896015CA0E5D64A4ECCD6C2FF360927773DA736022 ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys
18:13:53.0373 0x0c68 amdkmdag - ok
18:13:53.0405 0x0c68 [ D1D66D1D42E53B53AFC7598058E71796, 12A1C8D895891F89745493091174D3FF5A9953F21427E7E1BE1120DA762E0CBD ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
18:13:53.0436 0x0c68 amdkmdap - ok
18:13:53.0436 0x0c68 AmdPPM - ok
18:13:53.0452 0x0c68 amdsata - ok
18:13:53.0452 0x0c68 amdsbs - ok
18:13:53.0452 0x0c68 amdxata - ok
18:13:53.0452 0x0c68 AppID - ok
18:13:53.0467 0x0c68 AppIDSvc - ok
18:13:53.0467 0x0c68 Appinfo - ok
18:13:53.0467 0x0c68 [ 3E7C6639E424FD28952C29D66B7E5277, B10AD3FA5CB36328C5DF33AF58F76770E2B54CFBCB70BD84934F925B8E19FA1F ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:13:53.0483 0x0c68 Apple Mobile Device Service - ok
18:13:53.0483 0x0c68 AppMgmt - ok
18:13:53.0483 0x0c68 AppReadiness - ok
18:13:53.0498 0x0c68 AppXSvc - ok
18:13:53.0498 0x0c68 arcsas - ok
18:13:53.0498 0x0c68 AsyncMac - ok
18:13:53.0498 0x0c68 atapi - ok
18:13:53.0514 0x0c68 AudioEndpointBuilder - ok
18:13:53.0514 0x0c68 Audiosrv - ok
18:13:53.0514 0x0c68 AxInstSV - ok
18:13:53.0514 0x0c68 b06bdrv - ok
18:13:53.0530 0x0c68 BasicDisplay - ok
18:13:53.0530 0x0c68 BasicRender - ok
18:13:53.0530 0x0c68 bcmfn2 - ok
18:13:53.0530 0x0c68 BDESVC - ok
18:13:53.0546 0x0c68 Beep - ok
18:13:53.0546 0x0c68 BFE - ok
18:13:53.0546 0x0c68 BITS - ok
18:13:53.0561 0x0c68 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:13:53.0577 0x0c68 Bonjour Service - ok
18:13:53.0577 0x0c68 bowser - ok
18:13:53.0592 0x0c68 BrokerInfrastructure - ok
18:13:53.0592 0x0c68 Browser - ok
18:13:53.0592 0x0c68 BthAvrcpTg - ok
18:13:53.0592 0x0c68 BthHFEnum - ok
18:13:53.0608 0x0c68 bthhfhid - ok
18:13:53.0608 0x0c68 BthHFSrv - ok
18:13:53.0608 0x0c68 BTHMODEM - ok
18:13:53.0624 0x0c68 bthserv - ok
18:13:53.0624 0x0c68 buttonconverter - ok
18:13:53.0624 0x0c68 CapImg - ok
18:13:53.0624 0x0c68 cdfs - ok
18:13:53.0624 0x0c68 CDPSvc - ok
18:13:53.0639 0x0c68 cdrom - ok
18:13:53.0639 0x0c68 CertPropSvc - ok
18:13:53.0639 0x0c68 circlass - ok
18:13:53.0639 0x0c68 CLFS - ok
18:13:53.0655 0x0c68 ClipSVC - ok
18:13:53.0655 0x0c68 CmBatt - ok
18:13:53.0671 0x0c68 CNG - ok
18:13:53.0671 0x0c68 cnghwassist - ok
18:13:53.0686 0x0c68 CompositeBus - ok
18:13:53.0702 0x0c68 COMSysApp - ok
18:13:53.0702 0x0c68 condrv - ok
18:13:53.0702 0x0c68 CoreMessagingRegistrar - ok
18:13:53.0717 0x0c68 CryptSvc - ok
18:13:53.0717 0x0c68 CSC - ok
18:13:53.0717 0x0c68 CscService - ok
18:13:53.0717 0x0c68 dam - ok
18:13:53.0733 0x0c68 [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d C:\WINDOWS\system32\DRIVERS\dc3d.sys
18:13:53.0749 0x0c68 dc3d - ok
18:13:53.0749 0x0c68 DcomLaunch - ok
18:13:53.0749 0x0c68 DcpSvc - ok
18:13:53.0749 0x0c68 defragsvc - ok
18:13:53.0764 0x0c68 DeviceAssociationService - ok
18:13:53.0764 0x0c68 DeviceInstall - ok
18:13:53.0764 0x0c68 DevQueryBroker - ok
18:13:53.0764 0x0c68 Dfsc - ok
18:13:53.0780 0x0c68 Dhcp - ok
18:13:53.0780 0x0c68 diagnosticshub.standardcollector.service - ok
18:13:53.0780 0x0c68 DiagTrack - ok
18:13:53.0780 0x0c68 disk - ok
18:13:53.0796 0x0c68 DmEnrollmentSvc - ok
18:13:53.0796 0x0c68 dmvsc - ok
18:13:53.0796 0x0c68 dmwappushservice - ok
18:13:53.0796 0x0c68 Dnscache - ok
18:13:53.0811 0x0c68 dot3svc - ok
18:13:53.0811 0x0c68 DPS - ok
18:13:53.0811 0x0c68 drmkaud - ok
18:13:53.0827 0x0c68 DsmSvc - ok
18:13:53.0827 0x0c68 DsSvc - ok
18:13:53.0827 0x0c68 DXGKrnl - ok
18:13:53.0827 0x0c68 Eaphost - ok
18:13:53.0827 0x0c68 ebdrv - ok
18:13:53.0842 0x0c68 EFS - ok
18:13:53.0842 0x0c68 EhStorClass - ok
18:13:53.0842 0x0c68 EhStorTcgDrv - ok
18:13:53.0842 0x0c68 embeddedmode - ok
18:13:53.0858 0x0c68 EntAppSvc - ok
18:13:53.0858 0x0c68 ErrDev - ok
18:13:53.0858 0x0c68 [ DDF090A1D27D496BA6BFBF7C59693A7F, 4EEB8970B11A64FA2DAE216574C7637541DE9435AD063DB3157ECF0D09D4A94C ] ESProtectionDriver C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
18:13:53.0874 0x0c68 ESProtectionDriver - ok
18:13:53.0889 0x0c68 EventSystem - ok
18:13:53.0889 0x0c68 exfat - ok
18:13:53.0889 0x0c68 fastfat - ok
18:13:53.0889 0x0c68 Fax - ok
18:13:53.0905 0x0c68 fcvsc - ok
18:13:53.0905 0x0c68 fdc - ok
18:13:53.0905 0x0c68 fdPHost - ok
18:13:53.0905 0x0c68 FDResPub - ok
18:13:53.0921 0x0c68 fhsvc - ok
18:13:53.0921 0x0c68 FileCrypt - ok
18:13:53.0921 0x0c68 FileInfo - ok
18:13:53.0921 0x0c68 Filetrace - ok
18:13:53.0936 0x0c68 flpydisk - ok
18:13:53.0936 0x0c68 FltMgr - ok
18:13:53.0936 0x0c68 FontCache - ok
18:13:53.0936 0x0c68 FontCache3.0.0.0 - ok
18:13:53.0952 0x0c68 FsDepends - ok
18:13:53.0952 0x0c68 Fs_Rec - ok
18:13:53.0952 0x0c68 fvevol - ok
18:13:53.0952 0x0c68 gagp30kx - ok
18:13:53.0967 0x0c68 gencounter - ok
18:13:53.0967 0x0c68 genericusbfn - ok
18:13:53.0967 0x0c68 GPIOClx0101 - ok
18:13:53.0967 0x0c68 gpsvc - ok
18:13:53.0983 0x0c68 GpuEnergyDrv - ok
18:13:53.0983 0x0c68 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:13:53.0999 0x0c68 gupdate - ok
18:13:53.0999 0x0c68 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:13:54.0014 0x0c68 gupdatem - ok
18:13:54.0014 0x0c68 HdAudAddService - ok
18:13:54.0014 0x0c68 HDAudBus - ok
18:13:54.0014 0x0c68 HidBatt - ok
18:13:54.0030 0x0c68 HidBth - ok
18:13:54.0030 0x0c68 hidi2c - ok
18:13:54.0030 0x0c68 hidinterrupt - ok
18:13:54.0030 0x0c68 HidIr - ok
18:13:54.0046 0x0c68 hidserv - ok
18:13:54.0046 0x0c68 HidUsb - ok
18:13:54.0046 0x0c68 HomeGroupListener - ok
18:13:54.0046 0x0c68 HomeGroupProvider - ok
18:13:54.0061 0x0c68 HpSAMD - ok
18:13:54.0061 0x0c68 HTTP - ok
18:13:54.0061 0x0c68 hwpolicy - ok
18:13:54.0061 0x0c68 hyperkbd - ok
18:13:54.0077 0x0c68 HyperVideo - ok
18:13:54.0077 0x0c68 i8042prt - ok
18:13:54.0077 0x0c68 iaLPSSi_GPIO - ok
18:13:54.0077 0x0c68 iaLPSSi_I2C - ok
18:13:54.0092 0x0c68 iaStorAV - ok
18:13:54.0092 0x0c68 iaStorV - ok
18:13:54.0092 0x0c68 ibbus - ok
18:13:54.0092 0x0c68 icssvc - ok
18:13:54.0108 0x0c68 IEEtwCollectorService - ok
18:13:54.0108 0x0c68 IKEEXT - ok
18:13:54.0108 0x0c68 intelide - ok
18:13:54.0108 0x0c68 intelpep - ok
18:13:54.0124 0x0c68 intelppm - ok
18:13:54.0124 0x0c68 IoQos - ok
18:13:54.0124 0x0c68 IpFilterDriver - ok
18:13:54.0124 0x0c68 iphlpsvc - ok
18:13:54.0139 0x0c68 IPMIDRV - ok
18:13:54.0139 0x0c68 IPNAT - ok
18:13:54.0155 0x0c68 [ 7C109F2155E962A5700165D9AD6868FD, 85F595EFADBA4604C70FB9DBD24D872EB91F7D384D26EA82CFC8754559453026 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:13:54.0171 0x0c68 iPod Service - ok
18:13:54.0186 0x0c68 IRENUM - ok
18:13:54.0186 0x0c68 isapnp - ok
18:13:54.0186 0x0c68 iScsiPrt - ok
18:13:54.0202 0x0c68 kbdclass - ok
18:13:54.0202 0x0c68 kbdhid - ok
18:13:54.0202 0x0c68 kdnic - ok
18:13:54.0202 0x0c68 KeyIso - ok
18:13:54.0202 0x0c68 KSecDD - ok
18:13:54.0217 0x0c68 KSecPkg - ok
18:13:54.0217 0x0c68 ksthunk - ok
18:13:54.0217 0x0c68 KtmRm - ok
18:13:54.0217 0x0c68 LanmanServer - ok
18:13:54.0233 0x0c68 LanmanWorkstation - ok
18:13:54.0233 0x0c68 [ 20EE2F2ADCF8DBD091E931593F5AC268, 5F053F8B7C8B340A0364CE37B25D68B6755C2CCDB050C02E9B4E0929DF587E0F ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:13:54.0249 0x0c68 LBTServ - ok
18:13:54.0264 0x0c68 [ EAB70270BDDCFEF56FCC7425C2D9883D, 7B351EE3DA3DA4677DD8E4F91A5FFA6EBB3A15BF76F34EAC8879ECB16D01190F ] LEqdUsb C:\WINDOWS\system32\DRIVERS\LEqdUsb.Sys
18:13:54.0280 0x0c68 LEqdUsb - ok
18:13:54.0280 0x0c68 lfsvc - ok
18:13:54.0280 0x0c68 [ 5EBB7C1FC685D45A1D3D8B2B9A656E48, 8C4D984D3566DE29D13A294ED927525A7D7A106887E809986EBDDA8CC0B98FFB ] LHidEqd C:\WINDOWS\system32\DRIVERS\LHidEqd.Sys
18:13:54.0296 0x0c68 LHidEqd - ok
18:13:54.0296 0x0c68 [ AFDFA4A6B0F7B15AA38E494FD4595741, 0D89CCEBC816F4A3F6DDB093B3F8BB8B85293E94559085961DA31F9330D43C21 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:13:54.0296 0x0c68 LHidFilt - ok
18:13:54.0311 0x0c68 LicenseManager - ok
18:13:54.0311 0x0c68 lltdio - ok
18:13:54.0311 0x0c68 lltdsvc - ok
18:13:54.0327 0x0c68 lmhosts - ok
18:13:54.0327 0x0c68 [ C3E82B320F34C97F32B8026F4C249BEF, CAF53CD4738D2C92E4764372F75B5D0D74EBA896E59E685ED15B915F4E7223A0 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:13:54.0342 0x0c68 LMouFilt - ok
18:13:54.0342 0x0c68 LSI_SAS - ok
18:13:54.0342 0x0c68 LSI_SAS2i - ok
18:13:54.0342 0x0c68 LSI_SAS3i - ok
18:13:54.0358 0x0c68 LSI_SSS - ok
18:13:54.0358 0x0c68 LSM - ok
18:13:54.0358 0x0c68 luafv - ok
18:13:54.0358 0x0c68 MapsBroker - ok
18:13:54.0389 0x0c68 [ B2E0C6FD6CA1B5EBC4E8DB8C674A661B, B0B7E41CB28482307CF4A3DD1909D277C661A73AA03E552DB6AAA71F017C9E19 ] MbaeSvc C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
18:13:54.0405 0x0c68 MbaeSvc - ok
18:13:54.0405 0x0c68 [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
18:13:54.0421 0x0c68 MBAMProtector - ok
18:13:54.0467 0x0c68 [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
18:13:54.0515 0x0c68 MBAMScheduler - ok
18:13:54.0546 0x0c68 [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
18:13:54.0577 0x0c68 MBAMService - ok
18:13:54.0593 0x0c68 [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:13:54.0608 0x0c68 MBAMSwissArmy - ok
18:13:54.0608 0x0c68 [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
18:13:54.0608 0x0c68 MBAMWebAccessControl - ok
18:13:54.0624 0x0c68 megasas - ok
18:13:54.0624 0x0c68 megasr - ok
18:13:54.0624 0x0c68 mlx4_bus - ok
18:13:54.0640 0x0c68 MMCSS - ok
18:13:54.0640 0x0c68 Modem - ok
18:13:54.0640 0x0c68 monitor - ok
18:13:54.0640 0x0c68 mouclass - ok
18:13:54.0640 0x0c68 mouhid - ok
18:13:54.0655 0x0c68 mountmgr - ok
18:13:54.0655 0x0c68 mpsdrv - ok
18:13:54.0655 0x0c68 MpsSvc - ok
18:13:54.0655 0x0c68 MRxDAV - ok
18:13:54.0671 0x0c68 mrxsmb - ok
18:13:54.0671 0x0c68 mrxsmb10 - ok
18:13:54.0671 0x0c68 mrxsmb20 - ok
18:13:54.0671 0x0c68 MsBridge - ok
18:13:54.0686 0x0c68 MSDTC - ok
18:13:54.0686 0x0c68 Msfs - ok
18:13:54.0686 0x0c68 msgpiowin32 - ok
18:13:54.0702 0x0c68 mshidkmdf - ok
18:13:54.0702 0x0c68 mshidumdf - ok
18:13:54.0702 0x0c68 msisadrv - ok
18:13:54.0702 0x0c68 MSiSCSI - ok
18:13:54.0718 0x0c68 msiserver - ok
18:13:54.0718 0x0c68 MSKSSRV - ok
18:13:54.0718 0x0c68 MsLldp - ok
18:13:54.0718 0x0c68 MSPCLOCK - ok
18:13:54.0718 0x0c68 MSPQM - ok
18:13:54.0733 0x0c68 MsRPC - ok
18:13:54.0733 0x0c68 mssmbios - ok
18:13:54.0733 0x0c68 MSTEE - ok
18:13:54.0749 0x0c68 MTConfig - ok
18:13:54.0749 0x0c68 Mup - ok
18:13:54.0749 0x0c68 mvumis - ok
18:13:54.0765 0x0c68 NativeWifiP - ok
18:13:54.0765 0x0c68 NcaSvc - ok
18:13:54.0765 0x0c68 NcbService - ok
18:13:54.0765 0x0c68 NcdAutoSetup - ok
18:13:54.0765 0x0c68 ndfltr - ok
18:13:54.0780 0x0c68 NDIS - ok
18:13:54.0780 0x0c68 NdisCap - ok
18:13:54.0780 0x0c68 NdisImPlatform - ok
18:13:54.0780 0x0c68 NdisTapi - ok
18:13:54.0796 0x0c68 Ndisuio - ok
18:13:54.0796 0x0c68 NdisVirtualBus - ok
18:13:54.0796 0x0c68 NdisWan - ok
18:13:54.0796 0x0c68 ndiswanlegacy - ok
18:13:54.0811 0x0c68 ndproxy - ok
18:13:54.0811 0x0c68 Ndu - ok
18:13:54.0811 0x0c68 NetBIOS - ok
18:13:54.0811 0x0c68 NetBT - ok
18:13:54.0827 0x0c68 Netlogon - ok
18:13:54.0827 0x0c68 Netman - ok
18:13:54.0827 0x0c68 netprofm - ok
18:13:54.0827 0x0c68 NetSetupSvc - ok
18:13:54.0843 0x0c68 NetTcpPortSharing - ok
18:13:54.0843 0x0c68 netvsc - ok
18:13:54.0858 0x0c68 NETwNe64 - ok
18:13:54.0858 0x0c68 NgcCtnrSvc - ok
18:13:54.0858 0x0c68 NgcSvc - ok
18:13:54.0858 0x0c68 NlaSvc - ok
18:13:54.0874 0x0c68 Npfs - ok
18:13:54.0874 0x0c68 npsvctrig - ok
18:13:54.0874 0x0c68 nsi - ok
18:13:54.0874 0x0c68 nsiproxy - ok
18:13:54.0890 0x0c68 NTFS - ok
18:13:54.0890 0x0c68 Null - ok
18:13:54.0890 0x0c68 nvraid - ok
18:13:54.0905 0x0c68 nvstor - ok
18:13:54.0905 0x0c68 nv_agp - ok
18:13:54.0952 0x0c68 [ D5715CB9649EFCF34C198A1BE716AA6E, 48E49A2A26E54D979C12D2DF2F62B126E7CC4A6B81B76ED47778ABEF3B7470DD ] NxpCap64 C:\WINDOWS\system32\DRIVERS\NxpCap64.sys
18:13:55.0030 0x0c68 NxpCap64 - ok
18:13:55.0030 0x0c68 OneSyncSvc - ok
18:13:55.0046 0x0c68 p2pimsvc - ok
18:13:55.0046 0x0c68 p2psvc - ok
18:13:55.0046 0x0c68 Parport - ok
18:13:55.0046 0x0c68 partmgr - ok
18:13:55.0062 0x0c68 PcaSvc - ok
18:13:55.0062 0x0c68 pci - ok
18:13:55.0062 0x0c68 pciide - ok
18:13:55.0062 0x0c68 pcmcia - ok
18:13:55.0077 0x0c68 pcw - ok
18:13:55.0077 0x0c68 pdc - ok
18:13:55.0077 0x0c68 PEAUTH - ok
18:13:55.0077 0x0c68 PeerDistSvc - ok
18:13:55.0093 0x0c68 percsas2i - ok
18:13:55.0093 0x0c68 percsas3i - ok
18:13:55.0140 0x0c68 PerfHost - ok
18:13:55.0140 0x0c68 PimIndexMaintenanceSvc - ok
18:13:55.0155 0x0c68 pla - ok
18:13:55.0155 0x0c68 PlugPlay - ok
18:13:55.0155 0x0c68 PNRPAutoReg - ok
18:13:55.0155 0x0c68 PNRPsvc - ok
18:13:55.0171 0x0c68 [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64 C:\WINDOWS\System32\drivers\point64.sys
18:13:55.0171 0x0c68 Point64 - ok
18:13:55.0186 0x0c68 PolicyAgent - ok
18:13:55.0186 0x0c68 Power - ok
18:13:55.0186 0x0c68 PptpMiniport - ok
18:13:55.0280 0x0c68 [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:13:55.0405 0x0c68 PrintNotify - ok
18:13:55.0421 0x0c68 Processor - ok
18:13:55.0421 0x0c68 ProfSvc - ok
18:13:55.0421 0x0c68 Psched - ok
18:13:55.0436 0x0c68 QWAVE - ok
18:13:55.0436 0x0c68 QWAVEdrv - ok
18:13:55.0436 0x0c68 RasAcd - ok
18:13:55.0436 0x0c68 RasAgileVpn - ok
18:13:55.0452 0x0c68 RasAuto - ok
18:13:55.0452 0x0c68 Rasl2tp - ok
18:13:55.0452 0x0c68 RasMan - ok
18:13:55.0452 0x0c68 RasPppoe - ok
18:13:55.0468 0x0c68 RasSstp - ok
18:13:55.0468 0x0c68 rdbss - ok
18:13:55.0468 0x0c68 rdpbus - ok
18:13:55.0468 0x0c68 RDPDR - ok
18:13:55.0483 0x0c68 RdpVideoMiniport - ok
18:13:55.0483 0x0c68 rdyboost - ok
18:13:55.0483 0x0c68 ReFSv1 - ok
18:13:55.0499 0x0c68 RemoteAccess - ok
18:13:55.0499 0x0c68 RemoteRegistry - ok
18:13:55.0499 0x0c68 RetailDemo - ok
18:13:55.0515 0x0c68 RpcEptMapper - ok
18:13:55.0515 0x0c68 RpcLocator - ok
18:13:55.0515 0x0c68 RpcSs - ok
18:13:55.0515 0x0c68 rspndr - ok
18:13:55.0515 0x0c68 rt640x64 - ok
18:13:55.0530 0x0c68 s3cap - ok
18:13:55.0530 0x0c68 SamSs - ok
18:13:55.0530 0x0c68 sbp2port - ok
18:13:55.0546 0x0c68 SCardSvr - ok
18:13:55.0546 0x0c68 ScDeviceEnum - ok
18:13:55.0546 0x0c68 scfilter - ok
18:13:55.0546 0x0c68 Schedule - ok
18:13:55.0546 0x0c68 SCPolicySvc - ok
18:13:55.0562 0x0c68 sdbus - ok
18:13:55.0562 0x0c68 SDRSVC - ok
18:13:55.0562 0x0c68 sdstor - ok
18:13:55.0562 0x0c68 seclogon - ok
18:13:55.0577 0x0c68 SENS - ok
18:13:55.0577 0x0c68 SensorDataService - ok
18:13:55.0577 0x0c68 SensorService - ok
18:13:55.0577 0x0c68 SensrSvc - ok
18:13:55.0593 0x0c68 SerCx - ok
18:13:55.0593 0x0c68 SerCx2 - ok
18:13:55.0593 0x0c68 Serenum - ok
18:13:55.0593 0x0c68 Serial - ok
18:13:55.0608 0x0c68 sermouse - ok
18:13:55.0608 0x0c68 SessionEnv - ok
18:13:55.0608 0x0c68 sfloppy - ok
18:13:55.0624 0x0c68 SharedAccess - ok
18:13:55.0624 0x0c68 ShellHWDetection - ok
18:13:55.0624 0x0c68 SiSRaid2 - ok
18:13:55.0640 0x0c68 SiSRaid4 - ok
18:13:55.0640 0x0c68 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:13:55.0671 0x0c68 SkypeUpdate - ok
18:13:55.0671 0x0c68 smphost - ok
18:13:55.0671 0x0c68 SmsRouter - ok
18:13:55.0687 0x0c68 SNMPTRAP - ok
18:13:55.0687 0x0c68 spaceport - ok
18:13:55.0687 0x0c68 SpbCx - ok
18:13:55.0687 0x0c68 Spooler - ok
18:13:55.0702 0x0c68 sppsvc - ok
18:13:55.0702 0x0c68 srv - ok
18:13:55.0702 0x0c68 srv2 - ok
18:13:55.0702 0x0c68 srvnet - ok
18:13:55.0702 0x0c68 SSDPSRV - ok
18:13:55.0718 0x0c68 SstpSvc - ok
18:13:55.0718 0x0c68 StateRepository - ok
18:13:55.0749 0x0c68 [ A50EBBF5CCC4D74B37D88503A52C72A8, E3D5B16AA05F3E2E2DEE88A72D819E2F3883118C94C26F71BD34FF6A0922F50C ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:13:55.0780 0x0c68 Steam Client Service - ok
18:13:55.0780 0x0c68 stexstor - ok
18:13:55.0780 0x0c68 stisvc - ok
18:13:55.0780 0x0c68 storahci - ok
18:13:55.0796 0x0c68 storflt - ok
18:13:55.0796 0x0c68 stornvme - ok
18:13:55.0796 0x0c68 storqosflt - ok
18:13:55.0796 0x0c68 StorSvc - ok
18:13:55.0812 0x0c68 storufs - ok
18:13:55.0812 0x0c68 storvsc - ok
18:13:55.0812 0x0c68 svsvc - ok
18:13:55.0843 0x0c68 swenum - ok
18:13:55.0843 0x0c68 swprv - ok
18:13:55.0859 0x0c68 Synth3dVsc - ok
18:13:55.0859 0x0c68 SysMain - ok
18:13:55.0859 0x0c68 SystemEventsBroker - ok
18:13:55.0859 0x0c68 TabletInputService - ok
18:13:55.0874 0x0c68 TapiSrv - ok
18:13:55.0874 0x0c68 Tcpip - ok
18:13:55.0874 0x0c68 Tcpip6 - ok
18:13:55.0874 0x0c68 tcpipreg - ok
18:13:55.0890 0x0c68 tdx - ok
18:13:55.0890 0x0c68 terminpt - ok
18:13:55.0890 0x0c68 TermService - ok
18:13:55.0890 0x0c68 Themes - ok
18:13:55.0905 0x0c68 tiledatamodelsvc - ok
18:13:55.0905 0x0c68 TimeBroker - ok
18:13:55.0905 0x0c68 TPM - ok
18:13:55.0905 0x0c68 TrkWks - ok
18:13:55.0921 0x0c68 TrustedInstaller - ok
18:13:55.0921 0x0c68 TsUsbFlt - ok
18:13:55.0921 0x0c68 TsUsbGD - ok
18:13:55.0937 0x0c68 tunnel - ok
18:13:55.0937 0x0c68 uagp35 - ok
18:13:55.0937 0x0c68 UASPStor - ok
18:13:55.0937 0x0c68 UcmCx0101 - ok
18:13:55.0952 0x0c68 UcmUcsi - ok
18:13:55.0952 0x0c68 Ucx01000 - ok
18:13:55.0952 0x0c68 UdeCx - ok
18:13:55.0952 0x0c68 udfs - ok
18:13:55.0968 0x0c68 UEFI - ok
18:13:55.0968 0x0c68 Ufx01000 - ok
18:13:55.0968 0x0c68 UfxChipidea - ok
18:13:55.0968 0x0c68 ufxsynopsys - ok
18:13:55.0983 0x0c68 UI0Detect - ok
18:13:55.0983 0x0c68 uliagpkx - ok
18:13:55.0983 0x0c68 umbus - ok
18:13:55.0999 0x0c68 UmPass - ok
18:13:55.0999 0x0c68 UmRdpService - ok
18:13:55.0999 0x0c68 UnistoreSvc - ok
18:13:55.0999 0x0c68 upnphost - ok
18:13:56.0015 0x0c68 UrsChipidea - ok
18:13:56.0015 0x0c68 UrsCx01000 - ok
18:13:56.0015 0x0c68 UrsSynopsys - ok
18:13:56.0030 0x0c68 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\WINDOWS\System32\Drivers\usbaapl64.sys
18:13:56.0046 0x0c68 USBAAPL64 - ok
18:13:56.0046 0x0c68 usbaudio - ok
18:13:56.0046 0x0c68 usbccgp - ok
18:13:56.0046 0x0c68 usbcir - ok
18:13:56.0062 0x0c68 usbehci - ok
18:13:56.0062 0x0c68 usbhub - ok
18:13:56.0062 0x0c68 USBHUB3 - ok
18:13:56.0077 0x0c68 usbohci - ok
18:13:56.0077 0x0c68 usbprint - ok
18:13:56.0077 0x0c68 usbser - ok
18:13:56.0077 0x0c68 USBSTOR - ok
18:13:56.0093 0x0c68 usbuhci - ok
18:13:56.0093 0x0c68 usbvideo - ok
18:13:56.0093 0x0c68 USBXHCI - ok
18:13:56.0093 0x0c68 UserDataSvc - ok
18:13:56.0108 0x0c68 UserManager - ok
18:13:56.0108 0x0c68 UsoSvc - ok
18:13:56.0108 0x0c68 VaultSvc - ok
18:13:56.0108 0x0c68 vdrvroot - ok
18:13:56.0124 0x0c68 vds - ok
18:13:56.0124 0x0c68 [ 4EA4000D62BE16535C6B293A77FDD386, 390FA0E47A3237DCDB335476B5E40B510A2BBFDA1EDED7DFF6C851140A98C4F4 ] veracrypt C:\WINDOWS\system32\drivers\veracrypt.sys
18:13:56.0140 0x0c68 veracrypt - ok
18:13:56.0140 0x0c68 VerifierExt - ok
18:13:56.0155 0x0c68 vhdmp - ok
18:13:56.0155 0x0c68 vhf - ok
18:13:56.0155 0x0c68 vmbus - ok
18:13:56.0155 0x0c68 VMBusHID - ok
18:13:56.0171 0x0c68 vmicguestinterface - ok
18:13:56.0171 0x0c68 vmicheartbeat - ok
18:13:56.0171 0x0c68 vmickvpexchange - ok
18:13:56.0171 0x0c68 vmicrdv - ok
18:13:56.0187 0x0c68 vmicshutdown - ok
18:13:56.0187 0x0c68 vmictimesync - ok
18:13:56.0187 0x0c68 vmicvmsession - ok
18:13:56.0187 0x0c68 vmicvss - ok
18:13:56.0202 0x0c68 volmgr - ok
18:13:56.0202 0x0c68 volmgrx - ok
18:13:56.0202 0x0c68 volsnap - ok
18:13:56.0202 0x0c68 vpci - ok
18:13:56.0202 0x0c68 vsmraid - ok
18:13:56.0218 0x0c68 VSS - ok
18:13:56.0218 0x0c68 VSTXRAID - ok
18:13:56.0218 0x0c68 vwifibus - ok
18:13:56.0218 0x0c68 vwififlt - ok
18:13:56.0233 0x0c68 vwifimp - ok
18:13:56.0233 0x0c68 W32Time - ok
18:13:56.0233 0x0c68 WacomPen - ok
18:13:56.0233 0x0c68 WalletService - ok
18:13:56.0249 0x0c68 wanarp - ok
18:13:56.0249 0x0c68 wanarpv6 - ok
18:13:56.0249 0x0c68 wbengine - ok
18:13:56.0249 0x0c68 WbioSrvc - ok
18:13:56.0265 0x0c68 Wcmsvc - ok
18:13:56.0265 0x0c68 wcncsvc - ok
18:13:56.0265 0x0c68 WcsPlugInService - ok
18:13:56.0265 0x0c68 WdBoot - ok
18:13:56.0280 0x0c68 Wdf01000 - ok
18:13:56.0280 0x0c68 WdFilter - ok
18:13:56.0280 0x0c68 WdiServiceHost - ok
18:13:56.0280 0x0c68 WdiSystemHost - ok
18:13:56.0296 0x0c68 wdiwifi - ok
18:13:56.0296 0x0c68 WdNisDrv - ok
18:13:56.0296 0x0c68 WdNisSvc - ok
18:13:56.0296 0x0c68 WebClient - ok
18:13:56.0312 0x0c68 Wecsvc - ok
18:13:56.0312 0x0c68 WEPHOSTSVC - ok
18:13:56.0312 0x0c68 wercplsupport - ok
18:13:56.0312 0x0c68 WerSvc - ok
18:13:56.0327 0x0c68 wfpcapture - ok
18:13:56.0327 0x0c68 WFPLWFS - ok
18:13:56.0327 0x0c68 WiaRpc - ok
18:13:56.0327 0x0c68 WIMMount - ok
18:13:56.0327 0x0c68 WinDefend - ok
18:13:56.0343 0x0c68 WindowsTrustedRT - ok
18:13:56.0343 0x0c68 WindowsTrustedRTProxy - ok
18:13:56.0343 0x0c68 WinHttpAutoProxySvc - ok
18:13:56.0358 0x0c68 WinMad - ok
18:13:56.0358 0x0c68 Winmgmt - ok
18:13:56.0374 0x0c68 WinRM - ok
18:13:56.0374 0x0c68 WINUSB - ok
18:13:56.0374 0x0c68 WinVerbs - ok
18:13:56.0390 0x0c68 WlanSvc - ok
18:13:56.0390 0x0c68 wlidsvc - ok
18:13:56.0390 0x0c68 WmiAcpi - ok
18:13:56.0390 0x0c68 wmiApSrv - ok
18:13:56.0405 0x0c68 WMPNetworkSvc - ok
18:13:56.0405 0x0c68 Wof - ok
18:13:56.0405 0x0c68 workfolderssvc - ok
18:13:56.0421 0x0c68 wpcfltr - ok
18:13:56.0421 0x0c68 WPDBusEnum - ok
18:13:56.0421 0x0c68 WpdUpFltr - ok
18:13:56.0421 0x0c68 WpnService - ok
18:13:56.0437 0x0c68 ws2ifsl - ok
18:13:56.0437 0x0c68 wscsvc - ok
18:13:56.0437 0x0c68 WSearch - ok
18:13:56.0437 0x0c68 WSService - ok
18:13:56.0452 0x0c68 wuauserv - ok
18:13:56.0452 0x0c68 WudfPf - ok
18:13:56.0452 0x0c68 WUDFRd - ok
18:13:56.0452 0x0c68 wudfsvc - ok
18:13:56.0468 0x0c68 WUDFWpdFs - ok
18:13:56.0468 0x0c68 WUDFWpdMtp - ok
18:13:56.0468 0x0c68 WwanSvc - ok
18:13:56.0499 0x0c68 [ D0434E0FF855F8D7D50AFD5A61655584, 32B2619FD660FB4E58736A74C58D4D7502B3E96B5BEA410898310D1DB90E9D79 ] X6va034 C:\WINDOWS\SysWOW64\Drivers\X6va034
18:13:56.0515 0x0c68 X6va034 - ok
18:13:56.0515 0x0c68 XblAuthManager - ok
18:13:56.0515 0x0c68 XblGameSave - ok
18:13:56.0515 0x0c68 xboxgip - ok
18:13:56.0530 0x0c68 XboxNetApiSvc - ok
18:13:56.0530 0x0c68 xinputhid - ok
18:13:56.0530 0x0c68 ================ Scan global ===============================
18:13:56.0546 0x0c68 [ Global ] - ok
18:13:56.0546 0x0c68 ================ Scan MBR ==================================
18:13:56.0546 0x0c68 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:13:56.0765 0x0c68 \Device\Harddisk0\DR0 - ok
18:13:56.0765 0x0c68 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:13:56.0937 0x0c68 \Device\Harddisk1\DR1 - ok
18:13:56.0937 0x0c68 ================ Scan VBR ==================================
18:13:56.0952 0x0c68 [ 4E23AA4337962AA2A15E34B74F4A7A5D ] \Device\Harddisk0\DR0\Partition1
18:13:56.0952 0x0c68 \Device\Harddisk0\DR0\Partition1 - ok
18:13:56.0952 0x0c68 [ 9B09768AED73EC007C551F7AB29A9E0B ] \Device\Harddisk0\DR0\Partition2
18:13:56.0968 0x0c68 \Device\Harddisk0\DR0\Partition2 - ok
18:13:56.0968 0x0c68 [ 063F491118BB8E6A1DB0D56776E9D432 ] \Device\Harddisk1\DR1\Partition1
18:13:56.0999 0x0c68 \Device\Harddisk1\DR1\Partition1 - ok
18:13:56.0999 0x0c68 ================ Scan generic autorun ======================
18:13:57.0015 0x0c68 [ 5917DC01B9AC1FD64136D4691FFC7987, 8AAB5E31A4F4056843EC0896BF3F0A91604FF39F4AD439F64D2E882E72511A98 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
18:13:57.0030 0x0c68 Classic Start Menu - ok
18:13:57.0030 0x0c68 Logitech Download Assistant - ok
18:13:57.0124 0x0c68 [ 948EB9C552C05DF39F79587E6979D9F5, 402B155395C32005A8D78C8B0F00F2391542CB41188AF944FF17ADE6BE97A62D ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
18:13:57.0202 0x0c68 EvtMgr6 - ok
18:13:57.0202 0x0c68 [ 4F249E7F6B1513C6CE6080566D12096D, 8CD68DA14FAD3EA91DB10632A0CE4A17FDEA31DE37729017A0D205FC25756719 ] C:\Program Files\iTunes\iTunesHelper.exe
18:13:57.0218 0x0c68 iTunesHelper - ok
18:13:57.0233 0x0c68 [ F916BA0DA28A4B4F7B1ADE76EB42F088, FB3C91D44709D039E959B275F6ECE26AF9307D272FE3E25CC41EAC259AA3B596 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:13:57.0249 0x0c68 SunJavaUpdateSched - ok
18:13:57.0312 0x0c68 [ 90F08C914B0492762B6A8A99703FFA2E, D3EDEF6E285E6FC63E06EA820C1D598AE3574A2AA1567809E1AA073919C82406 ] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
18:13:57.0390 0x0c68 Malwarebytes Anti-Exploit - ok
18:13:57.0390 0x0c68 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
18:13:57.0421 0x0c68 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
18:13:59.0969 0x0c68 Detect skipped due to KSN trusted
18:13:59.0969 0x0c68 QuickTime Task - ok
18:13:59.0969 0x0c68 OneDriveSetup - ok
18:13:59.0984 0x0c68 OneDriveSetup - ok
18:13:59.0984 0x0c68 Waiting for KSN requests completion. In queue: 7
18:14:01.0002 0x0c68 Waiting for KSN requests completion. In queue: 7
18:14:02.0003 0x0c68 Waiting for KSN requests completion. In queue: 7
18:14:03.0050 0x0c68 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x61100 ( enabled : updated )
18:14:03.0112 0x0c68 Win FW state via NFP2: enabled ( trusted )
18:14:05.0535 0x0c68 ============================================================
18:14:05.0535 0x0c68 Scan finished
18:14:05.0535 0x0c68 ============================================================
18:14:05.0566 0x1ba0 Detected object count: 0
18:14:05.0566 0x1ba0 Actual detected object count: 0
18:16:26.0392 0x1818 Deinitialize success
|
|
12.10.2015, 19:33
| #6 |
| /// Malwareteam | tradeadexchange adware in Chrome 45.0. Hi, Schritt # 1: Chrome zurücksetzen Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Danach neu herunterladen und installieren. Direkt nach der frischen Installation folgendes machen: https://support.google.com/chrome/answer/3296214?hl=de Schritt # 2: Frage Besteht das Problem immer noch? Schritt # 3: Bitte Posten
__________________ --> tradeadexchange adware in Chrome 45.0. |
|
12.10.2015, 19:56
| #7 |
| | tradeadexchange adware in Chrome 45.0. Alles erledigt wie beschrieben, bis jetzt kam noch keine Weiterleitung aber die könnte ja noch kommen. Zuvor hatte ich auch manchmal 1-2 Stunden Ruhe davor.. Ich melde mich im Laufe der Nacht oder morgen noch einmal und gebe Bescheid was sich ergeben hat ! MfG |
|
12.10.2015, 20:03
| #8 |
| /// Malwareteam | tradeadexchange adware in Chrome 45.0. OK |
|
13.10.2015, 01:16
| #9 |
| | tradeadexchange adware in Chrome 45.0. Also bis jetzt hat sich noch nichts geöffnet, da bin ich relativ zuversichtlich das es jetzt auch so bleibt  Wer hätte gedacht das es mit einer Neuinstallation von Chrome getan ist.. Ich dachte ich habe mir da richtig etwas eingefangen. Muss ich noch etwas machen/beachten? Kennst du ganz rein zufällig noch eine gute 'NoScript' Erweiterung für Chrome? All die bewährten 'Addon Klassiker' aus Firefox gibt es ja leider nicht.. |
|
13.10.2015, 19:49
| #10 | |
| /// Malwareteam | tradeadexchange adware in Chrome 45.0. Hi, Zitat:
 Dann wären wir hier durch. Deine Logs sind sauber Schritt # 1: Entfernen unserer Tools Die Reihenfolge ist hier entscheidend.
Abschließend noch ein paar Tipps von mir: Schritt # 2: Empfohlene Software Habe immer ein aktuelles Antivirenprogramm deiner Wahl installiert und aktiviere die automatischen Updates (standardmäßig eingeschaltet). Ich empfehle:
Verwende nach Möglichkeit nicht den Internet Explorer, da dieser viele Sicherheitslücken enthält. Achte aber darauf, dass er immer up to date bleibt, weil viele Programme diesen zum Anzeigen von Websites benutzen. Alternativ kannst du verwenden:Dazu sind folgende Add-ons empfehlenswert:  uBlock Origin (Chrome) --> Blockiert Werbung. Werbung kann sehr nervig sein, aber auch auf schädliche Links verweisen. uBlock ist effizienter als der Konkurrent AdblockPlus. Ghostery --> Blockiert Tracker und Cookies, welche dich im Internet nachverfolgen können. Stelle jedoch sicher, dass du bei der Installation GhostRank nicht zustimmst.Du kannst auch  Malwarebytes Anti-Exploit verwenden, um aktuelle Sicherheitslücken zu stopfen.Halte immer deine Plug-ins und Software aktuell, vor allem:
PluginCheck Filehippo App Manager Schritt # 3: Tipps um eine Neuinfektion zu vermeiden Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal wie FilePony.de. Von Downloadern wie die von Chip, Softonic und Sourceforge raten wir ab: CHIP-Installer - was ist das? - Anleitungen Auch versuchen sich immer mehr Programme durch Installationsroutinen auf den PC "durchzumogeln". Das klappt ganz gut, weil viele Anwender sich diese nicht genau durchlesen und schnell durchklicken. Manchmal steht auch in den Lizenzvereinbarungen, dass ein Programm, was eigentlich als Freeware angepriesen wird, nur genutzt werden kann, wenn man sich bestimmte Toolbars oder andere Programme mitinstallieren lässt. Da hilft es nur aufmerksam zu sein. Ein Tool, welches dich dabei gut unterstützen kann, ist:  Unchecky. Dieses überwacht im Hintergrund Installationsprozesse und hakt automatisch nervige Adwarekomponenten wie Toolbars ab. Falls man etwas übersieht, warnt noch ein Pop-up, bevor man fortfahren kann.Wir raten von jeglichen Optimizern, Cleanern, SpeedUps und Ähnlichem ab, da diese Softwareprodukte meist keinen Performancegewinn bringen. Du kannst jedoch regelmäßig deinen PC mit der windowsinternen Datenträgerbereinigung behandeln. Überprüfe regelmäßig (mind. 1x pro Monat) deinen PC mit  Malwarebytes Anti-Malware und  ESET.Falls du dir unsicher bist, ob ein Download wirklich sauber ist, kannst du immer https://www.virustotal.com/ zurate ziehen. Schritt # 4: Unterstütze uns! Wenn du uns mit einer kleinen Spende unterstützen möchtest, so kannst du dies hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html  Es reicht aber auch schon ein simples  hier, wenn du mit uns zufrieden warst.  unsere Facebook-Seite!Bitte gib mir bescheid, wenn du das alles gelesen hast und alles klar ist, damit ich dieses Thema aus meinen Abos löschen kann. |
|
14.10.2015, 00:36
| #11 | ||||||||
| | tradeadexchange adware in Chrome 45.0. Hey Zitat:
 danke dir, ich were das ausprobieren. Zitat:
Zitat:
Zitat:
 Zitat:
Zitat:
Zitat:
Zitat:
schonmal für deine Bemühungen, Geduld und Hilfe |
|
14.10.2015, 19:07
| #12 | |
| /// Malwareteam | tradeadexchange adware in Chrome 45.0. Hi, Zitat:
|
|
15.10.2015, 13:47
| #13 |
| | tradeadexchange adware in Chrome 45.0. Alles klar danke dir :-) Dann kannst du dieses Thema schonmal aus deinen Abos löschen |
|
| Themen zu tradeadexchange adware in Chrome 45.0. |
| adware, einstellungen, erweiterung, eset, folge, forum, google, ide, infiziert, klicke, link, merkwürdig, problem, programm, prozess, revo uninstaller, scan, seite, seiten, stream, suche, tab, tools, tradeadexchange, trojaner, trojaner board, öffnet |
tradeadexchange adware in Chrome 45.0.
dann auf 
und dann auf 
. 
Emsisoft Anti-Malware
Microsoft Security Essentials
Mozilla Firefox
Google Chrome
Flash Player
Java
PDF Reader
Linear-Darstellung
