| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32Adware Bandoo.A [Engine B]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.11.2015, 12:10
| #1 |
 | ![Win32Adware Bandoo.A [Engine B] - Standard](images/icons/icon1.gif){kind=icon} Win32Adware Bandoo.A [Engine B] Hallo ..., mein Virenprogramm hat o.g. Adware festgestellt und in die Quarantäne verlagert. Der Bedrohungssuchlauf (Quickscan) von Malwarebytes hatte die Dateien in der Quarantäne angezeigt. Nach dem Lauf kam die Meldung: * Bedrohungssuchlauf abgeschlossen * Infizierte Dateien: 0 Nachfolgend das Ergebnis von OTL Code:
ATTFilter OTL logfile created on: 11.11.2015 09:46:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mar**.Ka**\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = Lokal** Internet Explorer (Version = 9.11.9600.18059) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 36,60% Memory free 7,92 Gb Paging File | 4,61 Gb Available in Paging File | 58,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,50 Gb Total Space | 335,04 Gb Free Space | 73,07% Space Free | Partition Type: NTFS Drive K: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive L: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive P: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Drive Q: | 411,68 Gb Total Space | 307,59 Gb Free Space | 74,71% Space Free | Partition Type: NTFS Computer Name: PC02 | User Name: Mar** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Mar**.Ka**\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) PRC - C:\Vetad\PROGRAMM\Install\DvInesASDMon.exe (Vetad eG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation) PRC - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH) PRC - C:\Vetad\SYSTEM\Vetad.Framework.RemoteServiceModel.GenericService2010.exe (Vetad eG) PRC - C:\Program Files (x86)\G DATA\AVK\AVK.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe (G Data Software AG) PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\Sws\SwmHintergrundDienst.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe (Vetad eG) PRC - C:\Vetad\PROGRAMM\B0000299\AS\as.exe (VetadeG) PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe () PRC - C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe (Haufe Mediengruppe) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (AGFEO ) PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 3\ashsnap.exe (ashampoo GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\lotus\organize\org6.exe (Lotus Development Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\e37d83389972f1e9dd30c55db9032a86\System.Data.Entity.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framed860c83e#\dc046ce4f21250cc979490e4d62ba100\Vetad.Framework.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.CC.AllPlugin\2b8d404c07c40cca9d402f5b2157e260\Vetad.CC.AllPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fe41e3eae34ac29f3c1f03a03d8aa1af\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\339dea31bc0a1a0a99ff83830bfe70af\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\27c90809eab824f09b8bdb1d5e789eaa\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\93a0883923e78cc3e80b7ac4a9768c60\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5eff995181b42a1570dc04a8ce7ae3bb\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Idena7b556ff#\3c0a6dbfd8bc52e1a2890639f82e1ef3\System.IdentityModel.Selectors.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\38c4c68111265ea3b0e895d6775437ff\System.Net.Http.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\23d2a4873fd11baa6849cdf02bf6ca05\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4977a9812be8d62c3b81e8a13c2ed1f9\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Secura6b79bdb#\923dbb12b6d5087e5e7e41596dd11a45\Vetad.Security.Iam.Contracts.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Secur70581328#\dd4b4bb197366b375e31f3df1f6055c0\Vetad.Security.IdentityManagement.IamClaimService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Secure2cdbedf#\b6337405a5431b4f33f97f24ea571075\Vetad.Security.IdentityManagement.Database.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network\ba79c3b73b93588941c9a9968fdf8059\Vetad.Network.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Netwod20dd46f#\42031fbcf8e75223d41c6449801f876f\Vetad.Network.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Network.PlugIn\3b9629fdf30bece3c2cc7592f8e9c845\Vetad.Network.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame10fc7270#\c28f6ab3ea91e771b58758e275789dde\Vetad.Framework.Validation.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame8c36d377#\26d1bf58de8a24ae69b0c97343b01d20\Vetad.Framework.UndoRedo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame2bd203b7#\743caea02e83f87cc0654c780391101c\Vetad.Framework.TraceListeners.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame44c3c082#\0a740323ab23e8ec4eb714f3ae2ba20e\Vetad.Framework.ServiceBus.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame63536a85#\818bfb4a29c8df3e8b9a5f508ef9dc2c\Vetad.Framework.Resources.Shared.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame40ac8fe1#\31287156b896fa30c546038e61748e03\Vetad.Framework.ResourceData.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framee718f93a#\414d1c63d0bafe9fdf06544c8604b07c\Vetad.Framework.RemoteServiceModel.GenericServiceBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame6d91350d#\6d30234f8327cd1e69408b7faf245513\Vetad.Framework.RemoteServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame042da1b0#\f8f8c09c9d68ce73fe60b4e747bfd19a\Vetad.Framework.Hosting.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame96062c26#\3c56306a352789e4950a3d11e85fe698\Vetad.Framework.Dataelements.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame6aef35fb#\3da0da3bee35c5b02dbed93eb7af59fb\Vetad.Framework.Filter.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framefddc5b0e#\eafeab584d907b942858b07011084c6e\Vetad.Framework.Environment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame20b6c0cc#\c5ce0fc358eb704ebd6ed587b7e39e53\Vetad.Framework.Data.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame14c1d090#\7fe97442b99d8c6f1523d6f3d2678ff5\Vetad.Framework.AppLauncher.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Databe47a69d7#\3bf3905f867e1b564b6f1b6bf987ec00\Vetad.Database.SqlAdminManager.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Datab270b2e75#\d109a1b931ab35282b9ac7587b5147f6\Vetad.Database.PublicInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Databbf5f3d03#\3f7a4303c0f4ad78d11ac1e628b6dabb\Vetad.Database.ConserveManager.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Datab8b231e4f#\3bad0c25e9902186f6340f13792c32f2\Vetad.Database.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Confi8547abd3#\90db73db18df38964b19831292a7e791\Vetad.ConfigDB.StorageProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.ConfigDB\87d7173f6af612bc20b7e7920b5ceb5d\Vetad.ConfigDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Confi7f21011d#\34db71a7a401054a3cad82c0775693c4\Vetad.ConfigDB.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Confic5300622#\1b9410ddebe4ecdc08d66587b4ea62c8\Vetad.ConfigDB.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.CC.Interfaces\253b856316f987647be272296f8d4651\Vetad.CC.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.CC.Check\d23ff534fd95908701008d31436df512\Vetad.CC.Check.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.CC.Aldcfb4663#\1950b130564dab85ff5662482cc3b0b1\Vetad.CC.AllInterface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Lexin97d5d026#\23985ee0673cc8fd6115f681293704eb\Vetad.Lexinform.Contracts.ni.dll () MOD - C:\Windows\assembly\GAC_32\Vetad.Nuko.ManagedNukoBase\5.4.0.0__cbc631f1c682336b\Vetad.Nuko.ManagedNukoBase.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ea4b09c3c6f55fc808fae12477465c1b\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ed906f21883851cfbb9bd06b0d2a4daa\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ed906f21883851cfbb9bd06b0d2a4daa\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt19c51595#\360b1d61ba6080668d559e2e44d6f8e6\System.Runtime.Caching.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame70a042b5#\eb60e39141b2993df1fd5780b2dfbfaf\Vetad.Framework.Compression.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Framee6a039ca#\3cc38b8a16434f9fe819e950b5578a87\Vetad.Framework.Diagnostics.RealTimeTracing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Vetad.Frame5644da5a#\0b00dae54d10abd94830c14a09ad3528\Vetad.Framework.MicroKernel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\c43edf71a72ae1d94ea73b3e7d3d488b\System.Data.OracleClient.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\59dc72440f000eead00c5c580bed26b3\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#\299bde77228859332b860dbc21252505\System.DirectoryServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\187177229c00aec6dec613ea4b9ff209\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\14cc73701aac461eb89d6473a88fcd56\System.ServiceModel.Internals.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\93729611cd078029e0000b18ee38f506\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\02a4633b5f85cdbec8e14a51bdb028f9\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\de2a832558f95db343e443c365bd3575\System.Numerics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll () MOD - C:\Program Files (x86)\PhraseExpress\pexlang.dll () MOD - C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.BaseCpp.dll () MOD - C:\Vetad\SYSTEM\DVCCSASCMtf001.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll () MOD - C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll () MOD - C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtWebKit4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtScript4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\phonon4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtGui4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtSql4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtNetwork4.dll () MOD - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\QtCore4.dll () MOD - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFCOffice2007Addin.dll () MOD - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 3\MouseHook.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - c:\lotus\compnent\lticnc90.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project) SRV:64bit: - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirusKit Client) -- C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (Vetad Update-Service) -- C:\Vetad\PROGRAMM\Install\DvInesASDSvc.Exe (Vetad eG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDBackupSvc) -- C:\Program Files (x86)\G Data\AVK\AVKBackupService.exe (G Data Software AG) SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Sicherheitspaket-Dienst) -- C:\Vetad\PROGRAMM\B0000398\SiPaHostService.exe (Vetad eG) SRV - (DVckService) -- C:\Vetad\PROGRAMM\B0000150\ScServer\DVckService.exe (Vetad eG) SRV - (VetadPrintService) -- C:\Vetad\PROGRAMM\B0001442\PSNTServ.exe (Vetad eG) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HRService) -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe () SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (KOBIL_MSDI) -- C:\Vetad\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (PDFProFiltSrv) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe (Nuance Communications, Inc.) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G DATA Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (GDKBB) -- C:\Windows\SysNative\drivers\GDKBB64.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (SC_SERV3D) -- C:\Windows\SysNative\drivers\d3_kafm.sys (Vetad eG) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (vidsflt) -- C:\Windows\SysNative\drivers\vidsflt.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (tib_mounter) -- C:\Windows\SysNative\drivers\tib_mounter.sys (Acronis) DRV:64bit: - (KOBCCID) -- C:\Windows\SysNative\drivers\KOBCCID.sys (KOBIL Systems GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (KOBCCEX) -- C:\Windows\SysNative\drivers\KOBCCEX.sys (KOBIL Systems GmbH) DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (IFCoEVB) -- C:\Windows\SysNative\drivers\ifP52x64.sys (Intel(R) Corporation) DRV:64bit: - (IFCoEMP) -- C:\Windows\SysNative\drivers\ifM52x64.sys (Intel(R) Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/28 IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes\{679374B8-BF0E-4E31-96D8-D47F9E30C085}: "URL" = https://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.order.3: "Bing " FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.selectedEngine: "Bing " FF - prefs.js..browser.startup.homepage: "http:/www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll () FF - HKLM\Software\MozillaPlugins\@Vetad.de/Vetad_BestellManager,version=1.7: C:\Vetad\PROGRAMM\A0000015\npdvbm.dll ( Vetad eG) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Mar**.Ka**\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 38.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015.08.26 16:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\Extensions [2012.01.04 18:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2015.09.24 11:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\Firefox\Profiles\gv7wjv9w.default\Extensions [2015.09.24 11:44:06 | 000,962,762 | ---- | M] () (No name found) -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\firefox\profiles\gv7wjv9w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014.06.21 12:14:49 | 000,006,057 | ---- | M] () -- C:\Users\Mar**.Ka**\AppData\Roaming\mozilla\firefox\profiles\gv7wjv9w.default\searchplugins\bingp.xml [2015.11.10 15:10:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2015.11.10 15:10:23 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com [2015.11.10 15:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.11.10 15:10:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\ CHR - Extension: No name found = C:\Users\Mar**.Ka**\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.10.31 01:21:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe64.dll (Vetad eG) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO64002.dll (Vetad eG) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\Vetad\PROGRAMM\B0000397\DtvIePwdSafe.dll (Vetad eG) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Vetad\SYSTEM\DVCCSASCardBHO002.dll (Vetad eG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] C:\Program Files\Common Files\MAYComputer\eDocPrintPro\ApplyEsf.exe (May Software) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.) O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AVK Client] C:\Program Files (x86)\G Data\AVK\AVK.exe (G Data Software AG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Vetad.CC.ControllerUserMode] C:\Vetad\PROGRAMM\RZKOMM\Vetad.CC.Processes.Cmd.exe StartRdtControllerUserMode -retry true File not found O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SiPaHost] C:\Vetad\PROGRAMM\B0000398\SiPaHost.exe (Vetad eG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwmHintergrunddienst] C:\Vetad\PROGRAMM\Sws\SwmHintergrundDienst.exe (Vetad eG) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - Startup: C:\Users\Mar**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Datum Start PC02.lnk = P:\BAT\Datum_Start_HO.bat () O4 - Startup: C:\Users\Mar**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip6.exe (Lotus Development Corporation) O4 - Startup: C:\Users\Mar**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tageszeitberechnung Mar**.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.) O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Mit Nuance PDF Converter 7.0 öffnen - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O9 - Extra Button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - c:\lotus\organize\bandobjs.dll () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.com ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.com ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.de ([]http is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.de ([]https is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.de ([www] http is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetad.de ([www] https is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetadnet.de ([*.services] http is out of zone range - 5) O15 - HKU\S-1-5-21-3160997517-2106278152-2557221923-1126\..Trusted Domains: Vetadnet.de ([*.services] https is out of zone range - 5) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.199.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ka**.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A070552C-AFA0-4964-887E-D5EDB484E8CE}: DhcpNameServer = 192.168.199.10 O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.11.11 09:43:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mar**.Ka**\Desktop\OTL.exe [2015.11.10 15:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2015.11.03 16:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2015.11.02 10:18:10 | 000,000,000 | ---D | C] -- C:\Users\Mar**.Ka**\AppData\Roaming\Nuance [2015.10.31 09:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2015.10.23 09:18:44 | 000,000,000 | ---D | C] -- C:\Users\Mar**.Ka**\AppData\Roaming\Help [2015.10.23 09:18:44 | 000,000,000 | ---D | C] -- C:\Users\Mar**.Ka**\AppData\Local\Help [2015.10.15 07:10:57 | 001,291,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll [2015.10.15 07:10:57 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll [2015.10.15 07:10:57 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll [2015.10.15 07:10:57 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll [2015.10.15 07:10:56 | 001,163,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2015.10.15 07:10:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll [2015.10.15 07:10:56 | 000,025,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe [2015.10.14 09:01:15 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2015.10.14 09:01:15 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015.10.14 09:01:15 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015.10.14 09:01:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2015.10.14 09:01:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2015.10.14 09:01:14 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2015.10.14 09:01:14 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2015.10.14 09:01:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2015.10.14 09:01:14 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2015.10.14 09:01:14 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2015.10.14 09:01:12 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015.10.14 09:01:12 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2015.10.14 09:01:12 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015.10.14 09:01:12 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2015.10.14 09:01:12 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2015.10.14 09:01:12 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2015.10.14 09:01:12 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2015.10.14 09:01:12 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2015.10.14 09:01:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2015.10.14 09:01:11 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015.10.14 09:01:11 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2015.10.14 09:01:11 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015.10.14 09:01:10 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015.10.14 09:01:10 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2015.10.14 09:01:09 | 002,126,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015.10.14 09:01:08 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2015.10.14 09:01:08 | 000,585,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015.10.14 09:01:08 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2015.10.14 09:01:07 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2015.10.14 09:01:07 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2015.10.14 09:01:07 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2015.10.14 09:01:07 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2015.10.14 09:01:06 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2015.10.14 09:01:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015.10.14 09:01:05 | 005,990,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015.10.14 09:01:05 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2015.10.14 09:01:05 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015.10.14 09:01:05 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2015.10.14 09:01:04 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2015.10.14 09:01:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2015.10.14 09:01:03 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015.10.14 08:23:09 | 001,866,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2015.10.14 08:23:08 | 001,498,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2015.10.14 08:18:26 | 003,168,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2015.10.14 08:18:26 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2015.10.14 08:18:26 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2015.10.14 08:18:26 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2015.10.14 08:18:26 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2015.10.14 08:18:26 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2015.10.14 08:18:26 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2015.10.14 08:18:26 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2015.10.14 08:18:26 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll [2015.10.14 08:18:26 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2015.10.14 08:18:26 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2015.10.14 08:18:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2015.10.14 08:18:26 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2015.10.14 08:18:26 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2015.10.14 08:18:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll [2015.10.14 08:18:16 | 005,569,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2015.10.14 08:18:14 | 003,990,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2015.10.14 08:18:14 | 003,936,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2015.10.14 08:18:13 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2015.10.14 08:18:11 | 001,730,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2015.10.14 08:18:11 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2015.10.14 08:18:11 | 001,216,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2015.10.14 08:18:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2015.10.14 08:18:11 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2015.10.14 08:18:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2015.10.14 08:18:11 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe [2015.10.14 08:18:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2015.10.14 08:18:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2015.10.14 08:18:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2015.10.14 08:18:10 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2015.10.14 08:18:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2015.10.14 08:18:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2015.10.14 08:18:10 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe [2015.10.14 08:18:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll [2015.10.14 08:18:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe [2015.10.14 08:18:10 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll [2015.10.14 08:18:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2015.10.14 08:18:10 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2015.10.14 08:18:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2015.10.14 08:18:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2015.10.14 08:18:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2015.10.14 08:18:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2015.10.14 08:18:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2015.10.14 08:18:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2015.10.14 08:18:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2015.10.14 08:18:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2015.10.14 08:18:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2015.10.14 08:18:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2015.10.14 08:18:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2015.10.14 08:18:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2015.10.14 08:18:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2015.10.14 08:18:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2015.10.14 08:18:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2015.10.14 08:18:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2015.10.14 08:18:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2015.10.14 08:18:09 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll [2015.10.14 08:18:09 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll [2015.10.14 08:18:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll [2015.10.14 08:18:09 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll [2015.10.14 08:18:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll [2015.10.14 08:18:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll [2015.10.14 08:17:51 | 000,616,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2015.10.14 08:17:50 | 000,692,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2015.10.14 08:17:49 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe [2015.10.14 08:17:49 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll [2015.10.14 08:17:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll [2015.10.14 08:17:49 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll [2015.10.14 08:17:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe [2015.10.14 08:17:23 | 000,984,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ucrtbase.dll [2015.10.14 08:17:23 | 000,901,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ucrtbase.dll [2015.10.14 08:17:23 | 000,066,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll [2015.10.14 08:17:23 | 000,063,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-private-l1-1-0.dll [2015.10.14 08:17:23 | 000,022,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll [2015.10.14 08:17:23 | 000,020,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-math-l1-1-0.dll [2015.10.14 08:17:23 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll [2015.10.14 08:17:23 | 000,019,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-multibyte-l1-1-0.dll [2015.10.14 08:17:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll [2015.10.14 08:17:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-string-l1-1-0.dll [2015.10.14 08:17:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll [2015.10.14 08:17:23 | 000,017,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-stdio-l1-1-0.dll [2015.10.14 08:17:23 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll [2015.10.14 08:17:23 | 000,016,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-runtime-l1-1-0.dll [2015.10.14 08:17:23 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll [2015.10.14 08:17:23 | 000,015,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-convert-l1-1-0.dll [2015.10.14 08:17:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll [2015.10.14 08:17:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-time-l1-1-0.dll [2015.10.14 08:17:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll [2015.10.14 08:17:23 | 000,014,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-2-0.dll [2015.10.14 08:17:23 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll [2015.10.14 08:17:23 | 000,013,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-filesystem-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-process-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-heap-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-conio-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-utility-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-locale-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-crt-environment-l1-1-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-2-0.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll [2015.10.14 08:17:23 | 000,012,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-1.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-eventing-provider-l1-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-eventing-provider-l1-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l2-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-timezone-l1-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l2-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l2-1-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-2-0.dll [2015.10.14 08:17:23 | 000,011,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-2-0.dll [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.11.11 09:43:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mar**.Ka**\Desktop\OTL.exe [2015.11.11 09:29:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.11.11 09:28:58 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015.11.11 09:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.11.11 08:15:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015.11.11 07:50:47 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015.11.11 07:50:47 | 000,027,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015.11.11 07:48:06 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.11.11 07:48:06 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.11.11 07:48:06 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.11.11 07:48:06 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.11.11 07:48:06 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.11.11 07:41:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.11.11 07:40:54 | 3188,219,904 | -HS- | M] () -- C:\hiberfil.sys [2015.11.10 16:22:52 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.11.10 16:20:28 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.11.09 20:25:47 | 000,005,819 | ---- | M] () -- C:\Users\Mar**.Ka**\AppData\Local\EmptySettings.xml [2015.11.03 16:57:05 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2015.10.26 08:02:44 | 000,433,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.10.25 23:17:59 | 000,002,311 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Reuets Office aufrufen.lnk [2015.10.25 23:04:11 | 000,002,875 | ---- | M] () -- C:\Users\Public\Desktop\Haufe Formular-Manager.lnk [2015.10.21 12:53:07 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPC02$.job [2015.10.21 00:05:57 | 000,000,526 | ---- | M] () -- C:\Windows\ODBC.INI [2015.10.21 00:01:56 | 000,000,021 | ---- | M] () -- C:\Windows\DvInesKurusOleServer003.INI [2015.10.20 23:59:29 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Vetad Arbeitsplatz pro V.6.11.lnk [2015.10.19 07:27:02 | 000,780,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015.10.19 07:27:02 | 000,142,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.10.25 23:17:59 | 000,002,311 | ---- | C] () -- C:\Users\Public\Desktop\Haufe Reuets Office aufrufen.lnk [2015.10.20 23:59:29 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Vetad Arbeitsplatz pro V.6.11.lnk [2015.09.11 23:03:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\bdcore.dll [2015.08.29 17:24:17 | 000,005,819 | ---- | C] () -- C:\Users\Mar**.Ka**\AppData\Local\EmptySettings.xml [2015.08.26 17:02:03 | 000,000,125 | ---- | C] () -- C:\Windows\DVInesPreparationExecuter.INI [2012.11.10 14:46:06 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.01.03 09:48:14 | 000,003,086 | RHS- | C] () -- C:\ProgramData\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.08.06 19:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.08.06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2015.08.26 16:02:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vetad [2013.03.14 09:50:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera [2013.03.14 09:47:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PhraseExpress [2013.03.14 09:51:42 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer [2013.03.14 09:51:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Zeon [2015.08.26 16:16:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vetad [2015.08.26 16:25:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PhraseExpress [2015.08.26 16:17:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Zeon [2013.03.24 09:26:46 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\6CC4B83C-4DCA-4D34-B3BB-69824D6FDF3E [2013.03.24 15:58:39 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\8AE05EE8-0ADB-4E64-BA3B-CAC0808D09F1 [2012.09.30 16:29:08 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Acronis [2012.01.19 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\AGFEO [2012.07.07 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Canneverbe Limited [2012.01.04 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Vetad [2012.01.04 11:02:32 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\DMS [2015.07.19 22:24:31 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\DVASSV [2012.01.13 09:26:53 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\elsterformular [2013.10.28 21:54:54 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\FreeCommander [2013.03.20 14:16:33 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Geldanlagen [2012.01.04 18:43:12 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Haufe Mediengruppe [2013.10.25 13:30:12 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\CSH-Software [2012.01.27 07:59:51 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\klickTel [2014.01.07 14:01:05 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\MAY Computer [2013.10.29 12:11:16 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Nuance [2012.01.03 19:09:20 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Opera [2014.03.08 08:35:36 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\PhraseExpress [2015.08.13 13:31:08 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\SkyCom [2013.08.30 09:52:00 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\TaxNMore [2015.01.16 09:49:32 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\TeamViewer [2012.09.29 10:24:44 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Thunderbird [2013.03.31 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\TuneUp Software [2014.01.09 11:39:50 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Vorfälligkeitsrechner [2012.03.04 19:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mar**\AppData\Roaming\Zeon [2015.09.04 14:35:48 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Acronis [2015.08.28 11:22:24 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\AGFEO [2015.08.26 18:53:49 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Vetad [2015.08.26 18:07:25 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\DVASSV [2015.08.31 08:58:10 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\elsterformular [2015.09.07 12:23:30 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\FreeCommander [2015.08.31 17:31:49 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Haufe Mediengruppe [2015.11.02 10:18:10 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Nuance [2015.08.26 16:56:22 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\PhraseExpress [2015.09.07 17:03:30 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\SkyCom [2015.09.07 10:03:50 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\TeamViewer [2015.08.26 16:12:26 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Thunderbird [2015.08.26 16:11:26 | 000,000,000 | ---D | M] -- C:\Users\Mar**.Ka**\AppData\Roaming\Zeon [2012.01.03 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\Vetad [2012.01.03 13:33:46 | 000,000,000 | ---D | M] -- C:\Users\Gnuj\AppData\Roaming\DMS [2012.03.04 19:08:45 | 000,000,000 | ---D | M] -- C:\Users\Dom**\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 255 bytes -> C:\ProgramData\Temp:0574215C @Alternate Data Stream - 247 bytes -> C:\ProgramData\Temp:D95ACC7D < End of report > |
| Themen zu Win32Adware Bandoo.A [Engine B] |
| adobe, adobe flash player, adware, autorun, bho, converter, defender, error, excel, explorer, firefox, flash player, format, helper, infizierte, logfile, microsoft, mozilla, nodrives, pdf, programm, realtek, registry, software, temp, windows |
![Win32Adware Bandoo.A [Engine B]](iconimages/plagegeister-aller-art-deren-bekaempfung/win32adware-bandoo-a-engine-b_ltr.gif)
Baum-Darstellung