Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.11.2015, 13:46   #16
nora.s
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Sorry, sorry, sorry!!!
War doch die richtige Datei. Sie wurde wohl nur vorgestern aktualisiert, aber gestern erstellt...

Alt 15.11.2015, 13:54   #17
M-K-D-B
/// TB-Ausbilder
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Zitat:
Zitat von nora.s Beitrag anzeigen
Sorry, sorry, sorry!!!
War doch die richtige Datei. Sie wurde wohl nur vorgestern aktualisiert, aber gestern erstellt...
Ich weiß, dass es die richtige Datei war.

Vielen Dank dafür!


Bitte sieh dir nochmal meinen letzten Post an und führe die nächsten Schritte aus.
Vielen Dank.
__________________


Alt 15.11.2015, 18:23   #18
nora.s
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Hallo!
Habe alle Programme durchlaufen lassen. Während zoek gelaufen ist, kam folgende Fehlermeldung:
Zitat:
Zeile 68; Zeichen 6; Fehler: Der Pfad wude nicht gefunden; Code: 0; URL: file:///C:/Users/Notebook/AppData/local/temp/zoekrun.hta
Nach HitmanPro ist der PC abgestürzt; lief aber nach erneutem Hochfahren wieder.

Bei HitmanPro bin ich mir auch wieder nicht sicher ob es die richtige Logdatei ist..
Hier die Dateien:

Code:
ATTFilter
18:11:32 = Process Attach
18:11:32 = end process attach

18:11:32 = ***** NULL == SampleProvider *****

18:11:32 = hWnd = 0x0003032e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
18:11:32 = hWnd = 0x000403a0; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:32 = hWnd = 0x000403aa; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:32 = hWnd = 0x000403ea; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
18:11:32 = hWnd = 0x000403a4; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:32 = hWnd = 0x00050324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:32 = hWnd = 0x00030328; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:32 = hWnd = 0x000203d2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000602ca; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000a0396; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000403a8; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x0003032a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = Need to re-create objects.

18:11:32 = s1.

18:11:32 = s2.

18:11:32 = find user name
18:11:32 = Start show animate
18:11:33 = Shell Excutute VerifyHost
18:11:33 = find user name
18:11:33 = find user name
18:11:33 = find user name
18:11:33 = begin close Process
18:11:33 = Terminate Process
18:11:34 = end close Process
18:11:34 = DLL_PROCESS_DETACH

18:11:43 = Process Attach
18:11:43 = end process attach

18:11:43 = ##### Begin waiting Mutex to release process #####

18:11:43 = ***** NULL == SampleProvider *****

18:11:43 = hWnd = 0x0004032c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:43 = hWnd = 0x0004032a; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:43 = hWnd = 0x00040364; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x0004036c; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000503e4; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000603a6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:11:43 = hWnd = 0x000503a0; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:11:43 = hWnd = 0x000503aa; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:43 = hWnd = 0x000503a4; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:43 = hWnd = 0x000403dc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:43 = hWnd = 0x000503a8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000403ec; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000b0396; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000603ac; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = Need to re-create objects.

18:11:43 = s1.

18:11:43 = s2.

18:11:43 = find user name
18:11:43 = Start show animate
18:11:45 = Shell Excutute VerifyHost
18:11:45 = find user name
18:11:46 = find user name
18:11:47 = begin close Process
18:11:47 = Terminate Process
18:11:48 = end close Process
18:11:48 = DLL_PROCESS_DETACH

18:11:51 = Process Attach
18:11:51 = end process attach

18:11:51 = ***** NULL == SampleProvider *****

18:11:51 = hWnd = 0x000503ee; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:51 = hWnd = 0x000d0396; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:51 = hWnd = 0x000603a8; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:11:51 = hWnd = 0x00050328; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:11:51 = hWnd = 0x000403fa; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000403da; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000503dc; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:51 = hWnd = 0x0005032c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:51 = hWnd = 0x0007036c; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:51 = hWnd = 0x000703e0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000703ac; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000503ec; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000c0324; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = Need to re-create objects.

18:11:51 = s1.

18:11:51 = s2.

18:11:51 = find user name
18:11:51 = Start show animate
18:11:52 = Shell Excutute VerifyHost
18:11:52 = find user name
18:11:53 = begin close Process
18:11:53 = Terminate Process
18:11:54 = end close Process
18:11:54 = DLL_PROCESS_DETACH

18:17:39 = Process Attach
18:17:39 = end process attach

18:17:39 = ##### Begin waiting Mutex to release process #####

18:17:39 = ***** NULL == SampleProvider *****

18:17:39 = hWnd = 0x00d103fa; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:17:39 = hWnd = 0x000902f6; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:17:39 = hWnd = 0x00060326; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000a0388; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000603b4; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x0004017e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=4, y=271, width=466, height=378
18:17:39 = hWnd = 0x00060312; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=252, width=491, height=476
18:17:39 = hWnd = 0x00090322; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:17:39 = hWnd = 0x00040176; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:17:39 = hWnd = 0x000502e2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:17:39 = hWnd = 0x000502d8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000602e8; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000502e6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x00090320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = Need to re-create objects.

18:17:39 = s1.

18:17:39 = s2.

18:17:39 = find user name
18:17:39 = Start show animate
18:17:40 = Shell Excutute VerifyHost
18:17:40 = find user name
18:17:42 = find user name
18:17:42 = begin close Process
18:17:42 = Terminate Process
18:17:43 = end close Process
18:17:43 = DLL_PROCESS_DETACH

18:18:45 = Process Attach
18:18:45 = end process attach

18:18:45 = ***** NULL == SampleProvider *****

18:18:45 = hWnd = 0x000702e2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:18:45 = hWnd = 0x000d033c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:18:45 = hWnd = 0x00080312; ClassName: #32770; Title: Benutzerkontensteuerung.
x=23f, y=245, width=216, height=238
18:18:45 = hWnd = 0x000b02f6; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:18:45 = hWnd = 0x000b0320; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:18:45 = hWnd = 0x00100324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:18:45 = hWnd = 0x0007026e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:18:45 = hWnd = 0x000b0322; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x000702ea; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x000b036c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x00090326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = Need to re-create objects.

18:18:45 = s1.

18:18:45 = s2.

18:18:45 = find user name
18:18:45 = Start show animate
18:18:46 = Shell Excutute VerifyHost
18:18:46 = find user name
18:18:47 = find user name
18:18:47 = begin close Process
18:18:47 = Terminate Process
18:18:48 = end close Process
18:18:48 = DLL_PROCESS_DETACH

18:18:51 = Process Attach
18:18:51 = end process attach

18:18:51 = ***** NULL == SampleProvider *****

18:18:51 = hWnd = 0x000f0388; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:18:51 = hWnd = 0x000d036c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:18:51 = hWnd = 0x000c02f6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:18:51 = hWnd = 0x000902e6; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:18:51 = hWnd = 0x0008026e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:18:51 = hWnd = 0x000802e2; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:18:51 = hWnd = 0x000802d6; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:18:51 = hWnd = 0x000802f0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x000c0320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x00100380; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x000a0326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x00100344; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = Need to re-create objects.

18:18:51 = s1.

18:18:51 = s2.

18:18:51 = find user name
18:18:51 = Start show animate
18:18:53 = Shell Excutute VerifyHost
18:18:53 = begin close Process
18:18:53 = Terminate Process
18:18:54 = end close Process
18:18:54 = DLL_PROCESS_DETACH

18:22:14 = Process Attach
18:22:14 = end process attach

18:22:14 = ##### Begin waiting Mutex to release process #####

18:22:14 = ***** NULL == SampleProvider *****

18:22:14 = hWnd = 0x0015035c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:22:14 = hWnd = 0x001c036c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:22:14 = hWnd = 0x000401f4; ClassName: #32770; Title: Benutzerkontensteuerung.
x=23b, y=195, width=466, height=399
18:22:14 = hWnd = 0x000a03bc; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=1a2, y=180, width=788, height=489
18:22:14 = hWnd = 0x00070352; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x00040254; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000b0336; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:22:14 = hWnd = 0x000a0338; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:22:14 = hWnd = 0x001d02e2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:22:14 = hWnd = 0x00040160; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x00100350; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000401ae; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000f0176; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = Need to re-create objects.

18:22:14 = s1.

18:22:14 = s2.

18:22:14 = find user name
18:22:14 = Start show animate
18:22:16 = Shell Excutute VerifyHost
18:22:16 = find user name
18:22:16 = begin close Process
18:22:16 = Terminate Process
18:22:17 = end close Process
18:22:17 = DLL_PROCESS_DETACH

18:38:19 = Process Attach
18:38:19 = end process attach

18:38:19 = ***** NULL == SampleProvider *****

18:38:19 = ##### Begin waiting Mutex to release process #####

18:38:19 = hWnd = 0x00150354; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:38:19 = hWnd = 0x000f03f8; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:38:19 = hWnd = 0x0006025e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:38:19 = hWnd = 0x00100394; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:38:21 = Process Attach
18:38:21 = ## ERR ## Setevent

18:38:21 = ***** NULL == SampleProvider *****

18:38:21 = begin close Process
18:38:21 = end close Process
18:38:21 = ##### Get event and release process end #####

18:38:21 = hWnd = 0x0062009e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
18:38:21 = hWnd = 0x00160084; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:38:21 = hWnd = 0x00030044; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:38:21 = hWnd = 0x001b007c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:39:14 = Process Attach
18:39:14 = end process attach

18:39:14 = ***** NULL == SampleProvider *****

18:39:14 = ##### Begin waiting Mutex to release process #####

18:39:14 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:39:14 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:39:14 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:39:14 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:39:23 = Need to re-create objects.

18:39:23 = s1.

18:39:23 = s2.

18:39:23 = find user name
18:39:23 = Start show animate
18:39:25 = Shell Excutute VerifyHost
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:30 = find user name
18:39:30 = find user name
18:39:30 = find user name
18:39:41 = begin close Process
18:39:41 = Terminate Process
18:39:42 = end close Process
18:39:42 = DLL_PROCESS_DETACH

18:40:44 = Process Attach
18:40:44 = end process attach

18:40:44 = ##### Begin waiting Mutex to release process #####

18:40:44 = ***** NULL == SampleProvider *****

18:40:44 = hWnd = 0x000302d6; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:40:44 = hWnd = 0x000202da; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:40:44 = hWnd = 0x000103a2; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
18:40:44 = hWnd = 0x0002039a; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
18:40:44 = hWnd = 0x000103c2; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000103c6; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x00040394; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:40:44 = hWnd = 0x0001039e; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:40:44 = hWnd = 0x000602d2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:40:44 = hWnd = 0x0001039c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x00020398; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000103a0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000502ce; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = Need to re-create objects.

18:40:44 = s1.

18:40:44 = s2.

18:40:44 = find user name
18:40:44 = Start show animate
18:40:45 = Shell Excutute VerifyHost
18:40:45 = find user name
18:40:46 = begin close Process
18:40:46 = Terminate Process
18:40:47 = end close Process
18:40:47 = DLL_PROCESS_DETACH

18:59:2 = Process Attach
18:59:2 = end process attach

18:59:2 = ***** NULL == SampleProvider *****

18:59:2 = hWnd = 0x000403ba; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:59:2 = hWnd = 0x000a039c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:59:2 = hWnd = 0x000403b0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:59:2 = hWnd = 0x000403bc; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:59:6 = Process Attach
18:59:6 = ## ERR ## Setevent

18:59:6 = ##### Get event and release process #####

18:59:6 = begin close Process
18:59:6 = end close Process
18:59:6 = ##### Get event and release process end #####

18:59:49 = Process Attach
18:59:49 = end process attach

18:59:49 = ***** NULL == SampleProvider *****

18:59:49 = ##### Begin waiting Mutex to release process #####

18:59:49 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:59:49 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:59:49 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:59:49 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:59:56 = Need to re-create objects.

18:59:56 = s1.

18:59:56 = s2.

18:59:56 = find user name
18:59:56 = Start show animate
18:59:58 = Shell Excutute VerifyHost
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
19:0:1 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:3 = find user name
19:0:3 = find user name
19:0:3 = find user name
21:37:14 = Process Attach
21:37:14 = end process attach

21:37:14 = ##### Begin waiting Mutex to release process #####

21:37:14 = hWnd = 0x0008034c; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:37:14 = hWnd = 0x000602c6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x00020352; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x0002032e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x0005036a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = Need to re-create objects.

21:37:14 = s1.

21:37:14 = s2.

21:37:14 = find user name
21:37:14 = Start show animate
21:37:16 = Shell Excutute VerifyHost
21:37:16 = begin close Process
21:37:16 = Terminate Process
21:37:17 = end close Process
21:37:17 = DLL_PROCESS_DETACH

21:37:28 = Process Attach
21:37:28 = end process attach

21:37:28 = ##### Begin waiting Mutex to release process #####

21:37:28 = ***** NULL == SampleProvider *****

21:37:28 = hWnd = 0x0006036a; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
21:37:28 = hWnd = 0x0009034c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
21:37:28 = hWnd = 0x0003038e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030378; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030374; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x000702c6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
21:37:28 = hWnd = 0x0009035c; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
21:37:28 = hWnd = 0x00080392; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
21:37:28 = hWnd = 0x0003033c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
21:37:28 = hWnd = 0x0005032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:37:28 = hWnd = 0x00030346; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x000b03fe; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030352; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x0007039c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = Need to re-create objects.

21:37:28 = s1.

21:37:28 = s2.

21:37:28 = find user name
21:37:28 = Start show animate
21:37:29 = Shell Excutute VerifyHost
21:37:29 = find user name
21:37:34 = begin close Process
21:37:34 = Terminate Process
21:37:35 = end close Process
21:37:35 = DLL_PROCESS_DETACH

21:43:3 = Process Attach
21:43:3 = end process attach

21:43:3 = ***** NULL == SampleProvider *****

21:43:3 = hWnd = 0x00110378; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
21:43:3 = hWnd = 0x000603ae; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
21:43:3 = hWnd = 0x000403da; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = ##### Begin waiting Mutex to release process #####

21:43:3 = hWnd = 0x000603e0; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000502c8; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x00060154; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
21:43:3 = hWnd = 0x00080394; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
21:43:3 = hWnd = 0x000a0354; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
21:43:3 = hWnd = 0x0008036a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
21:43:3 = hWnd = 0x000502d2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:43:3 = hWnd = 0x000a0352; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000c032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000a0392; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x00070320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = Need to re-create objects.

21:43:3 = s1.

21:43:3 = s2.

21:43:3 = find user name
21:43:3 = Start show animate
21:43:4 = Shell Excutute VerifyHost
21:43:4 = find user name
21:43:5 = begin close Process
21:43:5 = Terminate Process
21:43:6 = end close Process
21:43:6 = DLL_PROCESS_DETACH

0:11:53 = Process Attach
0:11:53 = end process attach

0:11:53 = ##### Begin waiting Mutex to release process #####

0:11:53 = hWnd = 0x00110352; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
0:11:53 = hWnd = 0x000c02fe; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
0:11:53 = hWnd = 0x000902f8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
0:11:53 = hWnd = 0x000e033c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
0:11:56 = Process Attach
0:11:56 = ## ERR ## Setevent

0:11:56 = ##### Get event and release process #####

0:11:56 = begin close Process
0:11:56 = end close Process
0:11:56 = ##### Get event and release process end #####

0:11:56 = ***** NULL == SampleProvider *****

0:11:56 = hWnd = 0x00cf0072; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
0:11:56 = hWnd = 0x00cf005a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
0:11:56 = hWnd = 0x00030078; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
0:11:56 = hWnd = 0x00980038; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
9:11:39 = Process Attach
9:11:39 = end process attach

9:11:39 = ***** NULL == SampleProvider *****

9:11:39 = ##### Begin waiting Mutex to release process #####

9:11:39 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
9:11:39 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
9:11:39 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
9:11:39 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
9:11:39 = Need to re-create objects.

9:11:39 = s1.

9:11:39 = s2.

9:11:39 = find user name
9:11:39 = Start show animate
9:11:41 = Shell Excutute VerifyHost
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:11 = find user name
9:15:11 = find user name
9:15:11 = find user name
9:15:18 = begin close Process
9:15:18 = Terminate Process
9:15:19 = end close Process
9:15:19 = DLL_PROCESS_DETACH

12:31:1 = Process Attach
12:31:1 = end process attach

12:31:1 = ##### Begin waiting Mutex to release process #####

12:31:1 = hWnd = 0x0002041a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
12:31:1 = hWnd = 0x00040440; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
12:31:1 = hWnd = 0x000203c0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
12:31:1 = hWnd = 0x000803b0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
12:31:1 = Need to re-create objects.

12:31:1 = s1.

12:31:1 = s2.

12:31:1 = find user name
12:31:1 = Start show animate
12:31:3 = Is Black Sceen wait
12:31:3 = black wait1
12:31:4 = Is Black Sceen wait
12:31:4 = black wait2
12:31:6 = Is Black Sceen wait
12:31:6 = black wait3
12:37:11 = Shell Excutute VerifyHost
12:37:14 = find user name
12:37:14 = find user name
12:37:14 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:35 = begin close Process
12:37:35 = Terminate Process
12:37:36 = end close Process
12:37:36 = DLL_PROCESS_DETACH

13:26:50 = Process Attach
13:26:50 = end process attach

13:26:50 = ***** NULL == SampleProvider *****

13:26:50 = hWnd = 0x000b0434; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
13:26:50 = hWnd = 0x000a0472; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
13:26:50 = hWnd = 0x000b03f6; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00070490; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x000f0432; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x001003ec; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
13:26:50 = hWnd = 0x0004046c; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
13:26:50 = hWnd = 0x001003fa; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
13:26:50 = hWnd = 0x000a045a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
13:26:50 = hWnd = 0x000b033a; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
13:26:50 = hWnd = 0x002203d0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00100428; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x000f03bc; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00100476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = Need to re-create objects.

13:26:50 = s1.

13:26:50 = s2.

13:26:50 = find user name
13:26:50 = Start show animate
13:26:52 = Shell Excutute VerifyHost
13:26:52 = begin close Process
13:26:52 = end close Process
13:26:52 = DLL_PROCESS_DETACH

13:26:55 = Process Attach
13:26:55 = end process attach

13:26:55 = ***** NULL == SampleProvider *****

13:26:55 = hWnd = 0x000503a6; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
13:26:55 = ##### Begin waiting Mutex to release process #####

13:26:55 = hWnd = 0x000b0454; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
13:26:55 = hWnd = 0x00110428; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
13:26:55 = hWnd = 0x001103d8; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
13:26:55 = hWnd = 0x00110412; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x000e044e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x000c033a; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
13:26:55 = hWnd = 0x000c0434; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
13:26:55 = hWnd = 0x001203bc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
13:26:55 = hWnd = 0x000d03e4; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x00110476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x0005046c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x00080398; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = Need to re-create objects.

13:26:55 = s1.

13:26:55 = s2.

13:26:55 = find user name
13:26:55 = Start show animate
13:26:57 = Shell Excutute VerifyHost
13:26:57 = find user name
13:26:58 = begin close Process
13:26:58 = Terminate Process
13:26:59 = end close Process
13:26:59 = DLL_PROCESS_DETACH

14:11:3 = Process Attach
14:11:3 = end process attach

14:11:3 = ##### Begin waiting Mutex to release process #####

14:11:3 = ***** NULL == SampleProvider *****

14:11:3 = hWnd = 0x000703b2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:3 = hWnd = 0x0005031e; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:3 = hWnd = 0x000403a8; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:3 = hWnd = 0x000303ac; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:3 = hWnd = 0x001803a0; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x002d03ce; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x00030324; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:3 = hWnd = 0x00030310; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:3 = hWnd = 0x0003032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:3 = hWnd = 0x0006032c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x00030326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x0004035a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x0003031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = Need to re-create objects.

14:11:3 = s1.

14:11:3 = s2.

14:11:3 = find user name
14:11:3 = Start show animate
14:11:4 = Shell Excutute VerifyHost
14:11:4 = find user name
14:11:4 = find user name
14:11:5 = begin close Process
14:11:5 = end close Process
14:11:5 = DLL_PROCESS_DETACH

14:11:5 = Process Attach
14:11:5 = end process attach

14:11:5 = ##### Begin waiting Mutex to release process #####

14:11:5 = ***** NULL == SampleProvider *****

14:11:5 = hWnd = 0x0006031e; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:5 = hWnd = 0x001a03ea; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:5 = hWnd = 0x0016046c; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:5 = hWnd = 0x000403ac; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:5 = hWnd = 0x00040320; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x00030322; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x001c03a0; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:5 = hWnd = 0x00040324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:5 = hWnd = 0x00060334; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:5 = hWnd = 0x0007032c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x000803b2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x00140476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x0004032e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = Need to re-create objects.

14:11:5 = s1.

14:11:5 = s2.

14:11:5 = find user name
14:11:5 = Start show animate
14:11:6 = Shell Excutute VerifyHost
14:11:6 = find user name
14:11:7 = find user name
14:11:7 = begin close Process
14:11:7 = Terminate Process
14:11:8 = end close Process
14:11:8 = DLL_PROCESS_DETACH

14:11:8 = Process Attach
14:11:8 = end process attach

14:11:8 = ##### Begin waiting Mutex to release process #####

14:11:8 = ***** NULL == SampleProvider *****

14:11:8 = hWnd = 0x00070334; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:8 = hWnd = 0x002303bc; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:8 = hWnd = 0x00050326; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:8 = hWnd = 0x001b03ea; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:8 = hWnd = 0x0005018e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x000703aa; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0005032e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:8 = hWnd = 0x001d03a0; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:8 = hWnd = 0x00160476; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:8 = hWnd = 0x0007031e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0005031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0008032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x00070318; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = Need to re-create objects.

14:11:8 = s1.

14:11:8 = s2.

14:11:8 = find user name
14:11:8 = Start show animate
14:11:10 = Shell Excutute VerifyHost
14:11:10 = find user name
14:11:11 = find user name
14:11:11 = begin close Process
14:11:11 = Terminate Process
14:11:12 = end close Process
14:11:12 = DLL_PROCESS_DETACH

14:11:19 = Process Attach
14:11:19 = end process attach

14:11:19 = ##### Begin waiting Mutex to release process #####

14:11:19 = ***** NULL == SampleProvider *****

14:11:19 = hWnd = 0x00060310; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:19 = hWnd = 0x0007035a; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:19 = hWnd = 0x00110396; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x00190480; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x00080318; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
14:11:19 = hWnd = 0x002403e0; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:11:19 = hWnd = 0x003203ce; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:19 = hWnd = 0x00080324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:19 = hWnd = 0x000e047a; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:19 = hWnd = 0x00180476; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x002003a0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x000a03aa; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x0007033c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = Need to re-create objects.

14:11:19 = s1.

14:11:19 = s2.

14:11:19 = find user name
14:11:19 = Start show animate
14:11:20 = Shell Excutute VerifyHost
14:11:20 = find user name
14:11:21 = begin close Process
14:11:21 = Terminate Process
14:11:22 = end close Process
14:11:22 = DLL_PROCESS_DETACH

14:15:45 = Process Attach
14:15:45 = end process attach

14:15:45 = ***** NULL == SampleProvider *****

14:15:45 = hWnd = 0x001b03ca; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:15:45 = hWnd = 0x001c0480; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:15:45 = hWnd = 0x00090340; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:15:45 = hWnd = 0x000b0324; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:15:49 = Process Attach
14:15:49 = ## ERR ## Setevent

14:15:49 = ##### Get event and release process #####

14:15:49 = begin close Process
14:15:49 = end close Process
14:15:49 = ##### Get event and release process end #####

14:15:49 = ***** NULL == SampleProvider *****

14:15:49 = hWnd = 0x0002010e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
14:15:49 = hWnd = 0x0002012a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:15:49 = hWnd = 0x000200b0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:15:49 = hWnd = 0x00020128; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:17:17 = Process Attach
14:17:17 = end process attach

14:17:17 = ***** NULL == SampleProvider *****

14:17:17 = ##### Begin waiting Mutex to release process #####

14:17:17 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:17:17 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:17:17 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:17:17 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:17:20 = Need to re-create objects.

14:17:20 = s1.

14:17:20 = s2.

14:17:20 = find user name
14:17:20 = Start show animate
14:17:21 = Shell Excutute VerifyHost
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:18:10 = begin close Process
14:18:10 = Terminate Process
14:18:11 = end close Process
14:18:11 = DLL_PROCESS_DETACH

14:20:6 = Process Attach
14:20:6 = end process attach

14:20:6 = ##### Begin waiting Mutex to release process #####

14:20:6 = ***** NULL == SampleProvider *****

14:20:6 = hWnd = 0x00050324; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:20:6 = hWnd = 0x00050322; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:20:6 = hWnd = 0x00010342; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x00010346; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0001034a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0006031e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:20:6 = hWnd = 0x00050330; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:20:6 = hWnd = 0x0005031a; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:20:6 = hWnd = 0x000302d8; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:20:6 = hWnd = 0x0005032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:20:6 = hWnd = 0x000302d6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x00050316; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0006032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0005031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = Need to re-create objects.

14:20:6 = s1.

14:20:6 = s2.

14:20:6 = find user name
14:20:6 = Start show animate
14:20:7 = Shell Excutute VerifyHost
14:20:7 = find user name
14:20:8 = find user name
14:20:8 = begin close Process
14:20:8 = Terminate Process
14:20:9 = end close Process
14:20:9 = DLL_PROCESS_DETACH

14:20:13 = Process Attach
14:20:13 = end process attach

14:20:13 = ##### Begin waiting Mutex to release process #####

14:20:13 = ***** NULL == SampleProvider *****

14:20:13 = hWnd = 0x00060314; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:20:13 = hWnd = 0x0008032c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:20:13 = hWnd = 0x0002033e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0002033a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0004030e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x00030348; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:20:13 = hWnd = 0x00060320; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:20:13 = hWnd = 0x0006032e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:20:13 = hWnd = 0x00030356; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:20:13 = hWnd = 0x00040346; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:20:13 = hWnd = 0x0008031e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0006031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x00060322; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x000d002a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = Need to re-create objects.

14:20:13 = s1.

14:20:13 = s2.

14:20:13 = find user name
14:20:13 = Start show animate
14:20:15 = Shell Excutute VerifyHost
14:20:15 = find user name
14:20:16 = begin close Process
14:20:16 = Terminate Process
14:20:17 = end close Process
14:20:17 = DLL_PROCESS_DETACH

14:39:11 = Process Attach
14:39:11 = end process attach

14:39:11 = ***** NULL == SampleProvider *****

14:39:11 = ##### Begin waiting Mutex to release process #####

14:39:11 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:39:11 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:39:11 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:39:11 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:39:35 = Need to re-create objects.

14:39:35 = s1.

14:39:35 = s2.

14:39:37 = find user name
14:39:37 = Start show animate
14:39:38 = Shell Excutute VerifyHost
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:55 = begin close Process
14:39:55 = Terminate Process
14:39:56 = end close Process
14:39:56 = DLL_PROCESS_DETACH

14:41:18 = Process Attach
14:41:18 = end process attach

14:41:18 = ***** NULL == SampleProvider *****

14:41:18 = hWnd = 0x000202d2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:41:18 = hWnd = 0x000302d0; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:41:18 = hWnd = 0x00020322; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00020326; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x0002031e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00030316; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=127, width=466, height=378
14:41:18 = hWnd = 0x000202d8; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=19a, y=164, width=546, height=363
14:41:18 = hWnd = 0x000202d4; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:41:18 = hWnd = 0x000202de; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:41:18 = hWnd = 0x0003013e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:41:18 = hWnd = 0x000202dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x000202d6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00030300; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00060372; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = Need to re-create objects.

14:41:18 = s1.

14:41:18 = s2.

14:41:19 = find user name
14:41:19 = Start show animate
14:41:20 = Shell Excutute VerifyHost
14:41:20 = find user name
14:41:22 = find user name
14:41:22 = begin close Process
14:41:22 = Terminate Process
14:41:23 = end close Process
14:41:23 = DLL_PROCESS_DETACH

14:41:30 = Process Attach
14:41:30 = end process attach

14:41:30 = ***** NULL == SampleProvider *****

14:41:30 = ##### Begin waiting Mutex to release process #####

14:41:30 = hWnd = 0x000402c8; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:41:30 = hWnd = 0x000302ec; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:41:30 = hWnd = 0x0004013e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:41:30 = hWnd = 0x000402de; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:41:30 = hWnd = 0x00030344; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x0004031a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x0003033c; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302cc; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:41:30 = hWnd = 0x00040326; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:41:30 = hWnd = 0x000700e0; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:41:30 = hWnd = 0x00050324; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302ca; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302b2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000602ee; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = Need to re-create objects.

14:41:30 = s1.

14:41:30 = s2.

14:41:30 = find user name
14:41:30 = Start show animate
14:41:32 = Shell Excutute VerifyHost
14:41:32 = find user name
14:41:33 = begin close Process
14:41:33 = Terminate Process
14:41:34 = end close Process
14:41:34 = DLL_PROCESS_DETACH

15:45:40 = Process Attach
15:45:40 = end process attach

15:45:40 = ***** NULL == SampleProvider *****

15:45:40 = ##### Begin waiting Mutex to release process #####

15:45:40 = hWnd = 0x00030498; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
15:45:40 = hWnd = 0x00050450; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
15:45:40 = hWnd = 0x0002042c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
15:45:40 = hWnd = 0x000b027c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
15:45:40 = Need to re-create objects.

15:45:40 = s1.

15:45:40 = s2.

15:45:41 = find user name
15:45:41 = Start show animate
15:45:42 = Is Black Sceen wait
15:45:42 = black wait1
15:45:44 = Is Black Sceen wait
15:45:44 = black wait2
15:45:45 = Is Black Sceen wait
15:45:45 = black wait3
15:45:47 = Shell Excutute VerifyHost
15:45:47 = find user name
15:45:47 = find user name
15:45:47 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
17:25:38 = Bypass the object creation.

17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:43 = begin close Process
17:25:43 = Terminate Process
17:25:44 = end close Process
17:25:44 = DLL_PROCESS_DETACH

17:29:51 = Process Attach
17:29:51 = end process attach

17:29:51 = ##### Begin waiting Mutex to release process #####

17:29:51 = ***** NULL == SampleProvider *****

17:29:51 = hWnd = 0x0003053c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
17:29:51 = hWnd = 0x00030528; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
17:29:51 = hWnd = 0x000304e2; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x00030522; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0002054e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003054a; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
17:29:51 = hWnd = 0x0003053a; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
17:29:51 = hWnd = 0x00040520; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
17:29:51 = hWnd = 0x00030546; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
17:29:51 = hWnd = 0x00060496; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
17:29:51 = hWnd = 0x00030542; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x00030538; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003053e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003052a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = Need to re-create objects.

17:29:51 = s1.

17:29:51 = s2.

17:29:51 = find user name
17:29:51 = Start show animate
17:29:53 = Shell Excutute VerifyHost
17:29:53 = find user name
17:29:54 = begin close Process
17:29:54 = Terminate Process
17:29:55 = end close Process
17:29:55 = DLL_PROCESS_DETACH

18:3:25 = Process Attach
18:3:25 = end process attach

18:3:25 = ***** NULL == SampleProvider *****

18:3:25 = hWnd = 0x001302d4; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:3:25 = hWnd = 0x000602dc; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:3:25 = hWnd = 0x0008030e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x00050320; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1c6, y=158, width=466, height=378
18:3:25 = hWnd = 0x000a03b2; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=1e7, y=276, width=416, height=201
18:3:25 = hWnd = 0x000902d6; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:3:25 = hWnd = 0x00060342; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:3:25 = hWnd = 0x0006033e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:3:25 = hWnd = 0x00060390; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x000a02d2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x000b02c0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x00070322; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = Need to re-create objects.

18:3:25 = s1.

18:3:25 = s2.

18:3:25 = find user name
18:3:25 = Start show animate
18:3:26 = Shell Excutute VerifyHost
18:3:30 = begin close Process
18:3:30 = Terminate Process
18:3:31 = end close Process
18:3:31 = DLL_PROCESS_DETACH

18:3:58 = Process Attach
18:3:58 = end process attach

18:3:58 = ##### Begin waiting Mutex to release process #####

18:3:58 = hWnd = 0x00070538; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:3:58 = hWnd = 0x000802dc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:3:58 = hWnd = 0x00090316; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x000902c6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x001502d4; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x000802da; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = Need to re-create objects.

18:3:58 = s1.

18:3:58 = s2.

18:3:58 = find user name
18:3:58 = Start show animate
18:4:0 = Shell Excutute VerifyHost
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = begin close Process
18:4:0 = Terminate Process
18:4:1 = end close Process
18:4:1 = DLL_PROCESS_DETACH
         
__________________

Alt 15.11.2015, 18:26   #19
nora.s
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b75d2d59c3df484a8ddc2bb9b66f8c76
# end=init
# utc_time=2015-11-15 01:41:51
# local_time=2015-11-15 02:41:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26734
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=b75d2d59c3df484a8ddc2bb9b66f8c76
# end=updated
# utc_time=2015-11-15 01:44:45
# local_time=2015-11-15 02:44:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b75d2d59c3df484a8ddc2bb9b66f8c76
# engine=26734
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-11-15 05:00:05
# local_time=2015-11-15 06:00:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 16138546 118900427 0 0
# scanned=216325
# found=194
# cleaned=0
# scan_time=11719
sh=E262DCB663133609DD976740F886911FD404FEE1 ft=1 fh=a04ae9518bd8f7b0 vn="Win64/Toolbar.Conduit.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll.vir"
sh=E7E22E069654E96CE83A7BA14826DB9E48FE4CEC ft=1 fh=3873ea48b069cf5e vn="Win32/Toolbar.Conduit.AK evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll.vir"
sh=CCED9635A96A9FF586CDA03341A195E3563F1816 ft=1 fh=5fee560ec51f2e7b vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQ-Video-Profession-1.3\Uninstall.exe.vir"
sh=84D88BC618D3ED9F3071C1285CFEB81756A7DF11 ft=1 fh=72d006dbb95d55bd vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MediaPlayerEnhance\Uninstall.exe.vir"
sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir"
sh=87CE4C851AB95A41CE5CAB57300AA5E2913272C7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\xhr.js.vir"
sh=F9709950DC71343BD5C33FA36E7E22E527609C93 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102_dealply_m.js.vir"
sh=01D69135EE92DAC22B8061E1BDD909E2C88CEA69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=3C02C1198777BE5BA10D93C67F6CD34557EC171B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=A23A6416D40CB6EBCEEC06D43DD6DDC09BD8E066 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=1F6B9CD423C9C689D5D398B846CCDACFB33B568E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=D88BC1DC06D849820DF1C3783159BE2E5424E5F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=AF4A89350A672268D320B32859AFCD17170BB977 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=C1EB6A69219A2338DF815E20D227C1BBA07AC67D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=080E5E5C347490C5936B8ABEF9FA7CEB5AD28E22 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\211_revizer_ws_dynamic_b2b_light_m.js.vir"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\21_debug.js.vir"
sh=49045AFF4B791A0C85C789ECFA9C91904A1297E4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\220_icm_base_m.js.vir"
sh=40FDDFD7B9412D5BDAC1D0E2440E655C7A8FC33E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\226_set_campaign_id_m.js.vir"
sh=0E3E976A397422B55CAC2E8F3F1AFEFB5044F4CB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js.vir"
sh=D93B8416BAAD22FE24D8CD082468986BECDBCC03 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\242_price_gong_m.js.vir"
sh=FD07E13CB435AA4328D85C2C272EC291679C0940 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\246_setup.js.vir"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\28_initializer.js.vir"
sh=D0C91B4ACE84473BFACA534FF1542F34C843F213 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\47_resources_background.js.vir"
sh=BDCFA8379825B1BC17A13BDF73B7384DE46E7C3B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=A944448CDA1CE5AA918107104D3B42C171DC810C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=3D1C513C1AF6190E264097710C145E9D6A3A4060 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=954331290B6C48813BEDEFECAC563EFF7C806002 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\xhr.js.vir"
sh=F9709950DC71343BD5C33FA36E7E22E527609C93 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\102_dealply_m.js.vir"
sh=01D69135EE92DAC22B8061E1BDD909E2C88CEA69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=3C02C1198777BE5BA10D93C67F6CD34557EC171B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=2C5C97A4EDD53CE4333EEF27A9DB5FA4400143C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=22BD87991B5507F18DF5B51B9650946541B67C6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=0DF5B53F31A1EBEBBBC42168DCB3C2190F1B7D62 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=A57430022E6623D30ACFDFB82F013060C324FCD4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=F8FCF109D3E526F0B98BDB2BD01174AF9A902A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=2871C7281499607657F7CD4EE3D2F99F9DEC9A4C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=D88BC1DC06D849820DF1C3783159BE2E5424E5F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=AF4A89350A672268D320B32859AFCD17170BB977 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=C1EB6A69219A2338DF815E20D227C1BBA07AC67D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\21_debug.js.vir"
sh=49045AFF4B791A0C85C789ECFA9C91904A1297E4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\220_icm_base_m.js.vir"
sh=82CF3E1378FCB28417B1652D9F27AAD6DB128AF3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\221_icm_downloads_m.js.vir"
sh=B6DC2CB64CD0031FC35CFE317013F77A5FDCCA90 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\223_imonomy_m.js.vir"
sh=CDD822AC5D369DB85D02E74F74D964BD7243C5F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\226_set_campaign_id_m.js.vir"
sh=4649E23E28ABB2E1A073CB68F9F4E6DE40F4D5F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\232_revizer_p_dynamic_2_m.js.vir"
sh=B8DCC1355AF30C027794D10BC8FD83670866BA2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\242_price_gong_m.js.vir"
sh=096360E528F6964EAA30051DDE841A0C8E63849B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\246_setup.js.vir"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\28_initializer.js.vir"
sh=D0C91B4ACE84473BFACA534FF1542F34C843F213 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\47_resources_background.js.vir"
sh=BDCFA8379825B1BC17A13BDF73B7384DE46E7C3B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=A944448CDA1CE5AA918107104D3B42C171DC810C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=3D1C513C1AF6190E264097710C145E9D6A3A4060 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=7E476CBC20B540F11239EC2A5C617FF221BF52CC ft=1 fh=80c7b6f3be1d69d2 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\Extensions\64ffxtbr@TelevisionFanatic.com\plugins\FF-NativeMessagingDispatcher.dll.vir"
sh=3B0392ADB64821DAD5347AA89CA7ADA85D4AD5C9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.2.zip.vir"
sh=65DBF1D094F3C63AD12C8F034D8D132A962FA46E ft=1 fh=073c304ffb9fa3a8 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe.vir"
sh=A2D473E09F7C019315030A2124DCED3B90CB4F87 ft=1 fh=37fc42c7c433ae0f vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=696BBC67FDCC9EC26CB95C2DDADC0F636541320A ft=1 fh=6b009b9250ad1e65 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DCR.dll.vir"
sh=9E2C3D7CDEDE2543CC0F7960D9837D1B6D2BE75F ft=1 fh=7a481a0f621bd9cc vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe.vir"
sh=E54955407B312B936C2873446E59355F0EA5CA73 ft=1 fh=d287fe18b11aa882 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe.vir"
sh=4CA3AC424922EB725D3366835CEDEC4CDC4C9A7C ft=1 fh=9b99a692c8d56cf1 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Device.dll.vir"
sh=77FF724EA6530E24FBD9EA8C2D59B1B291796874 ft=1 fh=d2ee2046d07ae837 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe.vir"
sh=1A8B4BA11E613DE010E51F03D89B513527846AA4 ft=1 fh=95b4c8bc1ea46e9e vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x86.exe.vir"
sh=8EE77C3EA732059837B316BEEE37A0809CD68F0B ft=1 fh=77f6a6fe09a20461 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe.vir"
sh=F62E24423D06DDAF273DFFBA831C25EBC13B82EE ft=1 fh=9b120be6f077dc20 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe.vir"
sh=084D52BAC823AF36668193C643454F2F03752552 ft=1 fh=3670662d05fa4882 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MgAssist.exe.vir"
sh=02D365A799FDCBF8C8A507FCFC69946B402FEA53 ft=1 fh=92f3782890b0d44b vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe.vir"
sh=5454230820B9172472548B91677FA99352A16A35 ft=1 fh=83c1a584ac14f3e4 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=5BC0BBC3AC54D016E4C7878598350F9BE2A134F9 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=04DF5DA720E5E531F57BD14454EAF99E750D8BED ft=1 fh=f3c242e732b4b342 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=8C6F55634ADBCA6FAA8101C1B2FB024B4855499D ft=1 fh=2876557c9c75ac21 vn="Variante von Win32/Adware.Mobogenie.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe.vir"
sh=87CE4C851AB95A41CE5CAB57300AA5E2913272C7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\xhr.js.vir"
sh=9EFDE89A61BAAA7D5D5D4B08214BE3D2EE505248 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102_dealply_m.js.vir"
sh=57F445259F179510FE1EACAAD27A82E87305756C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=30630D311A124BA372D209C02247D8A4238E3610 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=DD6FCCEDC3FD751B163389DB9F1C3BC91CFDADC0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=84CA9AA694BCAE4779C18F493E7083124A3126C5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=D9DF0722882055C5C11AFD602D505B2E7EA9AFC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=9E450F6FAC72A5A25FD4EDECE0CF5D3885230235 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=39D85F60370A7E5065A9BDC9D83216476D768A60 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\21_debug.js.vir"
sh=DE138BFD2293B4197712198C41377CE6A89E6200 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js.vir"
sh=E0F8250FB3FFBCB394862C11971C43A7B3B6BD17 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=2C1383206E28E330BBC4DAA4BD9C8D7F942B2AE4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=954331290B6C48813BEDEFECAC563EFF7C806002 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\xhr.js.vir"
sh=911D715A45EB01135064E312F2DA7D76CEDF6746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\102_dealply_m.js.vir"
sh=7FB2B410D7A3C932D5B739BEAEFD74BBBB94FE44 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=E934EE3FC237791859497C7F8AAA6F8C256346B4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0DE16E47E0B42A63F7F0DF9BBA6594069FE73EA2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=2AB513C899C8CE89EADAEA73603AE1287BB402BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=DD6FCCEDC3FD751B163389DB9F1C3BC91CFDADC0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=0DF5B53F31A1EBEBBBC42168DCB3C2190F1B7D62 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=A57430022E6623D30ACFDFB82F013060C324FCD4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=F8FCF109D3E526F0B98BDB2BD01174AF9A902A8C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=211F78C0A16338FBA3CE14136AA745B8631C597A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=06107E2CB2818761C26753E71FE096DFDE882F3F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=5E6DA81E252435703C45D89C99D05227F3388CAC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=8C66C849E2B66D44E4FCCDB719301AEE905D55DB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\21_debug.js.vir"
sh=B5550E48B8BB427EB378D645149E299D5102B262 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\220_icm_base_m.js.vir"
sh=C5AE3C95C6683373E987FE389219569F01C8FBB5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\221_icm_downloads_m.js.vir"
sh=B6DC2CB64CD0031FC35CFE317013F77A5FDCCA90 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\223_imonomy_m.js.vir"
sh=B8DCC1355AF30C027794D10BC8FD83670866BA2A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\242_price_gong_m.js.vir"
sh=096360E528F6964EAA30051DDE841A0C8E63849B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\246_setup.js.vir"
sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\28_initializer.js.vir"
sh=2EBC101982648313FFE20510A6C6754410F9D89B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\47_resources_background.js.vir"
sh=148CA44D7C0A3E2F5E2A3D38EFC5D999D2701A84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=202C1899F9B92EF86E40333C701C620BB16CE1F2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=4590C71E92C3067BEE6D3C17C915C49A90151A01 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=B71B34CA7E24EA96B507598C9BCB8F10A4BEB9C8 ft=1 fh=d252c90d8aa94121 vn="Variante von Win32/VOPackage.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Notebook\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=87CE4C851AB95A41CE5CAB57300AA5E2913272C7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\xhr.js.vir"
sh=F9709950DC71343BD5C33FA36E7E22E527609C93 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102_dealply_m.js.vir"
sh=01D69135EE92DAC22B8061E1BDD909E2C88CEA69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=3C02C1198777BE5BA10D93C67F6CD34557EC171B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=32C8CBB62AD3975B8330D63C5FD4B1F2B4328F63 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=9FFB696D07A9CF2E00AF98D436CB043D4B1988B5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=D88BC1DC06D849820DF1C3783159BE2E5424E5F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=AF4A89350A672268D320B32859AFCD17170BB977 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=C1EB6A69219A2338DF815E20D227C1BBA07AC67D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=3E7E2E38627C3567488363D1F658A7F23259CC80 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\211_revizer_ws_dynamic_b2b_light_m.js.vir"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\21_debug.js.vir"
sh=49045AFF4B791A0C85C789ECFA9C91904A1297E4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\220_icm_base_m.js.vir"
sh=40FDDFD7B9412D5BDAC1D0E2440E655C7A8FC33E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\226_set_campaign_id_m.js.vir"
sh=4660A1966307DD0EA8F91FB8E845DE17C42C3ADA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js.vir"
sh=2784746F1B5974CCF87AAA4E2827D3417099BCDB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js.vir"
sh=D93B8416BAAD22FE24D8CD082468986BECDBCC03 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\242_price_gong_m.js.vir"
sh=FD07E13CB435AA4328D85C2C272EC291679C0940 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\246_setup.js.vir"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\28_initializer.js.vir"
sh=D0C91B4ACE84473BFACA534FF1542F34C843F213 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\47_resources_background.js.vir"
sh=BDCFA8379825B1BC17A13BDF73B7384DE46E7C3B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=A944448CDA1CE5AA918107104D3B42C171DC810C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=3D1C513C1AF6190E264097710C145E9D6A3A4060 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=954331290B6C48813BEDEFECAC563EFF7C806002 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\chrome\content\core\xhr.js.vir"
sh=F9709950DC71343BD5C33FA36E7E22E527609C93 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\102_dealply_m.js.vir"
sh=01D69135EE92DAC22B8061E1BDD909E2C88CEA69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=3C02C1198777BE5BA10D93C67F6CD34557EC171B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=2C5C97A4EDD53CE4333EEF27A9DB5FA4400143C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=22BD87991B5507F18DF5B51B9650946541B67C6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\14_CrossriderUtils.js.vir"
sh=F2E2857032DA39E7AFC7C88C2F821892B24CB356 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=8553AF9879AAA88E75213647561CE17BFE811201 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=08588E3F12EF6CBFECEF803A5B9305227E2CDA47 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=D4AA12D5B3D4840135960BFF4F898E7F3F7CD735 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=D88BC1DC06D849820DF1C3783159BE2E5424E5F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\190_pops_5_m.js.vir"
sh=AF4A89350A672268D320B32859AFCD17170BB977 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\191_ciuvo_m.js.vir"
sh=C1EB6A69219A2338DF815E20D227C1BBA07AC67D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\21_debug.js.vir"
sh=49045AFF4B791A0C85C789ECFA9C91904A1297E4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\220_icm_base_m.js.vir"
sh=82CF3E1378FCB28417B1652D9F27AAD6DB128AF3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\221_icm_downloads_m.js.vir"
sh=D69389DD5BACEE18D79EB06C4CEB331FE47FDE17 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\223_imonomy_m.js.vir"
sh=D93B8416BAAD22FE24D8CD082468986BECDBCC03 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\242_price_gong_m.js.vir"
sh=FD07E13CB435AA4328D85C2C272EC291679C0940 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\246_setup.js.vir"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\28_initializer.js.vir"
sh=D0C91B4ACE84473BFACA534FF1542F34C843F213 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\47_resources_background.js.vir"
sh=BDCFA8379825B1BC17A13BDF73B7384DE46E7C3B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\64_appApiMessage.js.vir"
sh=A944448CDA1CE5AA918107104D3B42C171DC810C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=3D1C513C1AF6190E264097710C145E9D6A3A4060 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=7E476CBC20B540F11239EC2A5C617FF221BF52CC ft=1 fh=80c7b6f3be1d69d2 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\xfnq8589.default\Extensions\64ffxtbr@TelevisionFanatic.com\plugins\FF-NativeMessagingDispatcher.dll.vir"
sh=BA39F8C9886EF4AABD72262B192DB8A177C7E206 ft=1 fh=078180abaf06d010 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\windows\System32\roboot64.exe.vir"
sh=784BBF10F11D28C7FB53EB20625A029CB74869B5 ft=1 fh=be0ca9fdc8c6a53a vn="Variante von Win32/Bundlore.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nora\Desktop\Downloads\setup(4).exe"
sh=705F7674C554A2BDA26E88C6776C54FDBF379002 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PUA7UQY\icm_convertmedia_m[1].js"
sh=D767D39DA00E1507AB72DF2BBF0DF984E5F67F87 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PUA7UQY\icm_downloads_m[1].js"
sh=A03BE69557ACE9F739D7DF72BC9F39126C50AF12 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PUA7UQY\monetizationLoader[1].js"
sh=09E41DAB84A351A234F471879A1C5FC682957ABA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PUA7UQY\revizer_p_dynamic_m[1].js"
sh=57F74C3FAF6723290F6FA3341542A17948A76BCD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PUA7UQY\revizer_ws_dynamic_m[1].js"
sh=BFD0F29067CAE71544784708FE5554D6518AD6AD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PUA7UQY\superfish_no_coupons_m[1].js"
sh=B683C210045A4133B80E4ECC0C23BC3196B66514 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9443JU77\bpo_serp_m[1].js"
sh=C403B988AF2EFC2B9DD070F5C5A3070244B7DEE2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9443JU77\dealply_m[1].js"
sh=115081E9037F5D63F69BC5CA19ECC1ACC8F61896 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9443JU77\imonomy_m[1].js"
sh=066D67D3C0F4110A52C2843171BCB750FA7A6E6B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9443JU77\intext_5_m[1].js"
sh=B4853CCBF4F400FB3A12155815CFFD0D74C8EEAC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9443JU77\noproblemppc_m[1].js"
sh=B531261EF0F4945E9E5B2642CB63C74D404DF63C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9443JU77\noproblemppc_ppi_m[1].js"
sh=B8B5897BC3983B6CE75447868BDAE3EB1441E61C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCSC3WG5\ibario_pops_m[1].js"
sh=9832E303AF1F020C6DD37DB8D8E7A0FF40979142 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCSC3WG5\intext_adv_m[1].js"
sh=431AC6F8406F059B0E9126386C40A2EE543E5EC3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCSC3WG5\resources_background[1].js"
sh=089CC10FABD94FCFF67B2C2A2A0FE6437CC67E5C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWZ8QB6R\appApiMessage[1].js"
sh=BD99029E3E064DE3BDC009BED86CE5F9F6556130 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWZ8QB6R\ciuvo_m[1].js"
sh=FF68239BA1F9AFA35E039DEB47E536BF1DA6217B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWZ8QB6R\CrossriderUtils[1].js"
sh=BA13B61D2A823E7CBBDC85CD5CE511946BC86E65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWZ8QB6R\debug[1].js"
sh=4666A52D4EEF9AD0B5BEF9DFF1A9163C17D03398 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWZ8QB6R\initializer[1].js"
sh=CC9B5D471D8C379CBAA0E63FE16033287F90F82D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWZ8QB6R\jollywallet_m[1].js"
sh=8C65267C1AADD4AB670D6D979C4A686D16A86869 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GWZ8QB6R\similar_web_m[1].js"
sh=202C1899F9B92EF86E40333C701C620BB16CE1F2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Mozilla\Firefox\Profiles\kr5q6a4y.default\Cache.Trash30735\0\65\96228d01"
sh=B5550E48B8BB427EB378D645149E299D5102B262 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Local\Mozilla\Firefox\Profiles\kr5q6a4y.default\Cache.Trash30735\8\8C\4FEA3d01"
sh=3BC89FB51E2295B5D2757976B5F376F3A2ADA833 ft=1 fh=34db28551978ddd0 vn="Variante von MSIL/Rebrand.LittleRegClean.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Roaming\ShieldApps\PC Speed Repair 2.4.7\install\6387ED6\Helper.dll"
sh=3AFA859F03A613886C791F93CBEA94180BE0B1EE ft=1 fh=afc315597b9244c5 vn="Variante von MSIL/Rebrand.LittleRegClean.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Roaming\ShieldApps\PC Speed Repair 2.4.7\install\6387ED6\PCSpeedRepair.exe"
sh=D395DCBDDD8EF4E896E937766BA29DC64F4A0238 ft=1 fh=b15955de4672c120 vn="Variante von MSIL/Rebrand.LittleRegClean.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Notebook\AppData\Roaming\ShieldApps\PC Speed Repair 2.4.7\install\6387ED6\Uninst000.CA.dll"
         

Alt 15.11.2015, 18:29   #20
nora.s
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Code:
ATTFilter
18:11:32 = Process Attach
18:11:32 = end process attach

18:11:32 = ***** NULL == SampleProvider *****

18:11:32 = hWnd = 0x0003032e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
18:11:32 = hWnd = 0x000403a0; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:32 = hWnd = 0x000403aa; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:32 = hWnd = 0x000403ea; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
18:11:32 = hWnd = 0x000403a4; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:32 = hWnd = 0x00050324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:32 = hWnd = 0x00030328; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:32 = hWnd = 0x000203d2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000602ca; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000a0396; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000403a8; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x0003032a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = Need to re-create objects.

18:11:32 = s1.

18:11:32 = s2.

18:11:32 = find user name
18:11:32 = Start show animate
18:11:33 = Shell Excutute VerifyHost
18:11:33 = find user name
18:11:33 = find user name
18:11:33 = find user name
18:11:33 = begin close Process
18:11:33 = Terminate Process
18:11:34 = end close Process
18:11:34 = DLL_PROCESS_DETACH

18:11:43 = Process Attach
18:11:43 = end process attach

18:11:43 = ##### Begin waiting Mutex to release process #####

18:11:43 = ***** NULL == SampleProvider *****

18:11:43 = hWnd = 0x0004032c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:43 = hWnd = 0x0004032a; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:43 = hWnd = 0x00040364; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x0004036c; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000503e4; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000603a6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:11:43 = hWnd = 0x000503a0; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:11:43 = hWnd = 0x000503aa; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:43 = hWnd = 0x000503a4; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:43 = hWnd = 0x000403dc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:43 = hWnd = 0x000503a8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000403ec; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000b0396; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000603ac; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = Need to re-create objects.

18:11:43 = s1.

18:11:43 = s2.

18:11:43 = find user name
18:11:43 = Start show animate
18:11:45 = Shell Excutute VerifyHost
18:11:45 = find user name
18:11:46 = find user name
18:11:47 = begin close Process
18:11:47 = Terminate Process
18:11:48 = end close Process
18:11:48 = DLL_PROCESS_DETACH

18:11:51 = Process Attach
18:11:51 = end process attach

18:11:51 = ***** NULL == SampleProvider *****

18:11:51 = hWnd = 0x000503ee; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:51 = hWnd = 0x000d0396; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:51 = hWnd = 0x000603a8; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:11:51 = hWnd = 0x00050328; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:11:51 = hWnd = 0x000403fa; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000403da; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000503dc; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:51 = hWnd = 0x0005032c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:51 = hWnd = 0x0007036c; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:51 = hWnd = 0x000703e0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000703ac; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000503ec; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000c0324; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = Need to re-create objects.

18:11:51 = s1.

18:11:51 = s2.

18:11:51 = find user name
18:11:51 = Start show animate
18:11:52 = Shell Excutute VerifyHost
18:11:52 = find user name
18:11:53 = begin close Process
18:11:53 = Terminate Process
18:11:54 = end close Process
18:11:54 = DLL_PROCESS_DETACH

18:17:39 = Process Attach
18:17:39 = end process attach

18:17:39 = ##### Begin waiting Mutex to release process #####

18:17:39 = ***** NULL == SampleProvider *****

18:17:39 = hWnd = 0x00d103fa; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:17:39 = hWnd = 0x000902f6; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:17:39 = hWnd = 0x00060326; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000a0388; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000603b4; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x0004017e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=4, y=271, width=466, height=378
18:17:39 = hWnd = 0x00060312; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=252, width=491, height=476
18:17:39 = hWnd = 0x00090322; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:17:39 = hWnd = 0x00040176; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:17:39 = hWnd = 0x000502e2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:17:39 = hWnd = 0x000502d8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000602e8; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000502e6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x00090320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = Need to re-create objects.

18:17:39 = s1.

18:17:39 = s2.

18:17:39 = find user name
18:17:39 = Start show animate
18:17:40 = Shell Excutute VerifyHost
18:17:40 = find user name
18:17:42 = find user name
18:17:42 = begin close Process
18:17:42 = Terminate Process
18:17:43 = end close Process
18:17:43 = DLL_PROCESS_DETACH

18:18:45 = Process Attach
18:18:45 = end process attach

18:18:45 = ***** NULL == SampleProvider *****

18:18:45 = hWnd = 0x000702e2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:18:45 = hWnd = 0x000d033c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:18:45 = hWnd = 0x00080312; ClassName: #32770; Title: Benutzerkontensteuerung.
x=23f, y=245, width=216, height=238
18:18:45 = hWnd = 0x000b02f6; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:18:45 = hWnd = 0x000b0320; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:18:45 = hWnd = 0x00100324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:18:45 = hWnd = 0x0007026e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:18:45 = hWnd = 0x000b0322; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x000702ea; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x000b036c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x00090326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = Need to re-create objects.

18:18:45 = s1.

18:18:45 = s2.

18:18:45 = find user name
18:18:45 = Start show animate
18:18:46 = Shell Excutute VerifyHost
18:18:46 = find user name
18:18:47 = find user name
18:18:47 = begin close Process
18:18:47 = Terminate Process
18:18:48 = end close Process
18:18:48 = DLL_PROCESS_DETACH

18:18:51 = Process Attach
18:18:51 = end process attach

18:18:51 = ***** NULL == SampleProvider *****

18:18:51 = hWnd = 0x000f0388; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:18:51 = hWnd = 0x000d036c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:18:51 = hWnd = 0x000c02f6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:18:51 = hWnd = 0x000902e6; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:18:51 = hWnd = 0x0008026e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:18:51 = hWnd = 0x000802e2; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:18:51 = hWnd = 0x000802d6; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:18:51 = hWnd = 0x000802f0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x000c0320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x00100380; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x000a0326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x00100344; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = Need to re-create objects.

18:18:51 = s1.

18:18:51 = s2.

18:18:51 = find user name
18:18:51 = Start show animate
18:18:53 = Shell Excutute VerifyHost
18:18:53 = begin close Process
18:18:53 = Terminate Process
18:18:54 = end close Process
18:18:54 = DLL_PROCESS_DETACH

18:22:14 = Process Attach
18:22:14 = end process attach

18:22:14 = ##### Begin waiting Mutex to release process #####

18:22:14 = ***** NULL == SampleProvider *****

18:22:14 = hWnd = 0x0015035c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:22:14 = hWnd = 0x001c036c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:22:14 = hWnd = 0x000401f4; ClassName: #32770; Title: Benutzerkontensteuerung.
x=23b, y=195, width=466, height=399
18:22:14 = hWnd = 0x000a03bc; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=1a2, y=180, width=788, height=489
18:22:14 = hWnd = 0x00070352; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x00040254; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000b0336; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:22:14 = hWnd = 0x000a0338; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:22:14 = hWnd = 0x001d02e2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:22:14 = hWnd = 0x00040160; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x00100350; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000401ae; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000f0176; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = Need to re-create objects.

18:22:14 = s1.

18:22:14 = s2.

18:22:14 = find user name
18:22:14 = Start show animate
18:22:16 = Shell Excutute VerifyHost
18:22:16 = find user name
18:22:16 = begin close Process
18:22:16 = Terminate Process
18:22:17 = end close Process
18:22:17 = DLL_PROCESS_DETACH

18:38:19 = Process Attach
18:38:19 = end process attach

18:38:19 = ***** NULL == SampleProvider *****

18:38:19 = ##### Begin waiting Mutex to release process #####

18:38:19 = hWnd = 0x00150354; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:38:19 = hWnd = 0x000f03f8; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:38:19 = hWnd = 0x0006025e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:38:19 = hWnd = 0x00100394; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:38:21 = Process Attach
18:38:21 = ## ERR ## Setevent

18:38:21 = ***** NULL == SampleProvider *****

18:38:21 = begin close Process
18:38:21 = end close Process
18:38:21 = ##### Get event and release process end #####

18:38:21 = hWnd = 0x0062009e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
18:38:21 = hWnd = 0x00160084; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:38:21 = hWnd = 0x00030044; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:38:21 = hWnd = 0x001b007c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:39:14 = Process Attach
18:39:14 = end process attach

18:39:14 = ***** NULL == SampleProvider *****

18:39:14 = ##### Begin waiting Mutex to release process #####

18:39:14 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:39:14 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:39:14 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:39:14 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:39:23 = Need to re-create objects.

18:39:23 = s1.

18:39:23 = s2.

18:39:23 = find user name
18:39:23 = Start show animate
18:39:25 = Shell Excutute VerifyHost
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:30 = find user name
18:39:30 = find user name
18:39:30 = find user name
18:39:41 = begin close Process
18:39:41 = Terminate Process
18:39:42 = end close Process
18:39:42 = DLL_PROCESS_DETACH

18:40:44 = Process Attach
18:40:44 = end process attach

18:40:44 = ##### Begin waiting Mutex to release process #####

18:40:44 = ***** NULL == SampleProvider *****

18:40:44 = hWnd = 0x000302d6; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:40:44 = hWnd = 0x000202da; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:40:44 = hWnd = 0x000103a2; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
18:40:44 = hWnd = 0x0002039a; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
18:40:44 = hWnd = 0x000103c2; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000103c6; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x00040394; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:40:44 = hWnd = 0x0001039e; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:40:44 = hWnd = 0x000602d2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:40:44 = hWnd = 0x0001039c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x00020398; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000103a0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000502ce; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = Need to re-create objects.

18:40:44 = s1.

18:40:44 = s2.

18:40:44 = find user name
18:40:44 = Start show animate
18:40:45 = Shell Excutute VerifyHost
18:40:45 = find user name
18:40:46 = begin close Process
18:40:46 = Terminate Process
18:40:47 = end close Process
18:40:47 = DLL_PROCESS_DETACH

18:59:2 = Process Attach
18:59:2 = end process attach

18:59:2 = ***** NULL == SampleProvider *****

18:59:2 = hWnd = 0x000403ba; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:59:2 = hWnd = 0x000a039c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:59:2 = hWnd = 0x000403b0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:59:2 = hWnd = 0x000403bc; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:59:6 = Process Attach
18:59:6 = ## ERR ## Setevent

18:59:6 = ##### Get event and release process #####

18:59:6 = begin close Process
18:59:6 = end close Process
18:59:6 = ##### Get event and release process end #####

18:59:49 = Process Attach
18:59:49 = end process attach

18:59:49 = ***** NULL == SampleProvider *****

18:59:49 = ##### Begin waiting Mutex to release process #####

18:59:49 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:59:49 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:59:49 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:59:49 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:59:56 = Need to re-create objects.

18:59:56 = s1.

18:59:56 = s2.

18:59:56 = find user name
18:59:56 = Start show animate
18:59:58 = Shell Excutute VerifyHost
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
19:0:1 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:3 = find user name
19:0:3 = find user name
19:0:3 = find user name
21:37:14 = Process Attach
21:37:14 = end process attach

21:37:14 = ##### Begin waiting Mutex to release process #####

21:37:14 = hWnd = 0x0008034c; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:37:14 = hWnd = 0x000602c6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x00020352; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x0002032e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x0005036a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = Need to re-create objects.

21:37:14 = s1.

21:37:14 = s2.

21:37:14 = find user name
21:37:14 = Start show animate
21:37:16 = Shell Excutute VerifyHost
21:37:16 = begin close Process
21:37:16 = Terminate Process
21:37:17 = end close Process
21:37:17 = DLL_PROCESS_DETACH

21:37:28 = Process Attach
21:37:28 = end process attach

21:37:28 = ##### Begin waiting Mutex to release process #####

21:37:28 = ***** NULL == SampleProvider *****

21:37:28 = hWnd = 0x0006036a; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
21:37:28 = hWnd = 0x0009034c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
21:37:28 = hWnd = 0x0003038e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030378; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030374; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x000702c6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
21:37:28 = hWnd = 0x0009035c; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
21:37:28 = hWnd = 0x00080392; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
21:37:28 = hWnd = 0x0003033c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
21:37:28 = hWnd = 0x0005032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:37:28 = hWnd = 0x00030346; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x000b03fe; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030352; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x0007039c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = Need to re-create objects.

21:37:28 = s1.

21:37:28 = s2.

21:37:28 = find user name
21:37:28 = Start show animate
21:37:29 = Shell Excutute VerifyHost
21:37:29 = find user name
21:37:34 = begin close Process
21:37:34 = Terminate Process
21:37:35 = end close Process
21:37:35 = DLL_PROCESS_DETACH

21:43:3 = Process Attach
21:43:3 = end process attach

21:43:3 = ***** NULL == SampleProvider *****

21:43:3 = hWnd = 0x00110378; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
21:43:3 = hWnd = 0x000603ae; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
21:43:3 = hWnd = 0x000403da; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = ##### Begin waiting Mutex to release process #####

21:43:3 = hWnd = 0x000603e0; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000502c8; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x00060154; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
21:43:3 = hWnd = 0x00080394; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
21:43:3 = hWnd = 0x000a0354; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
21:43:3 = hWnd = 0x0008036a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
21:43:3 = hWnd = 0x000502d2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:43:3 = hWnd = 0x000a0352; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000c032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000a0392; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x00070320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = Need to re-create objects.

21:43:3 = s1.

21:43:3 = s2.

21:43:3 = find user name
21:43:3 = Start show animate
21:43:4 = Shell Excutute VerifyHost
21:43:4 = find user name
21:43:5 = begin close Process
21:43:5 = Terminate Process
21:43:6 = end close Process
21:43:6 = DLL_PROCESS_DETACH

0:11:53 = Process Attach
0:11:53 = end process attach

0:11:53 = ##### Begin waiting Mutex to release process #####

0:11:53 = hWnd = 0x00110352; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
0:11:53 = hWnd = 0x000c02fe; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
0:11:53 = hWnd = 0x000902f8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
0:11:53 = hWnd = 0x000e033c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
0:11:56 = Process Attach
0:11:56 = ## ERR ## Setevent

0:11:56 = ##### Get event and release process #####

0:11:56 = begin close Process
0:11:56 = end close Process
0:11:56 = ##### Get event and release process end #####

0:11:56 = ***** NULL == SampleProvider *****

0:11:56 = hWnd = 0x00cf0072; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
0:11:56 = hWnd = 0x00cf005a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
0:11:56 = hWnd = 0x00030078; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
0:11:56 = hWnd = 0x00980038; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
9:11:39 = Process Attach
9:11:39 = end process attach

9:11:39 = ***** NULL == SampleProvider *****

9:11:39 = ##### Begin waiting Mutex to release process #####

9:11:39 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
9:11:39 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
9:11:39 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
9:11:39 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
9:11:39 = Need to re-create objects.

9:11:39 = s1.

9:11:39 = s2.

9:11:39 = find user name
9:11:39 = Start show animate
9:11:41 = Shell Excutute VerifyHost
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:11 = find user name
9:15:11 = find user name
9:15:11 = find user name
9:15:18 = begin close Process
9:15:18 = Terminate Process
9:15:19 = end close Process
9:15:19 = DLL_PROCESS_DETACH

12:31:1 = Process Attach
12:31:1 = end process attach

12:31:1 = ##### Begin waiting Mutex to release process #####

12:31:1 = hWnd = 0x0002041a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
12:31:1 = hWnd = 0x00040440; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
12:31:1 = hWnd = 0x000203c0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
12:31:1 = hWnd = 0x000803b0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
12:31:1 = Need to re-create objects.

12:31:1 = s1.

12:31:1 = s2.

12:31:1 = find user name
12:31:1 = Start show animate
12:31:3 = Is Black Sceen wait
12:31:3 = black wait1
12:31:4 = Is Black Sceen wait
12:31:4 = black wait2
12:31:6 = Is Black Sceen wait
12:31:6 = black wait3
12:37:11 = Shell Excutute VerifyHost
12:37:14 = find user name
12:37:14 = find user name
12:37:14 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:35 = begin close Process
12:37:35 = Terminate Process
12:37:36 = end close Process
12:37:36 = DLL_PROCESS_DETACH

13:26:50 = Process Attach
13:26:50 = end process attach

13:26:50 = ***** NULL == SampleProvider *****

13:26:50 = hWnd = 0x000b0434; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
13:26:50 = hWnd = 0x000a0472; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
13:26:50 = hWnd = 0x000b03f6; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00070490; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x000f0432; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x001003ec; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
13:26:50 = hWnd = 0x0004046c; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
13:26:50 = hWnd = 0x001003fa; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
13:26:50 = hWnd = 0x000a045a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
13:26:50 = hWnd = 0x000b033a; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
13:26:50 = hWnd = 0x002203d0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00100428; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x000f03bc; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00100476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = Need to re-create objects.

13:26:50 = s1.

13:26:50 = s2.

13:26:50 = find user name
13:26:50 = Start show animate
13:26:52 = Shell Excutute VerifyHost
13:26:52 = begin close Process
13:26:52 = end close Process
13:26:52 = DLL_PROCESS_DETACH

13:26:55 = Process Attach
13:26:55 = end process attach

13:26:55 = ***** NULL == SampleProvider *****

13:26:55 = hWnd = 0x000503a6; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
13:26:55 = ##### Begin waiting Mutex to release process #####

13:26:55 = hWnd = 0x000b0454; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
13:26:55 = hWnd = 0x00110428; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
13:26:55 = hWnd = 0x001103d8; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
13:26:55 = hWnd = 0x00110412; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x000e044e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x000c033a; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
13:26:55 = hWnd = 0x000c0434; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
13:26:55 = hWnd = 0x001203bc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
13:26:55 = hWnd = 0x000d03e4; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x00110476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x0005046c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x00080398; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = Need to re-create objects.

13:26:55 = s1.

13:26:55 = s2.

13:26:55 = find user name
13:26:55 = Start show animate
13:26:57 = Shell Excutute VerifyHost
13:26:57 = find user name
13:26:58 = begin close Process
13:26:58 = Terminate Process
13:26:59 = end close Process
13:26:59 = DLL_PROCESS_DETACH

14:11:3 = Process Attach
14:11:3 = end process attach

14:11:3 = ##### Begin waiting Mutex to release process #####

14:11:3 = ***** NULL == SampleProvider *****

14:11:3 = hWnd = 0x000703b2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:3 = hWnd = 0x0005031e; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:3 = hWnd = 0x000403a8; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:3 = hWnd = 0x000303ac; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:3 = hWnd = 0x001803a0; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x002d03ce; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x00030324; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:3 = hWnd = 0x00030310; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:3 = hWnd = 0x0003032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:3 = hWnd = 0x0006032c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x00030326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x0004035a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x0003031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = Need to re-create objects.

14:11:3 = s1.

14:11:3 = s2.

14:11:3 = find user name
14:11:3 = Start show animate
14:11:4 = Shell Excutute VerifyHost
14:11:4 = find user name
14:11:4 = find user name
14:11:5 = begin close Process
14:11:5 = end close Process
14:11:5 = DLL_PROCESS_DETACH

14:11:5 = Process Attach
14:11:5 = end process attach

14:11:5 = ##### Begin waiting Mutex to release process #####

14:11:5 = ***** NULL == SampleProvider *****

14:11:5 = hWnd = 0x0006031e; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:5 = hWnd = 0x001a03ea; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:5 = hWnd = 0x0016046c; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:5 = hWnd = 0x000403ac; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:5 = hWnd = 0x00040320; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x00030322; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x001c03a0; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:5 = hWnd = 0x00040324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:5 = hWnd = 0x00060334; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:5 = hWnd = 0x0007032c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x000803b2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x00140476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x0004032e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = Need to re-create objects.

14:11:5 = s1.

14:11:5 = s2.

14:11:5 = find user name
14:11:5 = Start show animate
14:11:6 = Shell Excutute VerifyHost
14:11:6 = find user name
14:11:7 = find user name
14:11:7 = begin close Process
14:11:7 = Terminate Process
14:11:8 = end close Process
14:11:8 = DLL_PROCESS_DETACH

14:11:8 = Process Attach
14:11:8 = end process attach

14:11:8 = ##### Begin waiting Mutex to release process #####

14:11:8 = ***** NULL == SampleProvider *****

14:11:8 = hWnd = 0x00070334; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:8 = hWnd = 0x002303bc; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:8 = hWnd = 0x00050326; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:8 = hWnd = 0x001b03ea; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:8 = hWnd = 0x0005018e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x000703aa; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0005032e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:8 = hWnd = 0x001d03a0; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:8 = hWnd = 0x00160476; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:8 = hWnd = 0x0007031e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0005031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0008032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x00070318; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = Need to re-create objects.

14:11:8 = s1.

14:11:8 = s2.

14:11:8 = find user name
14:11:8 = Start show animate
14:11:10 = Shell Excutute VerifyHost
14:11:10 = find user name
14:11:11 = find user name
14:11:11 = begin close Process
14:11:11 = Terminate Process
14:11:12 = end close Process
14:11:12 = DLL_PROCESS_DETACH

14:11:19 = Process Attach
14:11:19 = end process attach

14:11:19 = ##### Begin waiting Mutex to release process #####

14:11:19 = ***** NULL == SampleProvider *****

14:11:19 = hWnd = 0x00060310; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:19 = hWnd = 0x0007035a; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:19 = hWnd = 0x00110396; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x00190480; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x00080318; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
14:11:19 = hWnd = 0x002403e0; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:11:19 = hWnd = 0x003203ce; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:19 = hWnd = 0x00080324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:19 = hWnd = 0x000e047a; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:19 = hWnd = 0x00180476; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x002003a0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x000a03aa; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x0007033c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = Need to re-create objects.

14:11:19 = s1.

14:11:19 = s2.

14:11:19 = find user name
14:11:19 = Start show animate
14:11:20 = Shell Excutute VerifyHost
14:11:20 = find user name
14:11:21 = begin close Process
14:11:21 = Terminate Process
14:11:22 = end close Process
14:11:22 = DLL_PROCESS_DETACH

14:15:45 = Process Attach
14:15:45 = end process attach

14:15:45 = ***** NULL == SampleProvider *****

14:15:45 = hWnd = 0x001b03ca; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:15:45 = hWnd = 0x001c0480; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:15:45 = hWnd = 0x00090340; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:15:45 = hWnd = 0x000b0324; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:15:49 = Process Attach
14:15:49 = ## ERR ## Setevent

14:15:49 = ##### Get event and release process #####

14:15:49 = begin close Process
14:15:49 = end close Process
14:15:49 = ##### Get event and release process end #####

14:15:49 = ***** NULL == SampleProvider *****

14:15:49 = hWnd = 0x0002010e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
14:15:49 = hWnd = 0x0002012a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:15:49 = hWnd = 0x000200b0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:15:49 = hWnd = 0x00020128; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:17:17 = Process Attach
14:17:17 = end process attach

14:17:17 = ***** NULL == SampleProvider *****

14:17:17 = ##### Begin waiting Mutex to release process #####

14:17:17 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:17:17 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:17:17 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:17:17 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:17:20 = Need to re-create objects.

14:17:20 = s1.

14:17:20 = s2.

14:17:20 = find user name
14:17:20 = Start show animate
14:17:21 = Shell Excutute VerifyHost
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:18:10 = begin close Process
14:18:10 = Terminate Process
14:18:11 = end close Process
14:18:11 = DLL_PROCESS_DETACH

14:20:6 = Process Attach
14:20:6 = end process attach

14:20:6 = ##### Begin waiting Mutex to release process #####

14:20:6 = ***** NULL == SampleProvider *****

14:20:6 = hWnd = 0x00050324; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:20:6 = hWnd = 0x00050322; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:20:6 = hWnd = 0x00010342; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x00010346; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0001034a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0006031e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:20:6 = hWnd = 0x00050330; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:20:6 = hWnd = 0x0005031a; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:20:6 = hWnd = 0x000302d8; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:20:6 = hWnd = 0x0005032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:20:6 = hWnd = 0x000302d6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x00050316; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0006032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0005031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = Need to re-create objects.

14:20:6 = s1.

14:20:6 = s2.

14:20:6 = find user name
14:20:6 = Start show animate
14:20:7 = Shell Excutute VerifyHost
14:20:7 = find user name
14:20:8 = find user name
14:20:8 = begin close Process
14:20:8 = Terminate Process
14:20:9 = end close Process
14:20:9 = DLL_PROCESS_DETACH

14:20:13 = Process Attach
14:20:13 = end process attach

14:20:13 = ##### Begin waiting Mutex to release process #####

14:20:13 = ***** NULL == SampleProvider *****

14:20:13 = hWnd = 0x00060314; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:20:13 = hWnd = 0x0008032c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:20:13 = hWnd = 0x0002033e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0002033a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0004030e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x00030348; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:20:13 = hWnd = 0x00060320; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:20:13 = hWnd = 0x0006032e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:20:13 = hWnd = 0x00030356; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:20:13 = hWnd = 0x00040346; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:20:13 = hWnd = 0x0008031e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0006031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x00060322; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x000d002a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = Need to re-create objects.

14:20:13 = s1.

14:20:13 = s2.

14:20:13 = find user name
14:20:13 = Start show animate
14:20:15 = Shell Excutute VerifyHost
14:20:15 = find user name
14:20:16 = begin close Process
14:20:16 = Terminate Process
14:20:17 = end close Process
14:20:17 = DLL_PROCESS_DETACH

14:39:11 = Process Attach
14:39:11 = end process attach

14:39:11 = ***** NULL == SampleProvider *****

14:39:11 = ##### Begin waiting Mutex to release process #####

14:39:11 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:39:11 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:39:11 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:39:11 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:39:35 = Need to re-create objects.

14:39:35 = s1.

14:39:35 = s2.

14:39:37 = find user name
14:39:37 = Start show animate
14:39:38 = Shell Excutute VerifyHost
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:55 = begin close Process
14:39:55 = Terminate Process
14:39:56 = end close Process
14:39:56 = DLL_PROCESS_DETACH

14:41:18 = Process Attach
14:41:18 = end process attach

14:41:18 = ***** NULL == SampleProvider *****

14:41:18 = hWnd = 0x000202d2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:41:18 = hWnd = 0x000302d0; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:41:18 = hWnd = 0x00020322; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00020326; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x0002031e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00030316; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=127, width=466, height=378
14:41:18 = hWnd = 0x000202d8; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=19a, y=164, width=546, height=363
14:41:18 = hWnd = 0x000202d4; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:41:18 = hWnd = 0x000202de; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:41:18 = hWnd = 0x0003013e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:41:18 = hWnd = 0x000202dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x000202d6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00030300; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00060372; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = Need to re-create objects.

14:41:18 = s1.

14:41:18 = s2.

14:41:19 = find user name
14:41:19 = Start show animate
14:41:20 = Shell Excutute VerifyHost
14:41:20 = find user name
14:41:22 = find user name
14:41:22 = begin close Process
14:41:22 = Terminate Process
14:41:23 = end close Process
14:41:23 = DLL_PROCESS_DETACH

14:41:30 = Process Attach
14:41:30 = end process attach

14:41:30 = ***** NULL == SampleProvider *****

14:41:30 = ##### Begin waiting Mutex to release process #####

14:41:30 = hWnd = 0x000402c8; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:41:30 = hWnd = 0x000302ec; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:41:30 = hWnd = 0x0004013e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:41:30 = hWnd = 0x000402de; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:41:30 = hWnd = 0x00030344; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x0004031a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x0003033c; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302cc; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:41:30 = hWnd = 0x00040326; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:41:30 = hWnd = 0x000700e0; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:41:30 = hWnd = 0x00050324; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302ca; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302b2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000602ee; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = Need to re-create objects.

14:41:30 = s1.

14:41:30 = s2.

14:41:30 = find user name
14:41:30 = Start show animate
14:41:32 = Shell Excutute VerifyHost
14:41:32 = find user name
14:41:33 = begin close Process
14:41:33 = Terminate Process
14:41:34 = end close Process
14:41:34 = DLL_PROCESS_DETACH

15:45:40 = Process Attach
15:45:40 = end process attach

15:45:40 = ***** NULL == SampleProvider *****

15:45:40 = ##### Begin waiting Mutex to release process #####

15:45:40 = hWnd = 0x00030498; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
15:45:40 = hWnd = 0x00050450; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
15:45:40 = hWnd = 0x0002042c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
15:45:40 = hWnd = 0x000b027c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
15:45:40 = Need to re-create objects.

15:45:40 = s1.

15:45:40 = s2.

15:45:41 = find user name
15:45:41 = Start show animate
15:45:42 = Is Black Sceen wait
15:45:42 = black wait1
15:45:44 = Is Black Sceen wait
15:45:44 = black wait2
15:45:45 = Is Black Sceen wait
15:45:45 = black wait3
15:45:47 = Shell Excutute VerifyHost
15:45:47 = find user name
15:45:47 = find user name
15:45:47 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
17:25:38 = Bypass the object creation.

17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:43 = begin close Process
17:25:43 = Terminate Process
17:25:44 = end close Process
17:25:44 = DLL_PROCESS_DETACH

17:29:51 = Process Attach
17:29:51 = end process attach

17:29:51 = ##### Begin waiting Mutex to release process #####

17:29:51 = ***** NULL == SampleProvider *****

17:29:51 = hWnd = 0x0003053c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
17:29:51 = hWnd = 0x00030528; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
17:29:51 = hWnd = 0x000304e2; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x00030522; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0002054e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003054a; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
17:29:51 = hWnd = 0x0003053a; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
17:29:51 = hWnd = 0x00040520; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
17:29:51 = hWnd = 0x00030546; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
17:29:51 = hWnd = 0x00060496; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
17:29:51 = hWnd = 0x00030542; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x00030538; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003053e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003052a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = Need to re-create objects.

17:29:51 = s1.

17:29:51 = s2.

17:29:51 = find user name
17:29:51 = Start show animate
17:29:53 = Shell Excutute VerifyHost
17:29:53 = find user name
17:29:54 = begin close Process
17:29:54 = Terminate Process
17:29:55 = end close Process
17:29:55 = DLL_PROCESS_DETACH

18:3:25 = Process Attach
18:3:25 = end process attach

18:3:25 = ***** NULL == SampleProvider *****

18:3:25 = hWnd = 0x001302d4; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:3:25 = hWnd = 0x000602dc; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:3:25 = hWnd = 0x0008030e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x00050320; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1c6, y=158, width=466, height=378
18:3:25 = hWnd = 0x000a03b2; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=1e7, y=276, width=416, height=201
18:3:25 = hWnd = 0x000902d6; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:3:25 = hWnd = 0x00060342; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:3:25 = hWnd = 0x0006033e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:3:25 = hWnd = 0x00060390; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x000a02d2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x000b02c0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x00070322; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = Need to re-create objects.

18:3:25 = s1.

18:3:25 = s2.

18:3:25 = find user name
18:3:25 = Start show animate
18:3:26 = Shell Excutute VerifyHost
18:3:30 = begin close Process
18:3:30 = Terminate Process
18:3:31 = end close Process
18:3:31 = DLL_PROCESS_DETACH

18:3:58 = Process Attach
18:3:58 = end process attach

18:3:58 = ##### Begin waiting Mutex to release process #####

18:3:58 = hWnd = 0x00070538; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:3:58 = hWnd = 0x000802dc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:3:58 = hWnd = 0x00090316; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x000902c6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x001502d4; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x000802da; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = Need to re-create objects.

18:3:58 = s1.

18:3:58 = s2.

18:3:58 = find user name
18:3:58 = Start show animate
18:4:0 = Shell Excutute VerifyHost
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = begin close Process
18:4:0 = Terminate Process
18:4:1 = end close Process
18:4:1 = DLL_PROCESS_DETACH
         
Code:
ATTFilter
Zoek.exe v5.0.0.1 Updated 12-November-2015
Tool run by Notebook on 15.11.2015 at 14:11:25,98.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nora\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

15.11.2015 14:12:32 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");

Added to C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Nora\AppData\Roaming\Thunderbird\Profiles\zxuoypxh.default\prefs.js:

Added to C:\Users\Nora\AppData\Roaming\Thunderbird\Profiles\zxuoypxh.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\prefs.js:

Added to C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Notebook\AppData\Roaming\Thunderbird\Profiles\d9933684.default\prefs.js:

Added to C:\Users\Notebook\AppData\Roaming\Thunderbird\Profiles\d9933684.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Uwelchen\AppData\Roaming\Mozilla\Firefox\Profiles\eh4mrhim.default\prefs.js:
user_pref("browser.startup.homepage", "google.de");

Added to C:\Users\Uwelchen\AppData\Roaming\Mozilla\Firefox\Profiles\eh4mrhim.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Uwelchen\AppData\Roaming\Thunderbird\Profiles\0qsprsjc.default\prefs.js:

Added to C:\Users\Uwelchen\AppData\Roaming\Thunderbird\Profiles\0qsprsjc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Nora\AppData\Roaming\Thunderbird\Profiles\zxuoypxh.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Notebook\AppData\Roaming\Thunderbird\Profiles\d9933684.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Uwelchen\AppData\Roaming\Mozilla\Firefox\Profiles\eh4mrhim.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Uwelchen\AppData\Roaming\Thunderbird\Profiles\0qsprsjc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Google Analytics Opt-out Browser Add-on - %ProfilePath%\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Notebook\AppData\Roaming\Thunderbird\Profiles\d9933684.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

ProfilePath: C:\Users\Uwelchen\AppData\Roaming\Mozilla\Firefox\Profiles\eh4mrhim.default
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\Uwelchen\AppData\Roaming\Thunderbird\Profiles\0qsprsjc.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default
2C82D753EF779945977C82A3908DA20A	- C:\windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.90.5
1BFD18699636B8F1AA26675BA43D2F8F	- C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll -	Shockwave for Director / Shockwave for Director
F114FBA6246530B89DD1E04351E0EAC5	- C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll -	Shockwave Flash
15E298B5EC5B89C5994A59863969D9FF	- C:\windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE506

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Users\Default\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe 
C:\Users\Default\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe 
C:\Users\Default User\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe 
C:\Users\Default User\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe 
C:\Users\Nora\Desktop\Avira PC Cleaner.lnk - C:\Users\Notebook\AppData\Local\Temp\cleaner\avwebloader.exe 
C:\Users\Nora\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe 
C:\Users\Nora\Desktop\Entfernen des Avira PC Cleaners.lnk - C:\Users\Notebook\AppData\Local\Temp\cleaner\cleaner-install.exe /remove
C:\Users\Nora\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe 
C:\Users\Nora\Desktop\Uni\Handout - interkulturelle Erziehung und Pädagogik - Verknüpfung.lnk - C:\Users\Nora\Documents\Handout - interkulturelle Erziehung und Pädagogik.docx 
C:\Users\Notebook\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe 
C:\Users\Notebook\Desktop\Download Zusammenfassung.lnk - C:\Users\Notebook\AppData\Local\SpaceKace\Setup_FileViewPro_[2015_Editi\Setup_FileViewPro_[2015_Edition].exe 
C:\Users\Notebook\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe 
C:\Users\Uwelchen\Desktop\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico 
C:\Users\Uwelchen\Desktop\Microsoft Word 2010.lnk - C:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\Free DWG Viewer.lnk - C:\Program Files (x86)\IGC\Free DWG Viewer\FreeDWGViewer.exe 
C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe 
C:\Users\Public\Desktop\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe 
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Deu.chm 
C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Power management options.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe 
C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr
C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Deu.chm 
C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Power management options.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe 
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Deu.chm 
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Power management options.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe 

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer\Free DWG Viewer Help.lnk - C:\Program Files (x86)\IGC\Free DWG Viewer\BravaActiveX.DWG_ENU.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer\Free DWG Viewer.lnk - C:\Program Files (x86)\IGC\Free DWG Viewer\FreeDWGViewer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe 
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe 
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe 
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe 

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Reset WMI ======================

Die folgenden Dienste h„ngen vom Dienst Windows-Verwaltungsinstrumentation ab.
Das Beenden des Dienstes Windows-Verwaltungsinstrumentation beendet auch diese Dienste.

   Sicherheitscenter
   IP-Hilfsdienst
   Intel(R) Rapid Storage Technology

Sicherheitscenter wird beendet.
Sicherheitscenter wurde erfolgreich beendet.

IP-Hilfsdienst wird beendet.
IP-Hilfsdienst wurde erfolgreich beendet.

Intel(R) Rapid Storage Technology wird beendet.
Intel(R) Rapid Storage Technology wurde erfolgreich beendet.

Windows-Verwaltungsinstrumentation wird beendet.
Windows-Verwaltungsinstrumentation wurde erfolgreich beendet.

C:\windows\system32\wbem\repository renamed to repository.old
C:\windows\syswow64\wbem\repository renamed to repository.old

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)
         


Alt 16.11.2015, 15:15   #21
M-K-D-B
/// TB-Ausbilder
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Servus,


nochmal HitmanPro und FRST bitte:



Schritt 1
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 











Schritt 2
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST.

Alt 16.11.2015, 17:48   #22
nora.s
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Hallo Mathias!
Seit dem letzten Mal läuft der PC schon wieder viel besser Der Adobe Reader öffnet die Dateien wieder richtig und die Interneteinstellungen funktionieren auch wieder..

Die Hitman Textdatei konnte ich wieder nicht auf dem Desktop speicher, jedoch auf dem Stick. Hoffe das ist auch in Ordnung..

Hier die Dateien:

Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.10.251
www.hitmanpro.com

   Computer name . . . . : NOTEBOOK-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Notebook-PC\Notebook
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-11-16 17:19:44
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 23

   Objects scanned . . . : 1.623.781
   Files scanned . . . . : 37.320
   Remnants scanned  . . : 367.272 files / 1.219.189 keys

Suspicious files ____________________________________________________________

   C:\Users\Nora\Desktop\Downloads\FRST64.exe
      Size . . . . . . . : 2.198.528 bytes
      Age  . . . . . . . : 4.3 days (2015-11-12 11:17:50)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6E8BF313C850728328088C2DC10FB5369B9C938F71F58EC7EB8D51374EB1CA51
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{AA8714C4-294D-47FB-BCE0-BC12445CFBD4}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94}\ (TelevisionFanatic)
   HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3}\ (TelevisionFanatic)
   HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
   HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
   HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
durchgeführt von Notebook (Administrator) auf NOTEBOOK-PC (16-11-2015 17:31:28)
Gestartet von E:\
Geladene Profile: Notebook & Nora & Uwelchen (Verfügbare Profile: Notebook & Nora & Uwelchen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-05-23] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-05-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-05-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-23] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-10-05] (Malwarebytes)
HKLM-x32\...\runonceex: [Flags] => 8
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C10].txt
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\...\MountPoints2: {72c6dce6-520b-11e3-9d67-446d57e77fa7} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-05-23] ()
Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-11-12]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013-12-06]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0434AB00-3F7C-4291-91FB-BFB1A7FBC4E6}: [DhcpNameServer] 10.63.210.254
Tcpip\..\Interfaces\{0EA6BB07-2FF3-4059-B5F3-5A19971BFC92}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-1146881843-1855949487-4122649668-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-1146881843-1855949487-4122649668-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1146881843-1855949487-4122649668-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE506
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-21] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-21] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)

FireFox:
========
FF ProfilePath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-10-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U3 BcmSqlStartupSvc; kein ImagePath
U2 CLKMSVC10_3A60B698; kein ImagePath
U2 CLKMSVC10_C3B3B687; kein ImagePath
U2 DriverService; kein ImagePath
U2 iATAgentService; kein ImagePath
U2 idealife Update Service; kein ImagePath
U3 IGRS; kein ImagePath
U2 IviRegMgr; kein ImagePath
U2 nvUpdatusService; kein ImagePath
U2 Oasis2Service; kein ImagePath
U2 PCCarerService; kein ImagePath
U2 ReadyComm.DirectRouter; kein ImagePath
U2 RichVideo; kein ImagePath
U2 RtLedService; kein ImagePath
U2 SoftwareService; kein ImagePath
U3 SQLWriter; kein ImagePath
U2 Stereo Service; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-16 17:27 - 2015-11-16 17:27 - 00008286 _____ C:\Users\Notebook\Desktop\HitmanPro_20151116_1727.log
2015-11-16 17:17 - 2015-11-16 17:17 - 11337112 _____ (SurfRight B.V.) C:\Users\Nora\Desktop\HitmanPro_x64.exe
2015-11-16 12:46 - 2015-11-16 12:46 - 00003408 ____N C:\bootsqm.dat
2015-11-15 18:10 - 2015-11-16 17:31 - 00013271 _____ C:\FaceProv.log
2015-11-15 14:34 - 2015-11-15 14:34 - 00008288 _____ C:\Users\Notebook\Desktop\HitmanPro_20151115_1434.log
2015-11-15 14:34 - 2015-11-15 14:34 - 00007386 _____ C:\Users\Notebook\Desktop\HitmanPro_20151115_1433.xml
2015-11-15 14:33 - 2015-11-15 14:33 - 00008288 _____ C:\Users\Notebook\Desktop\HitmanPro_20151115_1433.log
2015-11-15 14:20 - 2015-11-15 14:35 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-15 14:15 - 2015-11-15 14:15 - 23664130 _____ C:\windows\repository.backup
2015-11-15 14:15 - 2015-11-15 14:11 - 00024064 _____ C:\windows\zoek-delete.exe
2015-11-15 14:11 - 2015-11-15 14:11 - 00000000 ____D C:\zoek_backup
2015-11-15 14:09 - 2015-11-16 17:22 - 00000000 ____D C:\Users\Nora\Desktop\TxtDokumente
2015-11-15 14:00 - 2015-11-15 14:00 - 01309184 _____ C:\Users\Nora\Desktop\zoek.exe
2015-11-14 21:46 - 2015-11-14 21:46 - 00001074 _____ C:\Users\Notebook\Desktop\JRT.txt
2015-11-14 21:43 - 2015-10-05 23:26 - 01801288 _____ (Malwarebytes) C:\Users\Notebook\Desktop\JRT.exe
2015-11-14 17:38 - 2015-11-14 17:39 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-14 17:38 - 2015-11-14 17:38 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-14 17:38 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-14 17:38 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-11-14 17:38 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-11-14 17:25 - 2015-11-14 17:25 - 01798976 _____ (Malwarebytes) C:\Users\Nora\Desktop\JRT.exe
2015-11-14 17:24 - 2015-11-14 17:25 - 22908888 _____ (Malwarebytes ) C:\Users\Nora\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-14 17:18 - 2015-11-14 17:18 - 01729536 _____ C:\Users\Nora\Desktop\AdwCleaner_5.020.exe
2015-11-13 16:28 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2015-11-13 16:28 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2015-11-13 16:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2015-11-13 16:21 - 2015-11-13 16:22 - 00000000 ____D C:\Qoobox
2015-11-13 16:20 - 2015-11-13 16:38 - 00000000 ____D C:\windows\erdnt
2015-11-12 16:58 - 2015-11-12 16:58 - 00059877 _____ C:\Users\Notebook\Desktop\FRST.txt
2015-11-12 16:43 - 2015-11-12 16:43 - 00000000 ____D C:\Users\Notebook\AppData\Local\GWX
2015-11-12 12:28 - 2015-11-12 12:28 - 00000000 ____D C:\Users\Nora\Documents\OneNote-Notizbücher
2015-11-12 12:20 - 2015-11-12 12:21 - 00004120 _____ C:\Users\Notebook\Desktop\gmertxt.log
2015-11-12 12:06 - 2015-11-12 12:06 - 00280320 _____ C:\windows\Minidump\111215-26395-01.dmp
2015-11-12 11:18 - 2015-11-16 17:31 - 00000000 ____D C:\FRST
2015-11-12 11:17 - 2015-11-12 11:17 - 00000000 _____ C:\Users\Notebook\defogger_reenable
2015-11-12 10:52 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 17:49 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-11 17:49 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-11 17:49 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-11 17:49 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-11 17:49 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 17:49 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-11 17:49 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-11 17:49 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-11 17:49 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 17:49 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-11 17:49 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-11 17:49 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-11 17:49 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-11 17:49 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-11 17:49 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 17:49 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 17:49 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-11 17:49 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-11 17:49 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-11 17:49 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-11 17:49 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 17:49 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 17:49 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-11 17:49 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 17:49 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-11 17:49 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-11 17:49 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-11 17:49 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-11 17:49 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-11 17:49 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-11 17:49 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 17:49 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-11 17:49 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-11 17:49 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-11 17:49 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 17:49 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-11 17:49 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-11 17:49 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-11 17:49 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 17:49 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 17:49 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-11 17:49 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-11 17:49 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-11 17:49 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 17:49 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 17:49 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-11 17:49 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-11 17:49 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-11 17:49 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 17:49 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-11 17:49 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 17:49 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-11 17:49 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 17:49 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 17:49 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-11 17:49 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-11 17:49 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 17:49 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 17:49 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 17:49 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 17:49 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-11 17:49 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 17:49 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-11 17:49 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 17:49 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-11 17:49 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 17:49 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 17:49 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 17:49 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-11 17:49 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 17:48 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 17:48 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-11 17:48 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-11 17:48 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 17:48 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 17:48 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-11 17:48 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-11 17:48 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-11 17:48 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-11 17:48 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-11 17:48 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-11 17:48 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-11 17:48 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-11 17:48 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-11 17:48 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-11 17:48 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-11 17:48 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-11 17:48 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-11 17:48 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-11 17:48 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-11 17:48 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-11 17:48 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-11 17:48 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-11 17:48 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 17:48 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-11 17:48 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 17:48 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-11 17:48 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-11 17:48 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 17:48 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 17:48 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 17:48 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 17:46 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-11 17:46 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-11 17:46 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-11 17:45 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 17:45 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 17:40 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-11 17:40 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-11 17:40 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-11 17:40 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-11 17:40 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-11 17:40 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-11 17:40 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-11 17:39 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-10 15:06 - 2015-11-10 15:06 - 00280320 _____ C:\windows\Minidump\111015-24726-01.dmp
2015-11-07 19:23 - 2015-11-07 19:23 - 00280320 _____ C:\windows\Minidump\110715-27315-01.dmp
2015-11-06 21:49 - 2015-11-07 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-05 09:25 - 2015-11-05 09:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-16 17:30 - 2012-05-23 02:58 - 00699440 _____ C:\windows\system32\perfh007.dat
2015-11-16 17:30 - 2012-05-23 02:58 - 00149548 _____ C:\windows\system32\perfc007.dat
2015-11-16 17:30 - 2009-07-14 06:13 - 01619700 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-16 17:28 - 2009-07-14 04:20 - 00000000 ____D C:\windows\tracing
2015-11-16 17:15 - 2009-07-14 05:45 - 00028704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-16 17:15 - 2009-07-14 05:45 - 00028704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-16 17:10 - 2012-05-23 11:17 - 01800201 _____ C:\windows\WindowsUpdate.log
2015-11-16 17:06 - 2012-10-24 14:24 - 00065536 _____ C:\windows\system32\Ikeext.etl
2015-11-16 17:06 - 2012-05-23 12:12 - 00204435 _____ C:\windows\system32\fastboot.set
2015-11-16 17:06 - 2012-05-23 12:11 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-16 17:06 - 2012-05-23 12:03 - 00000000 ____D C:\ProgramData\VeriFace
2015-11-16 17:06 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-16 17:05 - 2014-02-23 22:07 - 00110698 _____ C:\windows\setupact.log
2015-11-16 14:42 - 2012-10-21 11:18 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-16 14:06 - 2012-05-23 12:11 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 19:00 - 2014-10-07 20:27 - 00000000 ____D C:\Users\Uwelchen
2015-11-15 14:41 - 2012-08-30 14:16 - 00000000 ____D C:\Users\Notebook
2015-11-15 14:17 - 2014-03-19 12:38 - 42562106 _____ C:\windows\system32\PsBoot.log
2015-11-15 14:17 - 2014-02-23 22:06 - 00155978 _____ C:\windows\PFRO.log
2015-11-15 14:16 - 2014-03-19 12:38 - 00000000 _____ C:\windows\system32\defragLog.log
2015-11-15 13:32 - 2014-03-19 13:39 - 00000000 ____D C:\AdwCleaner
2015-11-15 12:26 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2015-11-14 18:04 - 2009-07-14 06:32 - 00000000 ____D C:\windows\addins
2015-11-14 17:30 - 2013-12-18 12:54 - 00000000 ____D C:\Users\Nora
2015-11-14 14:47 - 2015-03-17 11:18 - 00000000 ____D C:\Users\Nora\Desktop\Uwe
2015-11-13 16:37 - 2014-06-14 21:18 - 00000000 ____D C:\Users\Notebook\AppData\Local\Adobe
2015-11-13 09:03 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-11-12 16:39 - 2009-07-14 05:45 - 00337808 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-12 12:06 - 2014-07-24 11:21 - 00000000 ____D C:\windows\Minidump
2015-11-12 12:06 - 2014-07-24 11:20 - 1018855042 _____ C:\windows\MEMORY.DMP
2015-11-11 18:49 - 2012-10-21 17:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 18:42 - 2012-10-21 11:18 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 18:42 - 2012-10-21 11:18 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:42 - 2012-10-21 11:18 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 18:41 - 2011-09-29 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 17:32 - 2014-02-26 12:38 - 01593980 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-07 17:43 - 2012-10-21 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-30 06:22 - 2015-07-10 18:40 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-18 10:35 - 2014-01-31 14:51 - 00000000 ____D C:\Users\Nora\Desktop\Uni Praktikum

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-04-05 17:01 - 2013-04-05 17:01 - 0002528 _____ () C:\Users\Notebook\AppData\Roaming\$_hpcst$.hpc
2014-01-29 13:34 - 2014-01-29 13:34 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-15 12:19

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-11-2015
durchgeführt von Notebook (2015-11-16 17:32:09)
Gestartet von E:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-30 13:16:26)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1146881843-1855949487-4122649668-500 - Administrator - Disabled)
Gast (S-1-5-21-1146881843-1855949487-4122649668-501 - Limited - Disabled)
Nora (S-1-5-21-1146881843-1855949487-4122649668-1001 - Limited - Enabled) => C:\Users\Nora
Notebook (S-1-5-21-1146881843-1855949487-4122649668-1000 - Administrator - Enabled) => C:\Users\Notebook
Uwelchen (S-1-5-21-1146881843-1855949487-4122649668-1003 - Limited - Enabled) => C:\Users\Uwelchen

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CBR (HKLM\...\{A8305DB2-3F6A-43CF-8CE3-EFD3D0F1C352}) (Version: 0.7 - G.Waser)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Free DWG Viewer 7.3 (HKLM-x32\...\{16CF668C-104D-479F-88A9-739137AEF3AD}) (Version: 7.3.0.176 - IGC)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.6.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\{73187774-F274-39D6-80A4-33778B3CBBD4}) (Version: 65.51.16478 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{CED47C99-8892-4956-BCA7-CC3123531371}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Hilfe (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lexmark S410 Series Deinstallationsprogamm (HKLM\...\Lexmark S410 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKU\S-1-5-21-1146881843-1855949487-4122649668-1003\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{28F4BC72-75AE-47DD-B5B3-2A027BCA48A7}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

08-11-2015 20:31:36 Windows-Sicherung
09-11-2015 22:00:44 Windows Update
11-11-2015 12:41:21 Windows Update
11-11-2015 17:21:37 Windows Update
11-11-2015 18:40:28 Windows Update
12-11-2015 14:53:27 Windows Update
14-11-2015 18:12:10 JRT Pre-Junkware Removal
14-11-2015 21:37:48 JRT Pre-Junkware Removal
14-11-2015 21:43:11 JRT Pre-Junkware Removal
15-11-2015 14:12:24 zoek.exe restore point
15-11-2015 14:34:41 Prüfpunkt von HitmanPro
16-11-2015 13:01:01 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-11-15 14:12 - 00000841 ____A C:\windows\system32\Drivers\etc\hosts

 127.0.0.1       localhost 
::1             localhost 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0193F86E-DCBA-4717-984F-AAED2657012C} - System32\Tasks\{58CA7212-3668-4514-BF70-A38EF0598722} => pcalua.exe -a F:\Install.exe -d F:\
Task: {05871FC2-EF84-4424-BD51-9E9784F25D1F} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HpWebReg.exe
Task: {06839B91-58C1-43B2-AE96-615A676350F7} - System32\Tasks\{561E282B-989B-43CF-9923-7E78F5100D85} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {1AA4CBE5-A1A1-4E11-96FF-D3DA11C5C67F} - System32\Tasks\{6E897720-0C00-426B-82A9-06A27072CBE8} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-11-05] (Mozilla Corporation)
Task: {1AE35477-E386-4ED0-B716-C799EEAF3CB7} - System32\Tasks\{3C4A0741-2782-49C1-B191-6DD27182317B} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {1C4D16D4-59A3-4E90-8322-C42381835A6B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2619407E-888E-4EDB-9CE9-7900016E616C} - \HQ-Video-Profession-1.3-firefoxinstaller -> Keine Datei <==== ACHTUNG
Task: {39607F30-B624-48CA-8B74-B64E766204B9} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {424B4465-B5BC-419C-AFE9-BDA0BE1CD8ED} - \HQ-Video-Profession-1.3-codedownloader -> Keine Datei <==== ACHTUNG
Task: {4481CAAD-E5FF-4DBC-B33A-485DD1E033AB} - \HQ-Video-Profession-1.3-enabler -> Keine Datei <==== ACHTUNG
Task: {53FB169C-39A0-4725-8274-49E0E8AE700F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {54BAB1DA-AAD2-480D-A51B-2789094B968F} - System32\Tasks\{B33CE333-4158-42C2-A582-ACC2CD8B4AB7} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-11-05] (Mozilla Corporation)
Task: {5A749EF4-BEEB-41AB-BB09-09E906F144D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {66168DDB-F850-4953-8BBA-6CDDE814EDB1} - \HQ-Video-Profession-1.3-chromeinstaller -> Keine Datei <==== ACHTUNG
Task: {72CCA424-D111-4F99-AFF8-A5D8C3352C89} - \MediaPlayerEnhance-enabler -> Keine Datei <==== ACHTUNG
Task: {73634F6A-9129-42B3-81CF-310EE8F0857A} - \MediaPlayerEnhance-codedownloader -> Keine Datei <==== ACHTUNG
Task: {73FCE9BB-49FA-4071-AD14-1CAD5E829A43} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {79CEC219-88D1-49B9-9BFB-F6AABB262CC6} - \MediaPlayerEnhance-firefoxinstaller -> Keine Datei <==== ACHTUNG
Task: {7F31B36B-C59C-422E-B4AF-24CFC4B301C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {8841015E-BB01-4BB5-B20E-F48C76D70890} - System32\Tasks\{941C066D-C974-4F3B-8FB9-C313C1B1E452} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {8D3ECFEB-ECC6-43C7-9FD1-6167CEBE303A} - System32\Tasks\{DD783E30-083B-47F0-BD39-C0DDA32A49E5} => pcalua.exe -a "C:\Program Files (x86)\Verbindungsassistent\Uninstaller.exe"
Task: {A1EB24AA-BBC1-4663-B6AE-C8687A2FDA4F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {B432F1D6-FBFA-4641-836A-6D21416BE178} - \MediaPlayerEnhance-chromeinstaller -> Keine Datei <==== ACHTUNG
Task: {C701C00E-FF7B-424B-983A-3386728205B3} - System32\Tasks\{3D5593A9-5F78-4469-B743-0BD6634616C8} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-11-05] (Mozilla Corporation)
Task: {D9E7D8F2-A3D2-4CCF-A63C-DFB19020869B} - \HQ-Video-Profession-1.3-updater -> Keine Datei <==== ACHTUNG
Task: {DBCE4CED-3DB9-46B7-A285-39BCC483CD7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E4C899FF-E8F7-4AF1-A6A7-A04010BC08CB} - \MediaPlayerEnhance-updater -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-05-23 12:03 - 2012-05-23 12:03 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-05-23 12:03 - 2012-05-23 12:03 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2008-12-20 04:20 - 2012-05-23 12:15 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2012-05-23 12:15 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-05-23 11:36 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-23 17:07 - 2009-03-03 11:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-23 12:03 - 2012-05-23 12:03 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-10-16 21:04 - 2014-10-16 21:04 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\17c296575fad30d021e6370dc70cf800\IsdiInterop.ni.dll
2012-05-23 11:35 - 2011-02-18 09:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1146881843-1855949487-4122649668-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Uwelchen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{C06D5DF8-3461-4042-8F52-7EBCDE9FE5EB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A01CE26B-13D2-49C9-A92D-9B7D46120EAD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{23CFB686-0B7E-4480-A9A3-CB0C2F765BAA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{85C74DA7-449E-44C7-8E4E-1F4912152D42}] => (Allow) LPort=2869
FirewallRules: [{877B58CB-8D65-442A-8AF5-5FA372C19F10}] => (Allow) LPort=1900
FirewallRules: [{8D40A53C-4335-417B-9C4A-CB4692B6701D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{17F942C8-12AD-4AA5-9463-4D84ED86C64F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{494CA055-1977-42EC-B8BF-AE2174875BDB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{7FB6858F-ED36-454A-8F9F-DF9A80AA76BF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{58AE4ECC-80E0-4F0D-BDC7-2CC30B8636BE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{5C3FAB83-0355-4B03-8DC1-B8E0A07D7802}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{0C353832-0069-4E0E-9DC5-C406A89ED5BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3FD3DA4-E429-4DDB-8AF6-37BB69E5EC76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB0BA175-6DF7-49FB-BC0E-EB66246A1ACB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD7CBA5A-1320-4B8A-86ED-D18730A7E38D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6DCD0473-2BF8-47E3-9577-F22D90E33E6C}] => (Allow) C:\Program Files (x86)\Lexmark\PSU\lmpsu.exe
FirewallRules: [{1848B09C-A7F2-4E06-84AF-903D2D0CFCF1}] => (Allow) C:\Program Files (x86)\Lexmark\PSU\lmpsu.exe
FirewallRules: [{600BE599-5822-48F3-B869-82DC5C62233C}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{795730CF-A64E-4915-8384-9C4A4D8606B1}] => (Allow) C:\Users\Notebook\AppData\Local\Temp\7zS0049\HPDiagnosticCoreUI.exe
FirewallRules: [{96963478-4C91-4FAA-A42F-C0519527DA88}] => (Allow) C:\Users\Notebook\AppData\Local\Temp\7zS0049\HPDiagnosticCoreUI.exe
FirewallRules: [{66F54DF8-0774-4E55-800F-073B4E8BB050}] => (Allow) C:\Users\Notebook\AppData\Local\Temp\7zS5C88\HPDiagnosticCoreUI.exe
FirewallRules: [{58ED8715-7D7E-4764-A2F4-1DC940D46FB9}] => (Allow) C:\Users\Notebook\AppData\Local\Temp\7zS5C88\HPDiagnosticCoreUI.exe
FirewallRules: [{2CF02080-21D3-4222-81D1-30FAE88FA2F6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E2CA7EE2-6A42-4951-B9E5-9C5E1FF1376A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7998D86-49F1-4F44-886A-7F2D4CAE5C0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5488F4E7-619C-40F9-867A-5BE99F507EB9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4429A93B-8E63-407C-9B8A-3187FFC606B1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0F6DDD45-F3D6-43D5-B986-E7E4425ED8D6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{6A2A115F-CFA8-4679-9084-9FDE758DE08E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{364D57E1-9EF3-4CC4-AA8F-B0113BACBDBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DCD7E537-A65D-45B1-A414-9576213BC1E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{193C3EDE-369F-49A2-A07D-C92D79A23A67}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/15/2015 08:17:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16068

Error: (11/15/2015 08:17:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16068

Error: (11/15/2015 08:17:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/15/2015 07:00:19 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Alle in der Sicherung enthaltenen Laufwerke wurden ausgelassen. Vergewissern Sie sich, dass die Laufwerke angeschlossen und funktionsfähig sind. (0x810000FF)"

Error: (11/15/2015 06:41:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/15/2015 06:07:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/15/2015 06:07:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/15/2015 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15741

Error: (11/15/2015 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15741

Error: (11/15/2015 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Systemfehler:
=============
Error: (11/16/2015 05:28:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/16/2015 05:28:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/16/2015 05:28:52 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/16/2015 05:28:51 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/15/2015 06:04:54 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.

Error: (11/15/2015 05:52:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.

Error: (11/15/2015 05:52:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.

Error: (11/15/2015 05:52:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.

Error: (11/15/2015 05:52:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.

Error: (11/15/2015 05:52:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.


CodeIntegrity:
===================================
  Date: 2015-11-13 16:37:33.753
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-11-13 16:37:33.675
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Prozentuale Nutzung des RAM: 23%
Installierter physikalischer RAM: 8135.86 MB
Verfügbarer physikalischer RAM: 6236.27 MB
Summe virtueller Speicher: 16269.93 MB
Verfügbarer virtueller Speicher: 14429.66 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:173.14 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.82 GB) NTFS
Drive e: () (Removable) (Total:7.37 GB) (Free:4.51 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 68E1532F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0B)

==================== Ende von Addition.txt ============================
         

Alt 17.11.2015, 14:25   #23
M-K-D-B
/// TB-Ausbilder
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
HKLM-x32\...\runonceex: [Flags] => 8
Task: {0193F86E-DCBA-4717-984F-AAED2657012C} - System32\Tasks\{58CA7212-3668-4514-BF70-A38EF0598722} => pcalua.exe -a F:\Install.exe -d F:\
Task: {06839B91-58C1-43B2-AE96-615A676350F7} - System32\Tasks\{561E282B-989B-43CF-9923-7E78F5100D85} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {1AE35477-E386-4ED0-B716-C799EEAF3CB7} - System32\Tasks\{3C4A0741-2782-49C1-B191-6DD27182317B} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {2619407E-888E-4EDB-9CE9-7900016E616C} - \HQ-Video-Profession-1.3-firefoxinstaller -> Keine Datei <==== ACHTUNG
Task: {424B4465-B5BC-419C-AFE9-BDA0BE1CD8ED} - \HQ-Video-Profession-1.3-codedownloader -> Keine Datei <==== ACHTUNG
Task: {4481CAAD-E5FF-4DBC-B33A-485DD1E033AB} - \HQ-Video-Profession-1.3-enabler -> Keine Datei <==== ACHTUNG
Task: {66168DDB-F850-4953-8BBA-6CDDE814EDB1} - \HQ-Video-Profession-1.3-chromeinstaller -> Keine Datei <==== ACHTUNG
Task: {72CCA424-D111-4F99-AFF8-A5D8C3352C89} - \MediaPlayerEnhance-enabler -> Keine Datei <==== ACHTUNG
Task: {73634F6A-9129-42B3-81CF-310EE8F0857A} - \MediaPlayerEnhance-codedownloader -> Keine Datei <==== ACHTUNG
Task: {79CEC219-88D1-49B9-9BFB-F6AABB262CC6} - \MediaPlayerEnhance-firefoxinstaller -> Keine Datei <==== ACHTUNG
Task: {8841015E-BB01-4BB5-B20E-F48C76D70890} - System32\Tasks\{941C066D-C974-4F3B-8FB9-C313C1B1E452} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {B432F1D6-FBFA-4641-836A-6D21416BE178} - \MediaPlayerEnhance-chromeinstaller -> Keine Datei <==== ACHTUNG
Task: {D9E7D8F2-A3D2-4CCF-A63C-DFB19020869B} - \HQ-Video-Profession-1.3-updater -> Keine Datei <==== ACHTUNG
Task: {E4C899FF-E8F7-4AF1-A6A7-A04010BC08CB} - \MediaPlayerEnhance-updater -> Keine Datei <==== ACHTUNG
C:\Program Files (x86)\Uniblue
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AA8714C4-294D-47FB-BCE0-BC12445CFBD4}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3}
DeleteKey: HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Trolltech
RemoveProxy:
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.






Schritt 3
Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.








Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei desSecurityCheck,
  • die Logdatei von FSS,
  • die beiden neuen Logdateien von FRST.

Alt 17.11.2015, 16:46   #24
nora.s
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Hallo!

Ausversehen habe ich FRST beim Entfernen-Durchlauf nicht als Administrator gestartet. Habe dann einen zweiten Durchlauf gemacht, allerdings hat das Programm keine neue Fixlog gespeichert..

Hier schon mal die Dateien von Security Ceck und die Fixlog:

Code:
ATTFilter
 Results of screen317's Security Check version 1.009  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 9  
 Java version 32-bit out of Date! 
 Adobe Flash Player 19.0.0.245  
 Adobe Reader XI  
 Mozilla Firefox (42.0) 
 Mozilla Thunderbird 31.7.0 Thunderbird out of Date!  
 Google Chrome (46.0.2490.80) 
 Google Chrome (46.0.2490.86) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-11-2015
durchgeführt von Notebook (2015-11-17 16:05:31) Run:3
Gestartet von E:\
Geladene Profile: Notebook & Nora (Verfügbare Profile: Notebook & Nora & Uwelchen)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKLM-x32\...\runonceex: [Flags] => 8
Task: {0193F86E-DCBA-4717-984F-AAED2657012C} - System32\Tasks\{58CA7212-3668-4514-BF70-A38EF0598722} => pcalua.exe -a F:\Install.exe -d F:\
Task: {06839B91-58C1-43B2-AE96-615A676350F7} - System32\Tasks\{561E282B-989B-43CF-9923-7E78F5100D85} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {1AE35477-E386-4ED0-B716-C799EEAF3CB7} - System32\Tasks\{3C4A0741-2782-49C1-B191-6DD27182317B} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {2619407E-888E-4EDB-9CE9-7900016E616C} - \HQ-Video-Profession-1.3-firefoxinstaller -> Keine Datei <==== ACHTUNG
Task: {424B4465-B5BC-419C-AFE9-BDA0BE1CD8ED} - \HQ-Video-Profession-1.3-codedownloader -> Keine Datei <==== ACHTUNG
Task: {4481CAAD-E5FF-4DBC-B33A-485DD1E033AB} - \HQ-Video-Profession-1.3-enabler -> Keine Datei <==== ACHTUNG
Task: {66168DDB-F850-4953-8BBA-6CDDE814EDB1} - \HQ-Video-Profession-1.3-chromeinstaller -> Keine Datei <==== ACHTUNG
Task: {72CCA424-D111-4F99-AFF8-A5D8C3352C89} - \MediaPlayerEnhance-enabler -> Keine Datei <==== ACHTUNG
Task: {73634F6A-9129-42B3-81CF-310EE8F0857A} - \MediaPlayerEnhance-codedownloader -> Keine Datei <==== ACHTUNG
Task: {79CEC219-88D1-49B9-9BFB-F6AABB262CC6} - \MediaPlayerEnhance-firefoxinstaller -> Keine Datei <==== ACHTUNG
Task: {8841015E-BB01-4BB5-B20E-F48C76D70890} - System32\Tasks\{941C066D-C974-4F3B-8FB9-C313C1B1E452} => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ACHTUNG
Task: {B432F1D6-FBFA-4641-836A-6D21416BE178} - \MediaPlayerEnhance-chromeinstaller -> Keine Datei <==== ACHTUNG
Task: {D9E7D8F2-A3D2-4CCF-A63C-DFB19020869B} - \HQ-Video-Profession-1.3-updater -> Keine Datei <==== ACHTUNG
Task: {E4C899FF-E8F7-4AF1-A6A7-A04010BC08CB} - \MediaPlayerEnhance-updater -> Keine Datei <==== ACHTUNG
C:\Program Files (x86)\Uniblue
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AA8714C4-294D-47FB-BCE0-BC12445CFBD4}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3}
DeleteKey: HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Trolltech
RemoveProxy:
EmptyTemp:
end
*****************

Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\runonceex\\Flags => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0193F86E-DCBA-4717-984F-AAED2657012C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0193F86E-DCBA-4717-984F-AAED2657012C}" => Schlüssel erfolgreich entfernt
C:\windows\System32\Tasks\{58CA7212-3668-4514-BF70-A38EF0598722} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{58CA7212-3668-4514-BF70-A38EF0598722}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06839B91-58C1-43B2-AE96-615A676350F7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06839B91-58C1-43B2-AE96-615A676350F7}" => Schlüssel erfolgreich entfernt
C:\windows\System32\Tasks\{561E282B-989B-43CF-9923-7E78F5100D85} => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{561E282B-989B-43CF-9923-7E78F5100D85}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AE35477-E386-4ED0-B716-C799EEAF3CB7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AE35477-E386-4ED0-B716-C799EEAF3CB7}" => Schlüssel erfolgreich entfernt
C:\windows\System32\Tasks\{3C4A0741-2782-49C1-B191-6DD27182317B} => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3C4A0741-2782-49C1-B191-6DD27182317B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2619407E-888E-4EDB-9CE9-7900016E616C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2619407E-888E-4EDB-9CE9-7900016E616C}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Profession-1.3-firefoxinstaller => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{424B4465-B5BC-419C-AFE9-BDA0BE1CD8ED}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{424B4465-B5BC-419C-AFE9-BDA0BE1CD8ED}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Profession-1.3-codedownloader => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4481CAAD-E5FF-4DBC-B33A-485DD1E033AB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4481CAAD-E5FF-4DBC-B33A-485DD1E033AB}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Profession-1.3-enabler => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{66168DDB-F850-4953-8BBA-6CDDE814EDB1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66168DDB-F850-4953-8BBA-6CDDE814EDB1}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Profession-1.3-chromeinstaller => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{72CCA424-D111-4F99-AFF8-A5D8C3352C89}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72CCA424-D111-4F99-AFF8-A5D8C3352C89}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-enabler => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73634F6A-9129-42B3-81CF-310EE8F0857A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73634F6A-9129-42B3-81CF-310EE8F0857A}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-codedownloader => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79CEC219-88D1-49B9-9BFB-F6AABB262CC6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79CEC219-88D1-49B9-9BFB-F6AABB262CC6}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-firefoxinstaller => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8841015E-BB01-4BB5-B20E-F48C76D70890}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8841015E-BB01-4BB5-B20E-F48C76D70890}" => Schlüssel erfolgreich entfernt
C:\windows\System32\Tasks\{941C066D-C974-4F3B-8FB9-C313C1B1E452} => nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{941C066D-C974-4F3B-8FB9-C313C1B1E452}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B432F1D6-FBFA-4641-836A-6D21416BE178}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B432F1D6-FBFA-4641-836A-6D21416BE178}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-chromeinstaller => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9E7D8F2-A3D2-4CCF-A63C-DFB19020869B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9E7D8F2-A3D2-4CCF-A63C-DFB19020869B}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HQ-Video-Profession-1.3-updater => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4C899FF-E8F7-4AF1-A6A7-A04010BC08CB}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4C899FF-E8F7-4AF1-A6A7-A04010BC08CB}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MediaPlayerEnhance-updater => Schlüssel nicht gefunden. 
"C:\Program Files (x86)\Uniblue" => nicht gefunden.
HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{34A117AD-7F43-4859-BF97-ADC46488953F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{5A06A37E-F036-42EC-9D51-E738FACBFEB5} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{7007FA4C-E372-4485-ADFA-213B9E38D87F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{7AE769DF-F151-4541-B820-031726E76E06} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{8684A596-308C-4872-ACA7-FF6093BBEEF7} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{934063FB-A81D-4849-B02C-478446DF3219} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{993161E3-CF87-46CF-A702-3FD05D3DEDDD} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{9DFFAA5F-44C6-4FF2-80EE-76368D0A2E75} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{AA8714C4-294D-47FB-BCE0-BC12445CFBD4} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{AA8714C4-294D-47FB-BCE0-BC12445CFBD4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{B34A6A15-1F6F-4A19-A9DD-8B44C874A20B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{C242AC08-2AE7-46A5-A62D-E7F1B9BE489C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{F3EC3AFF-8FD8-4253-ABA2-F2ABE0A5524A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{F85503FF-ED21-4493-9A4A-B6765EB45D94} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3} => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKLM\SOFTWARE\Classes\Interface\{FEEAF56C-C91B-4D1C-9FC8-BAFD85F5F2B3} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Trolltech => konnte nicht entfernt werden im ersten Versuch (ErrorCode: C0000121), siehe nächste Zeile.
HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Trolltech => Schlüssel erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========

EmptyTemp: => 176.7 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 16:05:48 ====
         
Code:
ATTFilter
Farbar Service Scanner Version: 26-07-2015
Ran by Notebook (administrator) on 17-11-2015 at 16:34:30
Running from "C:\Users\Nora\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-11-2015
durchgeführt von Notebook (2015-11-17 16:37:01)
Gestartet von E:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-30 13:16:26)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1146881843-1855949487-4122649668-500 - Administrator - Disabled)
Gast (S-1-5-21-1146881843-1855949487-4122649668-501 - Limited - Disabled)
Nora (S-1-5-21-1146881843-1855949487-4122649668-1001 - Limited - Enabled) => C:\Users\Nora
Notebook (S-1-5-21-1146881843-1855949487-4122649668-1000 - Administrator - Enabled) => C:\Users\Notebook
Uwelchen (S-1-5-21-1146881843-1855949487-4122649668-1003 - Limited - Enabled) => C:\Users\Uwelchen

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Benutzerhandbuch (x32 Version: 1.0.0.6 - Lenovo) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CBR (HKLM\...\{A8305DB2-3F6A-43CF-8CE3-EFD3D0F1C352}) (Version: 0.7 - G.Waser)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Free DWG Viewer 7.3 (HKLM-x32\...\{16CF668C-104D-479F-88A9-739137AEF3AD}) (Version: 7.3.0.176 - IGC)
GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.6.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\{73187774-F274-39D6-80A4-33778B3CBBD4}) (Version: 65.51.16478 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät (HKLM\...\{CED47C99-8892-4956-BCA7-CC3123531371}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Hilfe (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lexmark S410 Series Deinstallationsprogamm (HKLM\...\Lexmark S410 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten (HKLM\...\{28F4BC72-75AE-47DD-B5B3-2A027BCA48A7}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
Verbindungsassistent (HKLM-x32\...\Verbindungsassistent) (Version: 2.1 - Verbindungsassistent)
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

08-11-2015 20:31:36 Windows-Sicherung
09-11-2015 22:00:44 Windows Update
11-11-2015 12:41:21 Windows Update
11-11-2015 17:21:37 Windows Update
11-11-2015 18:40:28 Windows Update
12-11-2015 14:53:27 Windows Update
14-11-2015 18:12:10 JRT Pre-Junkware Removal
14-11-2015 21:37:48 JRT Pre-Junkware Removal
14-11-2015 21:43:11 JRT Pre-Junkware Removal
15-11-2015 14:12:24 zoek.exe restore point
15-11-2015 14:34:41 Prüfpunkt von HitmanPro
16-11-2015 13:01:01 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-11-15 14:12 - 00000841 ____A C:\windows\system32\Drivers\etc\hosts

 127.0.0.1       localhost 
::1             localhost 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {05871FC2-EF84-4424-BD51-9E9784F25D1F} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HpWebReg.exe
Task: {1AA4CBE5-A1A1-4E11-96FF-D3DA11C5C67F} - System32\Tasks\{6E897720-0C00-426B-82A9-06A27072CBE8} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-11-05] (Mozilla Corporation)
Task: {1C4D16D4-59A3-4E90-8322-C42381835A6B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {39607F30-B624-48CA-8B74-B64E766204B9} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {53FB169C-39A0-4725-8274-49E0E8AE700F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {54BAB1DA-AAD2-480D-A51B-2789094B968F} - System32\Tasks\{B33CE333-4158-42C2-A582-ACC2CD8B4AB7} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-11-05] (Mozilla Corporation)
Task: {5A749EF4-BEEB-41AB-BB09-09E906F144D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {73FCE9BB-49FA-4071-AD14-1CAD5E829A43} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {7F31B36B-C59C-422E-B4AF-24CFC4B301C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {8D3ECFEB-ECC6-43C7-9FD1-6167CEBE303A} - System32\Tasks\{DD783E30-083B-47F0-BD39-C0DDA32A49E5} => pcalua.exe -a "C:\Program Files (x86)\Verbindungsassistent\Uninstaller.exe"
Task: {A1EB24AA-BBC1-4663-B6AE-C8687A2FDA4F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {C701C00E-FF7B-424B-983A-3386728205B3} - System32\Tasks\{3D5593A9-5F78-4469-B743-0BD6634616C8} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [2015-11-05] (Mozilla Corporation)
Task: {DBCE4CED-3DB9-46B7-A285-39BCC483CD7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2012-05-23 12:03 - 2012-05-23 12:03 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-05-23 12:03 - 2012-05-23 12:03 - 00628064 _____ () C:\windows\system32\SimpleExt.dll
2008-12-20 04:20 - 2012-05-23 12:15 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2012-05-23 12:15 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-05-23 11:36 - 2011-03-25 10:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-23 17:07 - 2009-03-03 11:45 - 00296400 ____N () C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-05-23 12:03 - 2012-05-23 12:03 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-10-16 21:04 - 2014-10-16 21:04 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\17c296575fad30d021e6370dc70cf800\IsdiInterop.ni.dll
2012-05-23 11:35 - 2011-02-18 09:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{C06D5DF8-3461-4042-8F52-7EBCDE9FE5EB}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{A01CE26B-13D2-49C9-A92D-9B7D46120EAD}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{23CFB686-0B7E-4480-A9A3-CB0C2F765BAA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{85C74DA7-449E-44C7-8E4E-1F4912152D42}] => (Allow) LPort=2869
FirewallRules: [{877B58CB-8D65-442A-8AF5-5FA372C19F10}] => (Allow) LPort=1900
FirewallRules: [{8D40A53C-4335-417B-9C4A-CB4692B6701D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{17F942C8-12AD-4AA5-9463-4D84ED86C64F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{494CA055-1977-42EC-B8BF-AE2174875BDB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{7FB6858F-ED36-454A-8F9F-DF9A80AA76BF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{58AE4ECC-80E0-4F0D-BDC7-2CC30B8636BE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{5C3FAB83-0355-4B03-8DC1-B8E0A07D7802}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{0C353832-0069-4E0E-9DC5-C406A89ED5BF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3FD3DA4-E429-4DDB-8AF6-37BB69E5EC76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DB0BA175-6DF7-49FB-BC0E-EB66246A1ACB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD7CBA5A-1320-4B8A-86ED-D18730A7E38D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6DCD0473-2BF8-47E3-9577-F22D90E33E6C}] => (Allow) C:\Program Files (x86)\Lexmark\PSU\lmpsu.exe
FirewallRules: [{1848B09C-A7F2-4E06-84AF-903D2D0CFCF1}] => (Allow) C:\Program Files (x86)\Lexmark\PSU\lmpsu.exe
FirewallRules: [{600BE599-5822-48F3-B869-82DC5C62233C}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{795730CF-A64E-4915-8384-9C4A4D8606B1}] => (Allow) C:\Users\Notebook\AppData\Local\Temp\7zS0049\HPDiagnosticCoreUI.exe
FirewallRules: [{96963478-4C91-4FAA-A42F-C0519527DA88}] => (Allow) C:\Users\Notebook\AppData\Local\Temp\7zS0049\HPDiagnosticCoreUI.exe
FirewallRules: [{66F54DF8-0774-4E55-800F-073B4E8BB050}] => (Allow) C:\Users\Notebook\AppData\Local\Temp\7zS5C88\HPDiagnosticCoreUI.exe
FirewallRules: [{58ED8715-7D7E-4764-A2F4-1DC940D46FB9}] => (Allow) C:\Users\Notebook\AppData\Local\Temp\7zS5C88\HPDiagnosticCoreUI.exe
FirewallRules: [{2CF02080-21D3-4222-81D1-30FAE88FA2F6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E2CA7EE2-6A42-4951-B9E5-9C5E1FF1376A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A7998D86-49F1-4F44-886A-7F2D4CAE5C0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5488F4E7-619C-40F9-867A-5BE99F507EB9}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4429A93B-8E63-407C-9B8A-3187FFC606B1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0F6DDD45-F3D6-43D5-B986-E7E4425ED8D6}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{6A2A115F-CFA8-4679-9084-9FDE758DE08E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{364D57E1-9EF3-4CC4-AA8F-B0113BACBDBD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DCD7E537-A65D-45B1-A414-9576213BC1E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{193C3EDE-369F-49A2-A07D-C92D79A23A67}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/16/2015 08:34:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 448: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (11/16/2015 08:34:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (11/15/2015 08:17:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16068

Error: (11/15/2015 08:17:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16068

Error: (11/15/2015 08:17:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/15/2015 07:00:19 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Alle in der Sicherung enthaltenen Laufwerke wurden ausgelassen. Vergewissern Sie sich, dass die Laufwerke angeschlossen und funktionsfähig sind. (0x810000FF)"

Error: (11/15/2015 06:41:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/15/2015 06:07:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/15/2015 06:07:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/15/2015 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15741


Systemfehler:
=============
Error: (11/17/2015 04:06:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%3

Error: (11/17/2015 04:06:01 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (11/17/2015 04:05:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/17/2015 04:05:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/17/2015 04:05:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/17/2015 04:05:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/17/2015 04:05:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/17/2015 04:05:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/17/2015 04:05:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/17/2015 04:05:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-11-13 16:37:33.753
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-11-13 16:37:33.675
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8135.86 MB
Verfügbarer physikalischer RAM: 5931.16 MB
Summe virtueller Speicher: 16269.93 MB
Verfügbarer virtueller Speicher: 14007.93 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:254.14 GB) (Free:173.18 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.82 GB) NTFS
Drive e: () (Removable) (Total:7.37 GB) (Free:4.51 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 68E1532F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0B)

==================== Ende von Addition.txt ============================
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-11-2015
durchgeführt von Notebook (Administrator) auf NOTEBOOK-PC (17-11-2015 16:36:27)
Gestartet von E:\
Geladene Profile: Notebook & Nora (Verfügbare Profile: Notebook & Nora & Uwelchen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-05-23] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-05-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-05-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-23] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C10].txt
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\...\MountPoints2: {72c6dce6-520b-11e3-9d67-446d57e77fa7} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-05-23] ()
Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-11-12]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013-12-06]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0434AB00-3F7C-4291-91FB-BFB1A7FBC4E6}: [DhcpNameServer] 10.63.210.254
Tcpip\..\Interfaces\{0EA6BB07-2FF3-4059-B5F3-5A19971BFC92}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1146881843-1855949487-4122649668-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE506
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1146881843-1855949487-4122649668-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-21] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-21] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)

FireFox:
========
FF ProfilePath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\windows\system32\npDeployJava1.dll [2012-10-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-10-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTGService; C:\Program Files (x86)\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U3 BcmSqlStartupSvc; kein ImagePath
U2 CLKMSVC10_3A60B698; kein ImagePath
U2 CLKMSVC10_C3B3B687; kein ImagePath
U2 DriverService; kein ImagePath
U2 iATAgentService; kein ImagePath
U2 idealife Update Service; kein ImagePath
U3 IGRS; kein ImagePath
U2 IviRegMgr; kein ImagePath
U2 nvUpdatusService; kein ImagePath
U2 Oasis2Service; kein ImagePath
U2 PCCarerService; kein ImagePath
U2 ReadyComm.DirectRouter; kein ImagePath
U2 RichVideo; kein ImagePath
U2 RtLedService; kein ImagePath
U2 SoftwareService; kein ImagePath
U3 SQLWriter; kein ImagePath
U2 Stereo Service; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-17 16:34 - 2015-11-17 16:34 - 00002750 _____ C:\Users\Nora\Desktop\FSS.txt
2015-11-17 16:26 - 2015-11-17 16:26 - 00001219 _____ C:\Users\Notebook\Desktop\checkup.txt
2015-11-17 15:45 - 2015-11-17 15:45 - 00899072 _____ (Farbar) C:\Users\Nora\Desktop\FSS.exe
2015-11-17 15:45 - 2015-11-17 15:45 - 00852720 _____ C:\Users\Nora\Desktop\SecurityCheck.exe
2015-11-16 17:27 - 2015-11-16 17:27 - 00008286 _____ C:\Users\Notebook\Desktop\HitmanPro_20151116_1727.log
2015-11-16 17:17 - 2015-11-16 17:17 - 11337112 _____ (SurfRight B.V.) C:\Users\Nora\Desktop\HitmanPro_x64.exe
2015-11-16 12:46 - 2015-11-16 12:46 - 00003408 ____N C:\bootsqm.dat
2015-11-15 18:10 - 2015-11-17 16:36 - 00040917 _____ C:\FaceProv.log
2015-11-15 14:34 - 2015-11-15 14:34 - 00008288 _____ C:\Users\Notebook\Desktop\HitmanPro_20151115_1434.log
2015-11-15 14:34 - 2015-11-15 14:34 - 00007386 _____ C:\Users\Notebook\Desktop\HitmanPro_20151115_1433.xml
2015-11-15 14:33 - 2015-11-15 14:33 - 00008288 _____ C:\Users\Notebook\Desktop\HitmanPro_20151115_1433.log
2015-11-15 14:20 - 2015-11-15 14:35 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-15 14:15 - 2015-11-15 14:15 - 23664130 _____ C:\windows\repository.backup
2015-11-15 14:15 - 2015-11-15 14:11 - 00024064 _____ C:\windows\zoek-delete.exe
2015-11-15 14:11 - 2015-11-15 14:11 - 00000000 ____D C:\zoek_backup
2015-11-15 14:09 - 2015-11-16 17:22 - 00000000 ____D C:\Users\Nora\Desktop\TxtDokumente
2015-11-15 14:00 - 2015-11-15 14:00 - 01309184 _____ C:\Users\Nora\Desktop\zoek.exe
2015-11-14 21:46 - 2015-11-14 21:46 - 00001074 _____ C:\Users\Notebook\Desktop\JRT.txt
2015-11-14 21:43 - 2015-10-05 23:26 - 01801288 _____ (Malwarebytes) C:\Users\Notebook\Desktop\JRT.exe
2015-11-14 17:38 - 2015-11-14 17:39 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-14 17:38 - 2015-11-14 17:38 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-14 17:38 - 2015-11-14 17:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-14 17:38 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-11-14 17:38 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-11-14 17:38 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-11-14 17:25 - 2015-11-14 17:25 - 01798976 _____ (Malwarebytes) C:\Users\Nora\Desktop\JRT.exe
2015-11-14 17:24 - 2015-11-14 17:25 - 22908888 _____ (Malwarebytes ) C:\Users\Nora\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-14 17:18 - 2015-11-14 17:18 - 01729536 _____ C:\Users\Nora\Desktop\AdwCleaner_5.020.exe
2015-11-13 16:28 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2015-11-13 16:28 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2015-11-13 16:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2015-11-13 16:28 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2015-11-13 16:21 - 2015-11-13 16:22 - 00000000 ____D C:\Qoobox
2015-11-13 16:20 - 2015-11-13 16:38 - 00000000 ____D C:\windows\erdnt
2015-11-12 16:58 - 2015-11-12 16:58 - 00059877 _____ C:\Users\Notebook\Desktop\FRST.txt
2015-11-12 16:43 - 2015-11-12 16:43 - 00000000 ____D C:\Users\Notebook\AppData\Local\GWX
2015-11-12 12:28 - 2015-11-12 12:28 - 00000000 ____D C:\Users\Nora\Documents\OneNote-Notizbücher
2015-11-12 12:20 - 2015-11-12 12:21 - 00004120 _____ C:\Users\Notebook\Desktop\gmertxt.log
2015-11-12 12:06 - 2015-11-12 12:06 - 00280320 _____ C:\windows\Minidump\111215-26395-01.dmp
2015-11-12 11:18 - 2015-11-17 16:36 - 00000000 ____D C:\FRST
2015-11-12 11:17 - 2015-11-12 11:17 - 00000000 _____ C:\Users\Notebook\defogger_reenable
2015-11-12 10:52 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 17:49 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-11 17:49 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-11 17:49 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-11 17:49 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-11 17:49 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-11 17:49 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-11 17:49 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-11 17:49 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-11 17:49 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-11 17:49 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-11 17:49 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-11 17:49 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-11 17:49 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-11 17:49 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-11 17:49 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-11 17:49 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-11 17:49 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-11 17:49 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-11 17:49 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-11 17:49 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-11 17:49 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 17:49 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-11 17:49 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-11 17:49 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-11 17:49 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-11 17:49 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-11 17:49 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-11 17:49 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-11 17:49 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-11 17:49 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-11 17:49 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-11 17:49 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-11 17:49 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-11 17:49 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-11 17:49 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-11 17:49 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-11 17:49 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-11 17:49 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-11 17:49 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-11 17:49 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-11 17:49 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-11 17:49 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-11 17:49 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-11 17:49 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 17:49 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-11 17:49 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-11 17:49 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-11 17:49 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-11 17:49 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-11 17:49 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-11 17:49 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-11 17:49 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-11 17:49 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-11 17:49 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-11 17:49 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-11 17:49 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-11 17:49 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-11 17:49 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-11 17:49 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-11 17:49 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-11 17:49 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-11 17:49 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-11 17:49 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-11 17:49 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-11 17:49 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-11 17:49 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-11 17:49 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-11 17:49 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-11 17:49 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-11 17:49 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-11 17:49 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-11 17:48 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-11 17:48 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-11 17:48 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-11 17:48 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-11 17:48 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-11 17:48 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-11 17:48 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-11 17:48 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-11 17:48 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-11 17:48 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-11 17:48 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-11 17:48 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-11 17:48 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-11 17:48 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-11 17:48 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-11 17:48 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-11 17:48 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-11 17:48 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-11 17:48 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-11 17:48 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-11 17:48 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-11 17:48 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-11 17:48 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-11 17:48 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-11 17:48 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-11 17:48 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-11 17:48 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-11 17:48 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-11 17:48 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-11 17:48 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-11 17:48 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-11 17:48 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 17:48 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 17:48 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-11 17:48 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-11 17:48 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-11 17:46 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-11 17:46 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-11-11 17:46 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-11 17:45 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 17:45 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 17:40 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-11 17:40 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-11 17:40 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-11 17:40 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-11 17:40 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-11 17:40 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-11 17:40 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-11 17:39 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-10 15:06 - 2015-11-10 15:06 - 00280320 _____ C:\windows\Minidump\111015-24726-01.dmp
2015-11-07 19:23 - 2015-11-07 19:23 - 00280320 _____ C:\windows\Minidump\110715-27315-01.dmp
2015-11-06 21:49 - 2015-11-07 17:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-05 09:25 - 2015-11-05 09:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-17 16:16 - 2009-07-14 05:45 - 00028704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-17 16:16 - 2009-07-14 05:45 - 00028704 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-17 16:15 - 2012-05-23 02:58 - 00699440 _____ C:\windows\system32\perfh007.dat
2015-11-17 16:15 - 2012-05-23 02:58 - 00149548 _____ C:\windows\system32\perfc007.dat
2015-11-17 16:15 - 2009-07-14 06:13 - 01619700 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-17 16:14 - 2012-05-23 11:17 - 01905484 _____ C:\windows\WindowsUpdate.log
2015-11-17 16:07 - 2014-02-23 22:07 - 00111090 _____ C:\windows\setupact.log
2015-11-17 16:07 - 2012-10-24 14:24 - 00065536 _____ C:\windows\system32\Ikeext.etl
2015-11-17 16:07 - 2012-05-23 12:12 - 00154437 _____ C:\windows\system32\fastboot.set
2015-11-17 16:07 - 2012-05-23 12:11 - 00001106 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-17 16:07 - 2012-05-23 12:03 - 00000000 ____D C:\ProgramData\VeriFace
2015-11-17 16:07 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-17 16:06 - 2012-05-23 12:11 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-17 15:42 - 2012-10-21 11:18 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-11-17 15:33 - 2009-07-14 04:20 - 00000000 ____D C:\windows\tracing
2015-11-16 20:33 - 2014-03-19 12:38 - 42579609 _____ C:\windows\system32\PsBoot.log
2015-11-16 20:33 - 2014-03-19 12:38 - 00000000 _____ C:\windows\system32\defragLog.log
2015-11-15 19:00 - 2014-10-07 20:27 - 00000000 ____D C:\Users\Uwelchen
2015-11-15 14:41 - 2012-08-30 14:16 - 00000000 ____D C:\Users\Notebook
2015-11-15 14:17 - 2014-02-23 22:06 - 00155978 _____ C:\windows\PFRO.log
2015-11-15 13:32 - 2014-03-19 13:39 - 00000000 ____D C:\AdwCleaner
2015-11-15 12:26 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2015-11-14 18:04 - 2009-07-14 06:32 - 00000000 ____D C:\windows\addins
2015-11-14 17:30 - 2013-12-18 12:54 - 00000000 ____D C:\Users\Nora
2015-11-14 14:47 - 2015-03-17 11:18 - 00000000 ____D C:\Users\Nora\Desktop\Uwe
2015-11-13 16:37 - 2014-06-14 21:18 - 00000000 ____D C:\Users\Notebook\AppData\Local\Adobe
2015-11-13 09:03 - 2009-07-14 06:08 - 00032632 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-11-12 16:39 - 2009-07-14 05:45 - 00337808 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-12 12:06 - 2014-07-24 11:21 - 00000000 ____D C:\windows\Minidump
2015-11-12 12:06 - 2014-07-24 11:20 - 1018855042 _____ C:\windows\MEMORY.DMP
2015-11-11 18:49 - 2012-10-21 17:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 18:42 - 2012-10-21 11:18 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 18:42 - 2012-10-21 11:18 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 18:42 - 2012-10-21 11:18 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 18:41 - 2011-09-29 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 17:32 - 2014-02-26 12:38 - 01593980 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-07 17:43 - 2012-10-21 11:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-30 06:22 - 2015-07-10 18:40 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-18 10:35 - 2014-01-31 14:51 - 00000000 ____D C:\Users\Nora\Desktop\Uni Praktikum

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-04-05 17:01 - 2013-04-05 17:01 - 0002528 _____ () C:\Users\Notebook\AppData\Roaming\$_hpcst$.hpc
2014-01-29 13:34 - 2014-01-29 13:34 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-15 12:19

==================== Ende von FRST.txt ============================
         
Konntest du eigentlich feststellen woher ich mir den/die Viren eingefangen habe? Waren das denn Trojaner?
Bis hierhin schon mal vielen, vielen Dank für die Hilfe!!
Grüße Nora

Alt 18.11.2015, 14:56   #25
M-K-D-B
/// TB-Ausbilder
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Zitat:
Zitat von nora.s Beitrag anzeigen
Konntest du eigentlich feststellen woher ich mir den/die Viren eingefangen habe? Waren das denn Trojaner?
Kein Trojaner, nur Adware.







Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.


Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 
 



Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.



Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .



Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 19.11.2015, 11:47   #26
nora.s
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Hallo!
Habe delfix gestartet, als es fertig war und die Logdatei aufgegangen ist, haben sich meine Desktopeinstellungen komplett verändert. Die meisten Dateien waren verschwunden und das Hintergrundbild war viel größer. Habe dann bei der Nachfrage, ob ich möchte dass das Programm die PC-Einstellungen ändert auf "Nein" geklickt. Jetzt ist alles so wie vorher. Soll ich das Programm noch einmal durchlaufen lassen?

Grüße Nora

Combofix kann ich auch nicht wie vorgegeben löschen. Während des Checks war der PC doch abgestürzt und ich habe das Programm im gesicherten Modus entfernt. Im Papierkorb ist es allerdings zu finden (nur wenn ich in das "Ausführen" Fenster den Text kopiere, kommt die Rückmeldung das Programm wäre nicht zu finden). Soll ich es jetzt dabei belassen?

Alt 19.11.2015, 19:38   #27
M-K-D-B
/// TB-Ausbilder
 
Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Standard

Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert



Servus,

Delfix löscht ComboFix eigentlich mit, sonst per Hand löschen.


Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert
avira, computer, cpu, desktop, device driver, dnsapi.dll, downloader, exe, firefox, flash player, google analytics, helper, home, installation, internet, internet explorer, logfile, prozesse, registry, rojaner gefunden, scan, security, server, software, tcp, trojaner, trojaner gefunden tr/ad.gamarue.y.1144, udp, usb, zugriff verweigert




Ähnliche Themen: Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert


  1. Telekom Abuse E-Mail Rechner mit Virus/Trojaner infiziert
    Log-Analyse und Auswertung - 10.02.2015 (9)
  2. Mit BKA Trojaner auf Windows XP Rechner infiziert
    Log-Analyse und Auswertung - 21.04.2014 (11)
  3. Hallo, ich habe mein rechner mit dem GVU Trojaner infiziert.
    Log-Analyse und Auswertung - 09.09.2013 (1)
  4. Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc.
    Log-Analyse und Auswertung - 16.04.2013 (19)
  5. unter anderem TR/Agent.249856.76 - angebliche Mahnung im Mailanhang infiziert Rechner mit Trojaner
    Log-Analyse und Auswertung - 14.03.2013 (11)
  6. GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (42)
  7. Rechner vom GVU-Trojaner infiziert --- OTL-Logs erstellt
    Log-Analyse und Auswertung - 30.09.2012 (13)
  8. GVU Trojaner mit webcam infiziert rechner
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  9. Rechner mit Verschlüsselungs Trojaner infiziert
    Log-Analyse und Auswertung - 07.05.2012 (17)
  10. Rechner infiziert mit Win32Spy.Zbot Trojaner
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (19)
  11. Rechner infiziert mit Win32Spy.Zbot Trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (11)
  12. Rechner mit Trojaner infiziert, ua. boot -und Browserprobleme
    Log-Analyse und Auswertung - 11.08.2011 (3)
  13. Win32.Backdoor.Papras/A - Rechner infiziert; werde Trojaner nicht los
    Plagegeister aller Art und deren Bekämpfung - 08.02.2011 (13)
  14. Warnung von Bank, Rechner mit Trojaner Gozi infiziert
    Plagegeister aller Art und deren Bekämpfung - 08.11.2010 (1)
  15. Ist mein Rechner infiziert? Wie kriege ich die Trojaner weg?
    Log-Analyse und Auswertung - 06.10.2008 (2)
  16. Rechner komplett infiziert - Überall Viren sogutwie alles Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.02.2008 (4)
  17. Trojaner PEED LZ aus Emailanhang!! Rechner infiziert!!
    Log-Analyse und Auswertung - 14.04.2007 (4)

Zum Thema Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert - Sorry, sorry, sorry!!! War doch die richtige Datei. Sie wurde wohl nur vorgestern aktualisiert, aber gestern erstellt... - Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert...

Alle Zeitangaben in WEZ +1. Es ist jetzt 10:32 Uhr.


Copyright ©2000-2024, Trojaner-Board
Archiv
Du betrachtest: Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.