|
Plagegeister aller Art und deren Bekämpfung: komische prozesse,bin ich infiziert?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.11.2015, 08:00 | #16 |
/// the machine /// TB-Ausbilder | komische prozesse,bin ich infiziert? hi, Lade Dir bitte von hier Emsisoft Emergency Kit herunter.
Dann bitte Securitycheck und ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.12.2015, 20:19 | #17 |
| komische prozesse,bin ich infiziert? das mit dem eset online scanner hat letztendlich doch geklappt.
__________________immer wenn ich mein antivirusprogramm aus oder angemacht hatte stand das da mit dem proxy und man soll ja bei den meisten durchläufen anderer scanner seinen eigenen ausmachen hab ich oft hier aufm board gelesen.aber jetzt geht es hier das log von ESET ONLINE SCANNER: der hat ne menge gefunden aber ich habe es wie nach anweisungen nicht gelöscht. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b28d7bbd139d234780efad90e616ffdc # end=init # utc_time=2015-11-29 06:48:20 # local_time=2015-11-29 07:48:20 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=41221 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download Update Init Update Download esets_scanner_update returned -1 esets_gle=37126 Update Finalize Updated modules version: 0 Old modules - leave modules Update Init Update Download Update Finalize Updated modules version: 26961 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b28d7bbd139d234780efad90e616ffdc # end=init # utc_time=2015-12-01 04:00:50 # local_time=2015-12-01 05:00:50 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Init Update Download Update Finalize Updated modules version: 26993 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=b28d7bbd139d234780efad90e616ffdc # end=updated # utc_time=2015-12-01 04:02:11 # local_time=2015-12-01 05:02:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=b28d7bbd139d234780efad90e616ffdc # engine=26993 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-12-01 06:21:27 # local_time=2015-12-01 07:21:27 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Total Security' # compatibility_mode=1301 16777213 100 100 19328 76569317 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 766562 200623937 0 0 # scanned=301203 # found=53 # cleaned=0 # scan_time=8355 sh=C07D98031E67DD7268505B4BE06691D763A2106E ft=1 fh=742ddfee9fbec440 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\orbiter.dll.vir" sh=781F9B92B453B90F3C04D98B5153DD5C6C26F589 ft=1 fh=135374a5b4967ccc vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ORBTR\uninstall.exe.vir" sh=37DEB08B742305BAB8A8E05798FCBA771556706E ft=1 fh=21c540dfc2e5a875 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir" sh=9700187048A8479466E18F5B6B95CACDBF1B62AB ft=1 fh=179a7fa861c6e550 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir" sh=02DFFE5EE4EF257A2861331103261541333DDCF6 ft=1 fh=7d0469bc27cd921e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir" sh=04C5AE62E3017BEA6BCC4913E139D1960795F36A ft=1 fh=d5c1b2b6b3e2248e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir" sh=F90CAEEE0D5E0B451F5F6C88C4C60D412F84A045 ft=1 fh=43c06a0ed803b593 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=66A955F802351879E0A0C2E4319783A42489915E ft=1 fh=b2fd3e4bb3485730 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir" sh=E98AC6C7C3FDC3390142EA56511E0E44E41CFED8 ft=1 fh=e87d4a580b9aa2a1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir" sh=44EAA4BD287B433F801D6D7F94CAD023E08892EB ft=1 fh=a5223dbbb79e8e8c vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir" sh=7BEEE1A9AF0FD2928825C27C8F5DC80C7964E463 ft=1 fh=81f70c050cc323b1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir" sh=514345FB3A38B4D2B4A6A640DC09D08C7F601347 ft=1 fh=ed0f8be816c55ffe vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir" sh=695D6489427FD65F1385ABE0BDEDDFC969A62EED ft=1 fh=c3f65d981c57a698 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir" sh=8ABA26A5BD3BF4A3D292C261C8E46AC73C3C6467 ft=1 fh=8f3c2ab60f72eef7 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir" sh=695D6489427FD65F1385ABE0BDEDDFC969A62EED ft=1 fh=c3f65d981c57a698 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\apppatch\apppatch64\vcldr64.dll.vir" sh=7BEEE1A9AF0FD2928825C27C8F5DC80C7964E463 ft=1 fh=81f70c050cc323b1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\apppatch\nbin\VC32Loader.dll.vir" sh=D759D7F32C72A5FD85277F153B9A4C8C0FC86DF3 ft=1 fh=24e55f804f64f0db vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\msdcsc.exe" sh=90FF476657228CE970F8E91EF6D250BE017FF38A ft=1 fh=06df6553a408fa4d vn="Variante von Win32/Fynloski.AN Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\patch.exe" sh=370A7AC6A446CCF79F014A9F8455D68CB1B2712B ft=1 fh=67a71df257a0a877 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\07d4rn9HC6N6\msdcsc.exe" sh=E8610C93EFFE5E86C6B37D5F2E2E8879C9859978 ft=1 fh=a644cf83dd9d13f9 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\5zlCDYCgbhJo\msdcsc.exe" sh=E2BE9091799BABEF8569F8FA23731BD080C6FB96 ft=1 fh=5002825d6b551cca vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\5ZrWM2e6lxoF\msdcsc.exe" sh=ED164A3FA6CCD50A4707AC3ED0BA7C5A8D37546B ft=1 fh=9ba5721bd1b4c52c vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\7geoTAiS7XP4\msdcsc.exe" sh=256A54F6F485C15ECFDC9CDC1F1E3757FA9FC5F5 ft=1 fh=7163de6d43f3c41c vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\BW35Sql4urrN\msdcsc.exe" sh=115F4FD1AD290BE4F740B7606EDFE89855B79A4E ft=1 fh=38f5cae3bc77f901 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\CMkvyyraHLDp\msdcsc.exe" sh=2ED48E2D2645316E8319B7BBF0AB9003BF1421AF ft=1 fh=fd5c20bdf9121dfa vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\Ec9U9A3Kaa2Q\msdcsc.exe" sh=B358480BE25F9651B8C8F709EB1AAE26238DD5E6 ft=1 fh=67c4bc84d1b4c52c vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\gCZLxvWKBH54\msdcsc.exe" sh=0D720EC5524DD16B5DC983684F1A24BF0A5EFD43 ft=1 fh=d43d257f3a31ba72 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\h90ysJmkKNfd\msdcsc.exe" sh=B2F044EBCDC2E65C4727768DD155E5FCA44AC490 ft=1 fh=e14b36e03a63945a vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\HNga7XGil6um\msdcsc.exe" sh=5079BB38E3E0AF0F4FB415AFD184F527B6049BA9 ft=1 fh=c2ce395cd1b4c52c vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\Kk205nxTrx6b\msdcsc.exe" sh=B673D21D59EB41EE759FE1C2A97C555A89B48338 ft=1 fh=14ba390143f3c41c vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\kWnahzRgTTos\msdcsc.exe" sh=6934EB1FDEE2C7CF4C999C1E9F82F9F60064887E ft=1 fh=5dd6cb02f9121dfa vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\m59kEr2iiiyb\msdcsc.exe" sh=8B142C112C6FE4D520FF856CB402F01BC839C299 ft=1 fh=14149196c5e7a947 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\QGqbXwC3gBY6\msdcsc.exe" sh=8F11862A6BEB73073DF58E70DE46051CEC527D2E ft=1 fh=efaa03d1129762a4 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\uYxZQu03EzCp\msdcsc.exe" sh=D65B2ADCBA61F6E970E6C9C86264AE378EDFCDAE ft=1 fh=54d85052dd9d13f9 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\v32pxS6CWi8u\msdcsc.exe" sh=EC1D67D7534A156E36331C508CA9F04B8D7A4B17 ft=1 fh=2b664d70bc77f901 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\W3MQubUlwSAs\msdcsc.exe" sh=B5268CDD064F31AA62F8E44E6316795E6B8F3128 ft=1 fh=ecab992e069620e7 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\WjPCPhkbtQ0x\msdcsc.exe" sh=9C9D9CF2553869AA1AD538F2B5FA83B3C960266E ft=1 fh=c961baa5f9121dfa vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\WnFUgweAa41Z\msdcsc.exe" sh=D6F0BE6119509A9C900F15FFA26620A34B6D2D4C ft=1 fh=26ea256b43f3c41c vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC\XSPAHTe8MnZr\msdcsc.exe" sh=ED3463A7DB95D4B0A40B18FF7D4C3A198AFE9C87 ft=1 fh=b73262d5706d13f5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17INPJB2\Stub[1].exe" sh=01B394BFD78AC1A88EF00B03878680F68FDD5291 ft=1 fh=80aefb8aa3c56326 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL0OS9O4\OrbiterInstaller[1].exe" sh=FF8D33DEFE4B27AC3B30180601A6D028A4E989C4 ft=1 fh=979390f6f34a7399 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL0OS9O4\Setup[1].exe" sh=A5967330C12E7FD2DF296DE7E86A2947F8898980 ft=1 fh=c7200910b8bbd06a vn="Win32/Bifrose.NTA Trojaner" ac=I fn="C:\Users\admin\AppData\Local\Temp\vmware-admin\VMwareDnD\ec32200c\Customized.exe" sh=AB7382BCFDF494D0327FCCCE9C884592BCC1ADEB ft=1 fh=424d124a20bf820f vn="Variante von Win32/TrojanDownloader.Small.PDS Trojaner" ac=I fn="C:\Users\admin\Desktop\darc400\DarkComet.exe" sh=45EB01150756DF432E25EED44D976442473356DE ft=1 fh=b14fefafa37a8d10 vn="Win32/RiskWare.Crypter.CN Anwendung" ac=I fn="C:\Users\admin\Desktop\darc400\Celesty Binder\Celesty.exe" sh=F0FF3564E71A3B6134DC1D6225E9A9617513FD88 ft=1 fh=e523a9a53a18ad66 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Users\admin\Documents\MSDCSC\msdcsc.exe" sh=FECF02A74175572B5A57C0CB8566473F439364C5 ft=1 fh=c81fe540db406ea2 vn="Variante von Win32/Fynloski.AN Trojaner" ac=I fn="C:\Users\admin\Documents\MSDCSC\5P7ZV4PHNBBZ\msdcsc.exe" sh=10CF48346E97D4E7B5A8AACB3F00BCE0EB963181 ft=1 fh=369157ad226217d8 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Users\admin\Documents\MSDCSC\BRBSqgdKg00y\msdcsc.exe" sh=3E3C04E9360069882C4D0F225E908BE040F3411A ft=1 fh=29eb2f727306b160 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Users\admin\Documents\MSDCSC\knRa5jw1eyde\msdcsc.exe" sh=02684029CEA97FB203287DA94765B0BCFD7E4B24 ft=1 fh=f2041a53226217d8 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Users\admin\Documents\MSDCSC\m7g14RQtCurF\msdcsc.exe" sh=3DAA4C80AAD374460700C78EDF53B21A535C4827 ft=1 fh=70ccb25127106577 vn="Variante von Win32/Fynloski.AN Trojaner" ac=I fn="C:\Users\admin\Documents\MSDCSC\PZ97yuq8L5gZ\msdcsc.exe" sh=985935401F8293F0C9C02269774EE07626C52422 ft=1 fh=096e4d8fa876bb42 vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Users\admin\Documents\MSDCSC\RiyntfT9w2ky\msdcsc.exe" sh=BCEC3A47C1C0CEE7808D5A40F0B3F1DED33B725C ft=1 fh=358b97cf94aa18eb vn="Win32/Fynloski.AA Trojaner" ac=I fn="C:\Users\admin\Documents\MSDCSC\Zu2aa3Wx5kQq\msdcsc.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Fynloski.AA Trojaner" ac=I fn="${Memory}" Code:
ATTFilter Results of screen317's Security Check version 1.013 --- 11/28/15 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Total Security Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 (de-DE) Java 8 Update 66 Java SE Development Kit 8 Update 45 JavaScript Tooling Visual Studio Extensions for Windows Library for JavaScript Adobe Flash Player 19.0.0.245 Mozilla Firefox 38.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Total Security 15.0.2 avp.exe Kaspersky Lab Kaspersky Total Security 15.0.2 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Emsisoft Emergency Kit - Version 10.0 Letztes Update: 08.11.2015 11:32:29 Benutzerkonto: PC\admin Scan-Einstellungen: Scan-Methode: Malware-Scan Objekte: Rootkits, Speicher, Traces, Dateien PUPs-Erkennung: An Archiv-Scan: Aus ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan-Beginn: 01.12.2015 19:56:57 C:\Users\admin\Documents\MSDCSC\knRa5jw1eyde\msdcsc.exe Gefunden: Trojan.Inject.AUZ (B) C:\Users\admin\Documents\MSDCSC\msdcsc.exe Gefunden: Backdoor.Win32.DarkComet (A) Key: HKEY_USERS\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\DC3_FEXEC Gefunden: Trojan.Win32.Dcbot (A) Value: HKEY_USERS\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> MICROUPDATE Gefunden: Trojan.Win32.Dcbot (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A) C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17INPJB2\Stub[1].exe Gefunden: Application.Win32.AdConnect (A) C:\Users\admin\AppData\Local\Temp\HYD806A.tmp.1448244935_permissionsCopy\updates\3.4.5_41372\utorrentie.exe Gefunden: Trojan.Agent.BOQX (B) C:\Users\admin\AppData\Local\Temp\HYDB09D.tmp.1448241736_permissionsCopy\updates\3.4.5_41372\utorrentie.exe Gefunden: Trojan.Agent.BOQX (B) C:\Users\admin\AppData\Local\Temp\vmware-admin\VMwareDnD\ec32200c\Customized.exe Gefunden: Trojan.Generic.8271281 (B) C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe Gefunden: Application.InstallAd (A) C:\Users\admin\Downloads\Neuer Ordner\uTorrentPortable\uTorrentPortable\Data\uTorrent\updates\3.4.5_41372\utorrentie.exe Gefunden: Trojan.Agent.BOQX (B) Gescannt: 84899 Gefunden 11 Scan-Ende: 01.12.2015 20:03:05 Scan-Zeit: 0:06:08 C:\Users\admin\Downloads\Neuer Ordner\uTorrentPortable\uTorrentPortable\Data\uTorrent\updates\3.4.5_41372\utorrentie.exe Quarantäne Trojan.Agent.BOQX (B) C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe Quarantäne Application.InstallAd (A) C:\Users\admin\AppData\Local\Temp\vmware-admin\VMwareDnD\ec32200c\Customized.exe Quarantäne Trojan.Generic.8271281 (B) C:\Users\admin\AppData\Local\Temp\HYDB09D.tmp.1448241736_permissionsCopy\updates\3.4.5_41372\utorrentie.exe Quarantäne Trojan.Agent.BOQX (B) C:\Users\admin\AppData\Local\Temp\HYD806A.tmp.1448244935_permissionsCopy\updates\3.4.5_41372\utorrentie.exe Quarantäne Trojan.Agent.BOQX (B) C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17INPJB2\Stub[1].exe Quarantäne Application.Win32.AdConnect (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantäne Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> MICROUPDATE Quarantäne Trojan.Win32.Dcbot (A) Key: HKEY_USERS\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\DC3_FEXEC Quarantäne Trojan.Win32.Dcbot (A) C:\Users\admin\Documents\MSDCSC\msdcsc.exe Quarantäne Backdoor.Win32.DarkComet (A) Quarantäne 10 Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von admin (Administrator) auf PC (01-12-2015 20:16:06) Gestartet von C:\Users\admin\Desktop Geladene Profile: admin (Verfügbare Profile: admin) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files (x86)\No-IP\ducservice.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] () HKLM-x32\...\Run: [ConsoleApplication5] => C:\ProgramData\ConsoleApplication5\ConsoleApplication5\1.0.0.0\msdcsc.exe [0 2015-11-14] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [113344 2015-11-03] (VMware, Inc.) HKLM-x32\...\RunOnce: [{f255478c-ebfa-426d-a975-4a8d1f9432a4}] => C:\ProgramData\Package Cache\{f255478c-ebfa-426d-a975-4a8d1f9432a4}\vs_langpack.exe [1016624 2015-08-15] (Microsoft Corporation) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2015-05-19] (Nero AG) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-11-02] (Piriform Ltd) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-11-02] (Sandboxie Holdings, LLC) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-09-13] (Disc Soft Ltd) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [MicroUpdate] => C:\Users\admin\Documents\MSDCSC\knRa5jw1eyde\msdcsc.exe HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5F5F453A-D4F4-4706-A6F5-2CA516EBDD64}: [NameServer] 37.221.175.198,95.169.183.219 Tcpip\..\Interfaces\{92F26E54-F45F-436B-AB09-400A4B3518BA}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-560193511-1957534509-1735208640-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation) BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default FF Homepage: www.google.com FF NetworkProxy: "autoconfig_url", "file://C:/Program Files (x86)/ChrisPC Anonymous Proxy Pro/chrispc_proxy_fox.pac" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-07] () FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-07] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-07] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-07] [ist nicht signiert] FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-07] [ist nicht signiert] FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2015-07-21] (Microsoft Corporation) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-09-13] (Disc Soft Ltd) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2015-07-21] (Microsoft Corporation) [Datei ist nicht signiert] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1873616 2015-10-12] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-10-12] () R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [850128 2015-10-12] () S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2015-05-19] (Nero AG) R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [Datei ist nicht signiert] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2015-05-19] (Prolific Technology Inc.) [Datei ist nicht signiert] R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-11-02] (Sandboxie Holdings, LLC) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2015-07-21] (Microsoft Corporation) [Datei ist nicht signiert] R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12731584 2015-11-03] () S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2015-07-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-13] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-12-01] (Emsisoft GmbH) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831672 2015-11-07] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-11-07] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-07-29] (NVIDIA Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-09-13] (Duplex Secure Ltd.) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (Anchorfree Inc.) R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-11-03] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.) S3 athr; system32\DRIVERS\athrx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-01 20:16 - 2015-12-01 20:16 - 00020448 _____ C:\Users\admin\Desktop\FRST.txt 2015-12-01 20:15 - 2015-12-01 20:15 - 02350080 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2015-12-01 20:15 - 2015-12-01 20:15 - 00000000 ____D C:\Users\admin\Desktop\FRST-OlderVersion 2015-12-01 20:04 - 2015-12-01 20:04 - 00000000 ____D C:\Windows\SysWOW64\Hotspot Shield 2015-12-01 19:53 - 2015-12-01 19:53 - 00000743 _____ C:\Users\admin\Desktop\Start Emsisoft Emergency Kit.lnk 2015-12-01 19:50 - 2015-12-01 19:52 - 170315328 _____ C:\Users\admin\Desktop\EmsisoftEmergencyKit.exe 2015-11-30 01:46 - 2015-11-30 01:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC 2015-11-29 22:54 - 2015-11-29 23:45 - 00000000 ____D C:\Users\admin\.zenmap 2015-11-29 22:54 - 2015-11-29 22:54 - 00000963 _____ C:\Users\admin\Desktop\Nmap - Zenmap GUI.lnk 2015-11-29 22:54 - 2015-11-29 22:54 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap 2015-11-29 22:53 - 2015-11-29 22:54 - 00000000 ____D C:\Program Files (x86)\Nmap 2015-11-29 22:53 - 2015-11-29 22:53 - 00000000 ____D C:\Program Files\WinPcap 2015-11-29 22:52 - 2015-11-29 22:52 - 26269354 _____ (Insecure.org) C:\Users\admin\Desktop\nmap-7.00-setup.exe 2015-11-29 21:54 - 2015-11-29 21:54 - 10051258 _____ C:\Users\admin\Desktop\ChrisPC-Proxy.6.30.rar 2015-11-29 21:31 - 2015-11-29 21:31 - 00000083 _____ C:\Users\admin\Documents\hosts.txt 2015-11-29 21:22 - 2015-11-30 00:44 - 00000000 ____D C:\Program Files (x86)\ChrisPC Anonymous Proxy Pro 2015-11-29 21:22 - 2015-11-29 21:22 - 00002091 _____ C:\Users\admin\Desktop\ChrisPC Anonymous Proxy Pro.lnk 2015-11-29 21:22 - 2015-11-29 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChrisPC Anonymous Proxy Pro 2015-11-29 21:00 - 2015-11-29 21:00 - 00000000 ____D C:\ProgramData\WNR 2015-11-29 20:59 - 2015-11-29 20:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\WNR 2015-11-26 00:06 - 2015-11-26 00:06 - 00001120 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk 2015-11-26 00:06 - 2015-11-26 00:06 - 00000000 ____D C:\Users\admin\AppData\Local\CrashRpt 2015-11-26 00:05 - 2015-11-26 00:06 - 00000000 ____D C:\ProgramData\Hotspot Shield 2015-11-26 00:05 - 2015-11-26 00:06 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield 2015-11-26 00:05 - 2015-11-26 00:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\Hotspot Shield 2015-11-26 00:05 - 2015-11-26 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2015-11-25 21:13 - 2015-11-25 21:13 - 00000197 _____ C:\Users\admin\ddclient.conf 2015-11-25 21:05 - 2015-11-25 21:15 - 00000000 ____D C:\Program Files (x86)\ddclient 2015-11-24 19:44 - 2015-11-24 19:51 - 00000000 ____D C:\Users\admin\AppData\Local\CyberGhost 2015-11-24 19:44 - 2015-11-24 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2015-11-24 19:44 - 2015-11-24 19:44 - 00000000 ____D C:\Program Files\TAP-Windows 2015-11-24 18:11 - 2015-11-25 23:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\qBittorrent 2015-11-24 18:11 - 2015-11-24 18:11 - 00000000 ____D C:\Users\admin\AppData\Local\qBittorrent 2015-11-24 18:10 - 2015-11-24 18:10 - 00001043 _____ C:\Users\Public\Desktop\qBittorrent.lnk 2015-11-24 18:10 - 2015-11-24 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2015-11-24 18:10 - 2015-11-24 18:10 - 00000000 ____D C:\Program Files (x86)\qBittorrent 2015-11-24 02:40 - 2015-11-11 12:41 - 14035125 _____ C:\Users\admin\Desktop\Darkcomet.5.3.1.rar 2015-11-23 22:54 - 2015-11-03 19:50 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys 2015-11-23 22:54 - 2015-11-03 19:49 - 00031936 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMparport.sys 2015-11-23 22:54 - 2015-05-21 17:36 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys 2015-11-23 22:54 - 2015-05-21 17:35 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll 2015-11-23 22:54 - 2015-05-21 17:35 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll 2015-11-23 22:53 - 2015-11-23 22:53 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines 2015-11-23 22:53 - 2015-11-23 22:53 - 00000000 ____D C:\Program Files\Common Files\VMware 2015-11-23 22:53 - 2015-11-23 22:53 - 00000000 ____D C:\Program Files (x86)\VMware 2015-11-23 22:53 - 2015-11-03 19:49 - 00931520 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll 2015-11-23 22:53 - 2015-11-03 19:49 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe 2015-11-23 22:53 - 2015-11-03 19:49 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe 2015-11-23 22:53 - 2015-11-03 19:49 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys 2015-11-23 22:53 - 2015-10-21 12:41 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys 2015-11-23 20:46 - 2015-11-23 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\16EB6D88.sys 2015-11-23 20:46 - 2015-11-23 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0EC06DB0.sys 2015-11-23 19:21 - 2015-12-01 19:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\dclogs 2015-11-23 03:17 - 2015-11-23 03:17 - 00002633 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-11-23 03:16 - 2015-11-24 22:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent 2015-11-23 02:14 - 2015-11-23 02:14 - 00000000 ____D C:\Users\admin\Downloads\Neuer Ordner 2015-11-21 15:30 - 2015-11-21 15:46 - 00040435 _____ C:\Windows\update.exe 2015-11-20 15:39 - 2015-11-21 20:56 - 00000000 ____D C:\Users\admin\Documents\Gothic3ForsakenGods 2015-11-20 15:33 - 2015-11-20 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Götterdämmerung Enhanced Edition 2015-11-20 15:09 - 2015-11-20 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Modkit 2015-11-20 15:04 - 2015-11-20 15:04 - 00000000 ____D C:\Users\admin\Documents\Gothic3 2015-11-20 15:04 - 2015-11-20 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Enhanced Edition 2015-11-19 00:50 - 2015-11-19 00:56 - 00000000 ____D C:\Program Files (x86)\Resource Hacker 2015-11-19 00:50 - 2015-11-19 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker 2015-11-19 00:33 - 2015-11-19 00:33 - 00000000 ____D C:\ProgramData\Microsoft Corporation 2015-11-18 20:54 - 2015-11-18 21:00 - 00032970 _____ C:\ComboFix.txt 2015-11-18 20:38 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-18 20:38 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-18 20:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-18 18:59 - 2015-11-18 20:35 - 00000000 ____D C:\Users\admin\Downloads\relink.us - Jurassic.World.2015.BDRip.AC3.German.XviD-LoC - ID5ec8e208ab394d7829e99dad4a0009 2015-11-18 13:24 - 2015-11-18 13:24 - 00270720 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-18 00:34 - 2015-11-18 00:34 - 00059616 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-17 22:12 - 2015-11-17 22:12 - 00000325 _____ C:\Users\admin\SciTE.session 2015-11-17 20:34 - 2015-11-17 22:11 - 00000000 ____D C:\Users\admin\AppData\Local\AutoIt v3 2015-11-17 19:10 - 2015-11-17 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3 2015-11-17 19:10 - 2015-11-17 22:11 - 00000000 ____D C:\Program Files (x86)\AutoIt3 2015-11-16 19:59 - 2015-11-16 19:59 - 00002673 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2015-11-16 19:58 - 2015-11-24 00:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent 2015-11-16 15:19 - 2015-11-16 16:26 - 00000000 ____D C:\Users\admin\Downloads\relink.us - mp-refueled-xweb.rar - IDcde97372375e14a26ac86e5b1ac505 2015-11-15 17:30 - 2015-11-15 17:30 - 00370424 _____ (Riverbed Technology, Inc.) C:\Windows\system32\wpcap.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00107768 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Packet.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00098040 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Packet.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00053299 _____ C:\Windows\SysWOW64\pthreadVC.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\npf.sys 2015-11-14 22:23 - 2015-11-14 22:23 - 00000000 ____D C:\Users\admin\AppData\Local\SkinSoft 2015-11-12 17:51 - 2015-11-12 17:51 - 00000000 ____D C:\ProgramData\ConsoleApplication5 2015-11-12 09:35 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-11 18:01 - 2015-11-11 18:01 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation 2015-11-11 14:36 - 2015-11-11 18:44 - 00002832 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2015-11-11 14:36 - 2015-11-11 18:44 - 00002832 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-11-11 14:36 - 2015-11-11 14:36 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-11-11 14:36 - 2015-11-11 14:36 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-11-11 13:50 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-11 13:50 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-11 13:50 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-11 13:50 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-11 13:50 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-11 13:50 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-11 13:50 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-11 13:50 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-11 13:50 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-11 13:50 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-11 13:50 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-11 13:50 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-11 13:50 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-11 13:50 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-11 13:50 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-11 13:50 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-11 13:50 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-11 13:50 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-11 13:50 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-11 13:50 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-11 13:50 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-11 13:50 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-11 13:50 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-11 13:50 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-11 13:50 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-11 13:50 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-11 13:50 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-11 13:50 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-11 13:50 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-11 13:50 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-11 13:50 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-11 13:50 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-11 13:50 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-11 13:50 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-11 13:50 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-11 13:50 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-11 13:50 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-11 13:50 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-11 13:50 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-11 13:50 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-11 13:50 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-11 13:50 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-11 13:50 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-11 13:50 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-11 13:50 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-11 13:49 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-11 13:49 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-11 13:49 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-11 13:49 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-11 13:49 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-11 13:49 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-11 13:49 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-11 13:49 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-11 13:49 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-11 13:49 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-11 13:49 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-11 13:49 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-11 13:49 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-11 13:49 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-11 13:49 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-11 13:49 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-11 13:49 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-11 13:49 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-11 13:49 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-11 13:49 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-11 13:49 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-11 13:49 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-11 13:49 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-11 13:49 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-11 13:49 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-11 13:49 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-11 13:49 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-11 13:49 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-11 13:49 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-11 13:49 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-11 13:49 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-11 13:49 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-11 13:49 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-11 13:49 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-11 13:49 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-11 13:49 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-11 13:49 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-11 13:49 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-11 13:49 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-11 13:49 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-11 13:49 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-11 13:49 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-11 13:49 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-11 13:49 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-11 13:49 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-11 13:49 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-11 13:49 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-11 13:49 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-11 13:49 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-11 13:49 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-11 13:49 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-11 13:49 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-11 13:49 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-11 13:49 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-11 13:49 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-11 13:49 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-11 13:49 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-11 13:49 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-11 13:49 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-11 13:49 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-11 13:49 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-11 13:49 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-11 13:49 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-11 13:49 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-11 13:49 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-11 13:49 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-11 13:49 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-11 13:49 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-11 13:49 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-11 13:49 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-11 13:42 - 2015-11-11 13:42 - 00000000 ____D C:\ProgramData\A 2015-11-11 13:33 - 2015-12-01 20:04 - 00000000 __SHD C:\Users\admin\Documents\MSDCSC 2015-11-11 13:15 - 2015-11-11 13:15 - 00000000 ____D C:\ProgramData\Vitalwerks 2015-11-10 18:12 - 2015-11-10 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-10 18:12 - 2015-10-13 20:00 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-11-10 18:12 - 2015-10-13 20:00 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-11-10 18:12 - 2015-10-13 20:00 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-11-10 18:12 - 2015-10-13 20:00 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-11-10 18:11 - 2015-10-13 16:26 - 00608048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-11-10 18:09 - 2015-10-13 20:00 - 31514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 24199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 22993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 15293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 13916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 13828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 12898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-11-10 18:09 - 2015-10-13 20:00 - 11272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 11209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 04245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 03986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 01908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 01556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 00944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 00907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 00903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 00869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-11-08 11:30 - 2015-12-01 20:07 - 00000000 ____D C:\EEK 2015-11-07 01:02 - 2015-11-07 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security 2015-11-07 01:02 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-11-07 01:01 - 2015-11-07 01:44 - 00831672 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-11-07 01:01 - 2015-11-07 01:01 - 00000000 ____D C:\Windows\ELAMBKUP 2015-11-07 01:01 - 2015-11-07 01:01 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2015-11-07 01:01 - 2015-06-27 22:14 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-11-07 01:01 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-11-06 23:17 - 2015-11-06 23:44 - 00000105 _____ C:\ProgramData\vhzvLr.path 2015-11-06 23:17 - 2015-11-06 23:44 - 00000091 _____ C:\ProgramData\vhzvLr.folder 2015-11-06 21:28 - 2015-11-07 01:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2015-11-06 21:21 - 2015-11-06 21:21 - 00262144 _____ C:\Windows\system32\config\elam 2015-11-06 21:14 - 2015-12-01 20:06 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-11-06 20:50 - 2015-11-06 20:50 - 00000000 ____D C:\Users\admin\Documents\My Games 2015-11-06 20:50 - 2015-11-06 20:50 - 00000000 ____D C:\ProgramData\Steam 2015-11-06 19:45 - 2015-11-06 19:45 - 00003360 _____ C:\Windows\System32\Tasks\{FC69F42C-6F7E-4342-A66C-6801059D8962} 2015-11-06 19:45 - 2015-11-06 19:45 - 00003360 _____ C:\Windows\System32\Tasks\{DD797C40-69B3-4789-8E7D-61D869973BFA} 2015-11-06 16:53 - 2015-11-06 16:53 - 00000000 ____D C:\Program Files (x86)\Running With Scissors 2015-11-06 15:27 - 2015-11-06 15:27 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2015-11-06 14:36 - 2015-11-06 14:36 - 00000000 ____D C:\Program Files (x86)\Team 17 2015-11-05 16:06 - 2015-11-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86 2015-11-05 16:06 - 2015-11-05 16:07 - 00000000 ____D C:\Program Files (x86)\Dolphin x86 2015-11-03 19:49 - 2015-11-03 19:49 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll 2015-11-03 19:49 - 2015-11-03 19:49 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll 2015-11-03 19:49 - 2015-11-03 19:49 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys 2015-11-03 19:49 - 2015-11-03 19:49 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys 2015-11-03 19:49 - 2015-11-03 19:49 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys 2015-11-02 22:59 - 2015-11-02 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-11-02 22:52 - 2015-11-23 19:33 - 00000000 ____D C:\AdwCleaner 2015-11-02 21:03 - 2015-11-02 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2015-11-02 12:28 - 2015-11-06 16:29 - 00007597 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg 2015-11-02 12:05 - 2015-11-02 12:05 - 00000000 ____H C:\Users\admin\Documents\Default.rdp 2015-11-02 10:57 - 2015-11-02 10:57 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups 2015-11-02 10:57 - 2015-11-02 10:57 - 00000000 ____D C:\ProgramData\abelhadigital.com 2015-11-02 10:31 - 2015-11-02 10:31 - 00000000 ____D C:\Users\admin\.java 2015-11-01 14:17 - 2015-11-18 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HashCalc 2015-11-01 14:17 - 2015-11-18 23:36 - 00000000 ____D C:\Program Files (x86)\HashCalc 2015-11-01 13:27 - 2015-11-01 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack 2015-11-01 07:58 - 2015-11-01 07:58 - 00000000 ____D C:\Users\admin\AppData\Local\BANDAI NAMCO Games 2015-11-01 07:57 - 2015-11-01 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonball Xenoverse Bundle Edition 2015-11-01 07:53 - 2015-11-01 07:57 - 00000000 ____D C:\Program Files (x86)\Dragonball Xenoverse Bundle Edition 2015-11-01 04:12 - 2015-11-01 04:12 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs 2015-11-01 04:12 - 2015-11-01 04:12 - 00000000 ____D C:\Program Files (x86)\Portable 2015-11-01 03:46 - 2015-11-01 04:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery Magic 2015-11-01 03:46 - 2015-11-01 04:04 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Magic 2015-11-01 03:19 - 2015-11-01 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-01 20:16 - 2015-06-25 22:14 - 00000000 ____D C:\FRST 2015-12-01 20:14 - 2009-07-14 05:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-01 20:14 - 2009-07-14 05:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-01 20:06 - 2015-06-24 00:08 - 00000000 ____D C:\ProgramData\VMware 2015-12-01 20:05 - 2015-05-19 14:30 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-01 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-01 19:47 - 2015-10-07 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-01 18:00 - 2015-06-25 01:04 - 00001956 _____ C:\Windows\Sandboxie.ini 2015-12-01 18:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-11-30 01:46 - 2015-06-27 21:26 - 00000000 ____D C:\Program Files (x86)\No-IP 2015-11-29 22:54 - 2015-05-19 12:27 - 00000000 ____D C:\Users\admin 2015-11-28 09:54 - 2015-10-17 16:00 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-11-26 19:35 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-26 01:38 - 2015-06-24 00:10 - 00000000 ____D C:\Users\admin\AppData\Roaming\VMware 2015-11-26 01:38 - 2015-06-24 00:10 - 00000000 ____D C:\Users\admin\AppData\Local\VMware 2015-11-26 01:23 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-11-26 00:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-11-25 02:07 - 2015-05-23 17:32 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc 2015-11-25 00:06 - 2015-06-25 03:16 - 00000000 ____D C:\Users\admin\Desktop\Sachen 2015-11-24 19:44 - 2015-10-28 17:37 - 00000000 ____D C:\Program Files\CyberGhost 5 2015-11-23 23:00 - 2015-06-24 01:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-23 22:53 - 2015-05-19 17:50 - 01698440 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-23 22:53 - 2011-04-12 08:43 - 00757166 _____ C:\Windows\system32\perfh007.dat 2015-11-23 22:53 - 2011-04-12 08:43 - 00191018 _____ C:\Windows\system32\perfc007.dat 2015-11-23 20:40 - 2015-10-17 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-23 20:40 - 2015-10-17 16:22 - 00000000 ____D C:\Program Files\Java 2015-11-23 20:40 - 2015-05-30 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-11-23 20:40 - 2015-05-30 20:01 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-23 20:39 - 2015-09-02 16:03 - 00000000 ____D C:\Users\admin\.oracle_jre_usage 2015-11-23 20:38 - 2015-10-17 16:23 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-11-23 19:20 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\DigitalLocker 2015-11-23 18:55 - 2015-06-24 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-23 18:55 - 2015-06-24 01:14 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-23 18:35 - 2015-10-08 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-23 18:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2015-11-20 15:12 - 2015-05-30 12:47 - 00000000 ____D C:\Program Files (x86)\Nordic Games 2015-11-18 20:54 - 2015-09-14 19:48 - 00000000 ____D C:\Qoobox 2015-11-18 20:51 - 2015-09-14 19:48 - 00000000 ____D C:\Windows\erdnt 2015-11-18 20:50 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-11-18 20:46 - 2015-06-21 20:48 - 00000000 ____D C:\ProgramData\TEMP 2015-11-18 20:37 - 2015-09-03 21:20 - 00000000 ____D C:\Users\admin\AppData\Local\JDownloader 2.0 2015-11-17 19:51 - 2011-04-12 08:54 - 00000000 ____D C:\Windows\ShellNew 2015-11-17 18:34 - 2015-05-19 12:21 - 00000000 ____D C:\Windows\CSC 2015-11-17 16:53 - 2015-07-21 15:57 - 00000000 ____D C:\Users\admin\Documents\Visual Studio 2013 2015-11-15 03:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system 2015-11-14 19:04 - 2015-05-30 17:09 - 00000000 ____D C:\Program Files (x86)\Lee_ 2015-11-14 19:01 - 2015-10-08 07:44 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Temp 2015-11-14 09:11 - 2009-07-14 06:13 - 01704624 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-13 23:21 - 2015-08-04 12:08 - 00000000 ____D C:\Tor Browser 2015-11-12 18:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-12 08:54 - 2015-06-24 01:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\Lavasoft 2015-11-12 08:54 - 2015-06-24 01:21 - 00000000 ____D C:\ProgramData\Lavasoft 2015-11-11 23:37 - 2011-04-12 08:54 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-11 18:01 - 2015-05-19 14:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-11-11 14:36 - 2015-10-15 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2015-11-11 14:36 - 2015-10-15 04:43 - 00000000 ____D C:\ProgramData\Freemake 2015-11-10 20:47 - 2015-10-17 16:00 - 00003928 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-11-10 20:47 - 2015-10-07 16:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-10 20:47 - 2015-05-19 18:47 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-10 20:47 - 2015-05-19 18:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-10 20:19 - 2015-10-21 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-11-10 18:12 - 2015-05-19 14:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-11-10 18:12 - 2015-05-19 14:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-11-07 04:04 - 2015-09-13 21:54 - 00000000 ____D C:\Users\admin\AppData\Roaming\DAEMON Tools Lite 2015-11-07 01:44 - 2015-06-27 22:14 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2015-11-07 01:25 - 2015-07-23 15:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-11-06 20:50 - 2015-05-19 13:10 - 00000000 ____D C:\Program Files\COMODO 2015-11-06 20:41 - 2015-05-19 13:09 - 00000000 ____D C:\ProgramData\Comodo 2015-11-06 19:43 - 2015-06-18 20:59 - 00000000 ____D C:\Windows\SysWOW64\directx 2015-11-06 17:04 - 2015-07-21 15:18 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-06 16:42 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-11-05 16:08 - 2015-08-22 16:32 - 00000000 ____D C:\Users\admin\Documents\Dolphin Emulator 2015-11-02 22:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\TAPI 2015-11-02 20:56 - 2015-05-19 17:24 - 00000000 ___SD C:\Windows\system32\GWX 2015-11-02 20:56 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-11-02 12:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-11-01 21:29 - 2015-05-22 18:00 - 00000000 ____D C:\Program Files\WinRAR 2015-11-01 03:37 - 2015-05-22 18:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-11-01 03:37 - 2015-05-22 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-20 21:51 - 2015-06-05 15:58 - 0000001 _____ () C:\Users\admin\AppData\Roaming\update.dat 2015-11-02 12:28 - 2015-11-06 16:29 - 0007597 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg 2015-10-28 13:58 - 2015-10-28 13:58 - 1859600 _____ () C:\ProgramData\vhzvLr 2015-10-28 13:58 - 2015-10-28 13:58 - 0750320 _____ (AutoIt Team) C:\ProgramData\vhzvLr.exe 2015-11-06 23:17 - 2015-11-06 23:44 - 0000091 _____ () C:\ProgramData\vhzvLr.folder 2015-11-06 23:17 - 2015-11-06 23:44 - 0000105 _____ () C:\ProgramData\vhzvLr.path Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\vhzvLr.exe Einige Dateien in TEMP: ==================== C:\Users\admin\AppData\Local\Temp\bassmod.dll C:\Users\admin\AppData\Local\Temp\hss_update.exe C:\Users\admin\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\admin\AppData\Local\Temp\PORTSCANNER.EXE C:\Users\admin\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\admin\AppData\Local\Temp\sqlite3.dll C:\Users\admin\AppData\Local\Temp\upnp.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-30 18:50 ==================== Ende von FRST.txt ============================ |
01.12.2015, 20:20 | #18 |
| komische prozesse,bin ich infiziert? und hier noch ein addition logfile dazu:
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von admin (2015-12-01 20:17:00) Gestartet von C:\Users\admin\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2015-05-19 11:27:50) Start-Modus: Normal ========================================================== ==================== Konten: ============================= admin (S-1-5-21-560193511-1957534509-1735208640-1001 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-560193511-1957534509-1735208640-500 - Administrator - Disabled) Gast (S-1-5-21-560193511-1957534509-1735208640-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-560193511-1957534509-1735208640-1002 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Kaspersky Total Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} AS: Kaspersky Total Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) µTorrent (HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\{B0B387B2-B1E4-43F2-961D-08ABFD759E1A}) (Version: 12.1.9.160 - Adobe Systems, Inc) Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.4.0 - Sereby Corporation) ArcaniA - Fall of Setarrif (HKLM-x32\...\{BA1F2D65-B22F-47C7-A3D0-A7827DF20272}_is1) (Version: - Nordic Games GmbH) ArcaniA - Gothic 4 (HKLM-x32\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version: - Nordic Games GmbH) AutoIt v3.3.14.1 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.1 - AutoIt Team) AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden BitTorrent (HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.) Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) ChrisPC Anonymous Proxy Pro 6.30 (HKLM-x32\...\{E3D2C66C-A3B8-4BB6-8460-5393D2BCCF18}_is1) (Version: - Chris P.C. srl) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation) Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team) Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) FlatOut 2 (HKLM-x32\...\GOGPACKFLATOUT2_is1) (Version: 2.0.0.7 - GOG.com) Freemake Video Converter Version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation) Gothic 3 Enhanced Edition (HKLM-x32\...\{C28A686B-D439-4B83-B023-7402E982F69D}_is1) (Version: - Nordic Games GmbH) Gothic 3 Götterdämmerung Enhanced Edition (HKLM-x32\...\{6890095D-D7FE-465A-9B1D-BE605B1F5FD9}_is1) (Version: - Nordic Games GmbH) Gothic 3 Modkit v1.75.14 (HKLM-x32\...\{420DA6C7-EE34-4468-AE16-87205B7D24EF}_is1) (Version: v1.75.14 - Nordic Games GmbH) Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version: - JoWooD Productions Software AG) Gothic II (HKLM-x32\...\Gothic II) (Version: - JoWooD Productions Software AG) HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version: - SlavaSoft Inc.) Hotspot Shield 5.0.2 (HKLM-x32\...\HotspotShield) (Version: 5.0.2 - AnchorFree Inc.) Icons from File 5.0.6 (HKLM-x32\...\Icons from File_is1) (Version: 5.0.6 - Vitaliy Levchenko) IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation) JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Kaspersky Total Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab) Kaspersky Total Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden MakeTorrent v2.1 (HKLM-x32\...\MakeTorrent 2) (Version: - ) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.6 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21031}) (Version: 7.03.1357 - Nero AG) Nmap 7.00 (HKLM-x32\...\Nmap) (Version: - ) No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC) NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) One Piece Pirate Warriors 3: GOLD Edition (HKLM-x32\...\One Piece Pirate Warriors 3: GOLD Edition_is1) (Version: - ) Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden qBittorrent 3.2.5 (HKLM-x32\...\qBittorrent) (Version: 3.2.5 - The qBittorrent project) RAR Password Recovery Magic v6.1.1.393 (HKLM-x32\...\RAR Password Recovery Magic_is1) (Version: - Password Recovery Magic Studio Ltd.) Rayman 3 Hoodlum Havoc Version 1.0 (HKLM-x32\...\Rayman 3 Hoodlum Havoc_is1) (Version: 1.0 - Ubisoft) Resource Hacker Version 4.2.5 (HKLM-x32\...\ResourceHacker_is1) (Version: - ) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC) SciTE4AutoIt3 15.920.938.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 15.920.938.0 - Jos van der Zande) SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden The Simpsons Hit & Run(TM) (HKLM-x32\...\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}) (Version: 1.00.000 - ) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden Ultra Video Splitter 6.4.1208 (HKLM-x32\...\Ultra Video Splitter_is1) (Version: - Aone Software) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version: - ) VirtualDJ 8 (HKLM-x32\...\{90AE6F39-3EE1-45A1-90D5-FB6C82391EDF}) (Version: 8.0.2338.0 - Atomix Productions) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.3 - VMware, Inc) VMware Workstation (Version: 11.1.3 - VMware, Inc.) Hidden WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden Zombi (HKLM-x32\...\Zombi_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= 23-11-2015 19:39:54 JRT Pre-Junkware Removal 26-11-2015 00:05:36 Gerätetreiber-Paketinstallation: Anchorfree HSS VPN Adapter Netzwerkadapter ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2015-11-18 20:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {028CA519-011B-4015-BDE9-BD363F5EA5DC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-10] (Adobe Systems Incorporated) Task: {127C27E8-993E-4AC2-BFBA-75C4057CCAFE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation) Task: {1D290CE2-8968-490C-ACA9-5CC52D603838} - System32\Tasks\{2D8ECF9C-61FD-4ACC-8CF2-FAA2A8027CDD} => C:\Users\admin\Desktop\Bifrost.exe Task: {34249658-9DD4-487A-AE7F-6BA53E1348AC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-05-19] (Microsoft Corporation) Task: {51000FED-3EB2-4A64-8AC9-C09A72C2F330} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-02] (Piriform Ltd) Task: {596D779F-F60F-4054-9D5F-E020291E3D10} - \bvxvhxvh -> Keine Datei <==== ACHTUNG Task: {79CC19AA-C0E1-4CFA-BF19-4C4592D5F616} - System32\Tasks\{84428AE9-0A90-41D9-A9EA-B64252541EAC} => C:\Users\admin\Desktop\Neuer Ordner\Bifrost Stub Customizer v2.0.exe Task: {807F0029-3273-4FBC-81FC-55037A44C58C} - System32\Tasks\{23620CA1-CC87-49ED-BB6E-44277012C1B0} => pcalua.exe -a "C:\ProgramData\VMware\VMware Player\Uninstaller\\uninstall.exe" -c -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\" Task: {9B52632A-A969-40A6-B830-FDE6D3C8C80E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-05-19] (Microsoft Corporation) Task: {A0A50D1C-ACCC-44F9-A66F-023F2D313B22} - System32\Tasks\{EDED2321-2278-4C8B-AF8E-023C0A6238E9} => pcalua.exe -a C:\Users\admin\Desktop\dd2\INSTALL.EXE -d C:\Users\admin\Desktop\dd2 Task: {A460D382-66EA-4D05-B2EE-4A3C575F6EEB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-05-19] (Microsoft) Task: {A8F7DD9B-7B2B-4046-BD9A-042487AD3470} - \csrss.exe -> Keine Datei <==== ACHTUNG Task: {B454D397-B4BE-49A9-8CF4-BACC8DB37F25} - System32\Tasks\{7971804C-8CAA-4D0F-BCBD-664B3155E6E8} => C:\Users\admin\Desktop\Neuer Ordner\Bifrost Stub Customizer v2.0.exe Task: {D30267F1-1475-4B1E-8E1B-66AB4100F7CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated) Task: {D667BF88-581E-4E11-91E8-3BA8AC9118E2} - System32\Tasks\{DD797C40-69B3-4789-8E7D-61D869973BFA} => pcalua.exe -a "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010\vcredist_x86.exe" -d "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010" Task: {DE9E383F-27C4-49C3-8DF3-E326443204F7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-05-19] (Microsoft Corporation) Task: {E64C6729-054E-41F0-B244-E9C5B277279E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-05-19] (Microsoft Corporation) Task: {F8453438-A0FB-488F-9897-E8C1FCEB75B6} - System32\Tasks\{FC69F42C-6F7E-4342-A66C-6801059D8962} => pcalua.exe -a "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010" (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-05-19 14:30 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-10-12 21:41 - 2015-10-12 21:41 - 00850128 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe 2015-11-03 19:13 - 2015-11-03 19:13 - 12731584 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 2015-10-15 04:43 - 2015-10-09 16:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-07-20 16:34 - 2015-07-20 16:34 - 00012288 _____ () C:\Program Files (x86)\No-IP\ducservice.exe 2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\kpcengine.2.3.dll 2015-10-12 21:35 - 2015-10-12 21:35 - 00261328 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll 2015-10-13 20:16 - 2015-10-13 20:16 - 00895184 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.5.0.2.dll 2015-08-21 19:13 - 2015-08-21 19:13 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll 2009-03-27 21:02 - 2009-03-27 21:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll 2009-03-27 21:02 - 2009-03-27 21:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll 2015-11-03 19:50 - 2015-11-03 19:50 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll 2015-11-03 19:13 - 2015-11-03 19:13 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll 2015-11-03 19:13 - 2015-11-03 19:13 - 00388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll 2015-11-03 19:13 - 2015-11-03 19:13 - 00194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll 2015-07-20 16:34 - 2015-07-20 16:34 - 00073728 _____ () C:\Program Files (x86)\No-IP\ducapi.dll 2014-12-23 16:54 - 2014-12-23 16:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll 2014-12-23 16:54 - 2014-12-23 16:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-12-23 16:54 - 2014-12-23 16:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\autoexec.bat:$CmdTcID AlternateDataStreams: C:\vstdlib_s.dll:$CmdZnID AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID AlternateDataStreams: C:\Windows\unins001.exe:$CmdTcID AlternateDataStreams: C:\Windows\UNNeroBackItUp.exe:$CmdTcID AlternateDataStreams: C:\Windows\UNNeroMediaHome.exe:$CmdTcID AlternateDataStreams: C:\Windows\UNNeroShowTime.exe:$CmdTcID AlternateDataStreams: C:\Windows\UNNeroVision.exe:$CmdTcID AlternateDataStreams: C:\Windows\UNRecode.exe:$CmdTcID AlternateDataStreams: C:\Windows\system\msvcrt10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system\plugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system\vb40016.dll:$CmdTcID AlternateDataStreams: C:\Windows\system\vbrun100.dll:$CmdTcID AlternateDataStreams: C:\Windows\system\vbrun200.dll:$CmdTcID AlternateDataStreams: C:\Windows\system\vbrun300.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appverif.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\coin95itp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxcap.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxcpl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfc100jpn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\microsoft.windows.softwarelogo.showdesktop.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvdispco6434144.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvdispco6434174.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvdispco6434181.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvdispgenco6434144.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvdispgenco6434174.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nvdispgenco6434181.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TgbStarter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tier0_s.dll:$CmdZnID AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\uplay_r1_loader.dll:$CmdZnID AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vsgraphicsremoteengine.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\vsjitdebugger.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\vstdlib_s.dll:$CmdZnID AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AiORuntimes.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appverif.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atl70.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atl71.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\autoitx3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AVEQT.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AVERM.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\comct232.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\comct332.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\comctl32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cygwin1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dblist32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxcap.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxcpl.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\IoctlSvc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\libeay32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\libiconv2.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\libintl3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\libmmd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\libpng13.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\libpng15.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\libssl32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mci32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70CHS.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70CHT.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70DEU.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70ENU.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70ESP.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70FRA.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70ITA.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70JPN.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70KOR.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc70u.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71CHS.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71CHT.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71DEU.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71ENU.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71ESP.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71FRA.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71ITA.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71JPN.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71KOR.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfc71u.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscomct2.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscomctl.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscomm32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdatgrd.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdatlst.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdia100.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msflxgrd.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshflxgd.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msinet.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msmask32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msstdfmt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msstkprp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msvci70.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msvcp70.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msvcp71.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msvcr71.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mswinsck.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\openal32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\picclp32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdpendp_winip.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\richtx32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ssleay32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sysinfo.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tabctl32.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tier0_s.dll:$CmdZnID AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\uplay_r1_loader.dll:$CmdZnID AlternateDataStreams: C:\Windows\SysWOW64\vb40032.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vcamp140.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vsgraphicsremoteengine.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vsjitdebugger.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vstdlib_s.dll:$CmdZnID AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\zlib1.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dtlitescsibus.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\L1E62x64.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\terminpt.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID AlternateDataStreams: C:\Users\admin\Desktop\LS Crypter.suo:$CmdZnID ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE trusted site: HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\webcompanion.com -> hxxp://webcompanion.com ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 37.221.175.198 - 95.169.183.219 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{3945C57F-279A-459C-A8FE-AE5138F72912}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D4BC426F-536B-4BA2-8D3B-5207990745E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E07A3B24-AF55-45EB-987F-28E099A44A28}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{04006571-C299-4D1F-BDDA-40FCB9484846}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [{CBE6A3C2-CF81-45CA-A87B-806229BAAC38}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe FirewallRules: [TCP Query User{FCCD3125-2FB2-497F-A74D-CCA8149904DC}C:\users\admin\desktop\dc\darkcomet.exe] => (Allow) C:\users\admin\desktop\dc\darkcomet.exe FirewallRules: [UDP Query User{CE4E2128-F169-42D6-8AD3-0B35FDAF1544}C:\users\admin\desktop\dc\darkcomet.exe] => (Allow) C:\users\admin\desktop\dc\darkcomet.exe FirewallRules: [TCP Query User{D427572D-88C9-43D9-BC3B-859CE73B107A}C:\users\admin\desktop\bifrost(win7)\bifrost.exe] => (Allow) C:\users\admin\desktop\bifrost(win7)\bifrost.exe FirewallRules: [UDP Query User{2B20F3F9-83D3-41B0-BB8E-F02BA2391FEB}C:\users\admin\desktop\bifrost(win7)\bifrost.exe] => (Allow) C:\users\admin\desktop\bifrost(win7)\bifrost.exe FirewallRules: [TCP Query User{93B58B63-40E3-4BC8-9F1E-3FD8AAEA2DF4}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) C:\program files (x86)\funcom\age of conan\conanpatcher.exe FirewallRules: [UDP Query User{64D620FC-2CCB-4565-A435-37C95559A567}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) C:\program files (x86)\funcom\age of conan\conanpatcher.exe FirewallRules: [TCP Query User{FCAC87B2-8FF0-424C-BF98-5BFD98DCC366}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe FirewallRules: [UDP Query User{3B2AE6C9-C6CD-4F91-A08E-B9D7C55DD86E}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe FirewallRules: [{16B94FD7-47B1-42AD-96C9-A523C6E7E6B7}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe FirewallRules: [{6EDA7CA2-B5B5-4E2A-A40A-F2B6AFCB8C81}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe FirewallRules: [{25B57D77-E17D-4AE1-BFCB-95D9DAAE0085}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe FirewallRules: [{BD8E7152-5240-4893-8B0E-3512E5A664D2}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe FirewallRules: [TCP Query User{3D88B679-5C8F-4D3A-AB2A-9609E5EADE4D}C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe] => (Allow) C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe FirewallRules: [UDP Query User{BF6D2823-C955-4805-BFD3-83B6BD25B82F}C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe] => (Allow) C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe FirewallRules: [{091724C2-F5CB-4C57-AEE9-1DCF8C1D7926}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{C2F61917-20C7-4335-BB7B-8B8E219DD2BC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [TCP Query User{D2F55E05-CCC3-4B7A-A813-B2B220742836}C:\users\admin\desktop\dolphin-x64\dolphin.exe] => (Block) C:\users\admin\desktop\dolphin-x64\dolphin.exe FirewallRules: [UDP Query User{5334C742-FA3B-44DC-837B-4289D2C7AEA9}C:\users\admin\desktop\dolphin-x64\dolphin.exe] => (Block) C:\users\admin\desktop\dolphin-x64\dolphin.exe FirewallRules: [TCP Query User{7FDAA97A-89F5-4045-BBCF-A144602B47A0}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [UDP Query User{95DC43D7-389D-4224-8732-2D48DD747533}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe FirewallRules: [TCP Query User{47B4D1B5-7DA2-41DA-8458-6463B2783B17}C:\users\admin\desktop\dd\fgd.exe] => (Allow) C:\users\admin\desktop\dd\fgd.exe FirewallRules: [UDP Query User{EBF310ED-4973-439A-A743-0F5B0E2C7F36}C:\users\admin\desktop\dd\fgd.exe] => (Allow) C:\users\admin\desktop\dd\fgd.exe FirewallRules: [{CC1587B9-385F-4523-AC1A-3F0BB2F52764}] => (Allow) LPort=12292 FirewallRules: [{3D7CF3E4-BFCD-44C3-8241-BF893063E6F4}] => (Allow) LPort=500 FirewallRules: [{BBCDF4C6-B742-4D99-A469-16BB058E8F3D}] => (Allow) LPort=4500 FirewallRules: [TCP Query User{7F65A14A-D49F-47CD-A98E-E324E4917AD2}C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [UDP Query User{C971E4CF-8C05-4642-9A40-B6C525D71C6B}C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [{7CFB1E5C-C578-4878-A8E2-824F85661E35}] => (Block) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [{05EBE91F-D545-43CA-9375-A23D201D3F39}] => (Block) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe FirewallRules: [TCP Query User{BE6A247D-5574-4DD9-A7D9-FA77B81C2F1A}C:\program files (x86)\dolphin x86\dolphin.exe] => (Allow) C:\program files (x86)\dolphin x86\dolphin.exe FirewallRules: [UDP Query User{08D366F2-35CC-40D6-92E1-5873B682B2A6}C:\program files (x86)\dolphin x86\dolphin.exe] => (Allow) C:\program files (x86)\dolphin x86\dolphin.exe FirewallRules: [{2031D6D0-20A4-4030-B17A-488C7ADC8631}] => (Block) C:\program files (x86)\dolphin x86\dolphin.exe FirewallRules: [{2B13B809-EAEE-4514-B1CD-DB12FA049830}] => (Block) C:\program files (x86)\dolphin x86\dolphin.exe FirewallRules: [TCP Query User{01EE0383-BB73-4D8A-AEC1-12E19233912D}C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe] => (Allow) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe FirewallRules: [UDP Query User{A1A4C67A-E2F8-4954-ADE3-C7F871713059}C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe] => (Allow) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe FirewallRules: [{F0785EC4-E48D-4C61-8F81-BA76EAEE22DB}] => (Block) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe FirewallRules: [{ACABB210-169B-465F-BAED-9F9677E79DEA}] => (Block) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe FirewallRules: [{E121F659-2C28-4BAE-8DC3-00CDD31F2842}] => (Allow) C:\Program Files (x86)\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{49C8A316-1A5E-4675-9BEB-A2424DE17EBB}] => (Allow) C:\Program Files (x86)\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{FFF0ED60-708B-4575-B22C-D18C4EC7AB7C}] => (Allow) C:\Program Files (x86)\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{5DEF9D07-1997-4E19-A611-9BF984632A3D}] => (Allow) C:\Program Files (x86)\South Park - The Stick of Truth\South Park - The Stick of Truth.exe FirewallRules: [{B3E487E8-1B5E-44A6-9C0B-A3204EE2C8B5}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe FirewallRules: [{BB6D4001-F455-427F-97EE-F5F3471D549B}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe FirewallRules: [{EAF2B7F5-C225-4ACA-A0DB-2FEC13A00127}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe FirewallRules: [{00612333-7E82-45C8-828D-CFC713D4AD3D}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe FirewallRules: [{A8921F25-D264-4279-A103-3229D8FF51D7}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{DC07B1FB-902F-44B0-B92E-FB8E2228FB78}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{20F538CD-EC0B-4811-8C1E-E15981E8F642}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{91CACAFD-9A8E-422C-B480-1AA35F7F8257}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{9203F0DF-0844-47EE-BE42-B7DDC9DA9C0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{92882AFE-9CDD-4B44-94E3-7ED1F3BD7E2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{CC5CF8AF-28D2-41F5-9E25-A5DCBA694736}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A5ABC8D6-E776-494D-9CF3-EE227E55DF34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{36CDBAF8-C2B4-4A08-9D77-34B73BAD3F55}C:\users\admin\desktop\dark\darkcomet.exe] => (Allow) C:\users\admin\desktop\dark\darkcomet.exe FirewallRules: [UDP Query User{65750116-1312-4411-9A71-18A03FD6D9EB}C:\users\admin\desktop\dark\darkcomet.exe] => (Allow) C:\users\admin\desktop\dark\darkcomet.exe FirewallRules: [{FC058A32-D150-4E42-8D69-2A306C7FFEFA}] => (Block) C:\users\admin\desktop\dark\darkcomet.exe FirewallRules: [{A932071C-8BA6-4BC7-8140-A66922918DC6}] => (Block) C:\users\admin\desktop\dark\darkcomet.exe FirewallRules: [{ED47C8B6-D0D0-4D86-8B79-FC37E974AF08}] => (Allow) LPort=1604 FirewallRules: [{CE3BE198-581E-4607-8664-6959B4AF12FC}] => (Allow) LPort=1604 FirewallRules: [TCP Query User{D102616C-AD3F-4A2C-80A0-4CD7E794CD34}C:\users\admin\appdata\local\temp\rar$exa0.907\darkcomet.exe] => (Block) C:\users\admin\appdata\local\temp\rar$exa0.907\darkcomet.exe FirewallRules: [UDP Query User{AE96ED5F-3768-453E-A12F-E02A632E7E20}C:\users\admin\appdata\local\temp\rar$exa0.907\darkcomet.exe] => (Block) C:\users\admin\appdata\local\temp\rar$exa0.907\darkcomet.exe FirewallRules: [{36EEAE6B-1CDD-43D4-AC3B-5BE1C3C1EC34}] => (Allow) LPort=80 FirewallRules: [{7ABF3F14-5D68-4255-949D-1427839B9B71}] => (Allow) LPort=81 FirewallRules: [{8C36D80B-2F6B-438A-A817-61E8355C366B}] => (Allow) LPort=443 FirewallRules: [{15012327-8DB5-46C6-9DA6-C4D42E4D7C3E}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{4E469104-0230-4DB8-806E-258368362DB8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{3A55189E-651E-4DC5-B69A-CCFE1D34AFBD}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{ABDCFB25-91A1-4876-BBCD-C004172D6FE8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{C028DE05-8E8F-477A-A845-BE96C9EEE0DC}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{649ABC75-74F7-4B75-9A01-F6CB034E76A8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [TCP Query User{1D7940A7-A7EF-45EE-843D-47A3870F5258}C:\users\admin\desktop\darkc\darkcomet.exe] => (Allow) C:\users\admin\desktop\darkc\darkcomet.exe FirewallRules: [UDP Query User{6B32C4E5-8FC6-4635-8E0E-B7A4B406494D}C:\users\admin\desktop\darkc\darkcomet.exe] => (Allow) C:\users\admin\desktop\darkc\darkcomet.exe FirewallRules: [{54566C4E-505E-4A10-927D-3D64D640BBE6}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{62687BA1-4F2F-4C40-8B66-C0F8162DA0A8}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1C4F3BC6-E7AE-46B8-90DA-689045026571}] => (Allow) C:\Users\admin\Desktop\Neuer Ordner\uTorrentPortable\uTorrentPortable\App\uTorrent\uTorrent.exe FirewallRules: [{694C4A21-0AA5-4495-B1E6-92329E786B1D}] => (Allow) C:\Users\admin\Desktop\Neuer Ordner\uTorrentPortable\uTorrentPortable\App\uTorrent\uTorrent.exe FirewallRules: [{FECE7823-7088-4E3C-A74D-E9B7019F3438}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9240C8A4-83ED-47E2-970E-98E6DF64C364}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D7FF9051-7DAE-4262-B7DD-31F6216EBD56}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B46B8492-8D86-4C49-8759-1988161F862C}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B9197AB2-3A22-4780-ADDA-CD1DB7C6BA80}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{BE10D23D-2F5E-4A12-A07F-5E11F65B1554}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{400F6693-3492-4ADF-8BBB-6009772DA2FC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{4C15E52D-DE65-4221-B209-2B40570CB975}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{F079AA96-9E64-4549-A374-ACA90969C61D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{EC1C2860-F1B5-4E6C-A783-D91BF9E05A99}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{37B8E9CC-1AF1-40C6-A0F0-AA6173FBFBA0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{72DDA166-7B53-4B29-A54C-92EBBF6F288A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [TCP Query User{38D2D82D-8133-4C71-B890-72AF75DC0EC5}C:\users\admin\desktop\dark400\darkcomet.exe] => (Allow) C:\users\admin\desktop\dark400\darkcomet.exe FirewallRules: [UDP Query User{444DD3D1-86A1-465B-A585-C52FE13E2C82}C:\users\admin\desktop\dark400\darkcomet.exe] => (Allow) C:\users\admin\desktop\dark400\darkcomet.exe FirewallRules: [TCP Query User{200D715D-6F95-4C0F-9176-B6E8E6D21288}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [UDP Query User{456C05A2-9D25-46F4-9954-9C3F251795E8}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [{CBF9BD4F-DA19-4186-B15A-D3EBB3CBAE20}] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [{6272A6FC-B131-43A5-B297-CEBCBF0577A6}] => (Block) C:\program files\java\jre1.8.0_66\bin\javaw.exe FirewallRules: [{C8698420-A9AC-4D65-B967-714B4AA5B27B}] => (Allow) C:\Program Files\CyberGhost 5\CyberGhost.exe FirewallRules: [{52500A2D-DC22-463C-AA52-853506EF7639}] => (Allow) C:\Program Files\CyberGhost 5\CyberGhost.exe FirewallRules: [{48ED9B44-372A-4DF7-9BF0-F008581B5446}] => (Allow) C:\Program Files\CyberGhost 5\CyberGhost.exe FirewallRules: [{18BF9F15-5863-4509-A328-D347555FC742}] => (Allow) C:\Program Files\CyberGhost 5\CyberGhost.exe FirewallRules: [{DB073139-0139-431D-A934-BEC9C95DA916}] => (Allow) %ProgramFiles%\CyberGhost 5\CyberGhost.exe FirewallRules: [{A067A715-ABF2-4412-BB20-69568F79A0A5}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe FirewallRules: [{8E39124E-0B6F-4C29-A22A-2FEF0E7C616C}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe FirewallRules: [{9FEE3D69-E59A-4B88-9B70-898413C17F94}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe FirewallRules: [{9A5C7E2D-E108-42D3-9CF7-FAA360C3ACB2}] => (Allow) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe FirewallRules: [{0DFFC900-CB4F-4B2A-938D-1AFBB3B5BD16}] => (Allow) %ProgramFiles% (x86)\Hotspot Shield\bin\HSSCP.exe FirewallRules: [TCP Query User{C4044152-715B-4CF5-A3BD-3F996C51C8BD}C:\users\admin\desktop\darc400\darkcomet.exe] => (Allow) C:\users\admin\desktop\darc400\darkcomet.exe FirewallRules: [UDP Query User{B3A6B4E9-E0BE-48DD-BBD5-518BE13ADA8C}C:\users\admin\desktop\darc400\darkcomet.exe] => (Allow) C:\users\admin\desktop\darc400\darkcomet.exe FirewallRules: [{B323AFCD-96BE-49C0-8DCE-53FD1EC68842}] => (Block) C:\users\admin\desktop\darc400\darkcomet.exe FirewallRules: [{EB614808-01C8-4148-81F9-CAAFCEBEC673}] => (Block) C:\users\admin\desktop\darc400\darkcomet.exe FirewallRules: [{4654130B-0CAA-466C-82AA-0D9AE7F14B9C}] => (Allow) C:\Program Files (x86)\ChrisPC Anonymous Proxy Pro\ChrisPC Proxy.exe FirewallRules: [{DEF8F2A2-FD73-4000-929A-90D3CE580B7F}] => (Allow) C:\Program Files (x86)\ChrisPC Anonymous Proxy Pro\ChrisPC Proxy.exe FirewallRules: [{AACA306A-73C7-4191-B152-DA3C11FA0621}] => (Allow) C:\Program Files (x86)\ChrisPC Anonymous Proxy Pro\ChrisPC Proxy.exe FirewallRules: [{8FA3E5AB-36D2-4525-BBF1-E5B98A13B000}] => (Allow) C:\Program Files (x86)\ChrisPC Anonymous Proxy Pro\ChrisPC Proxy.exe FirewallRules: [{15920104-8878-4637-A42B-4ABD07E29C2C}] => (Allow) C:\Program Files (x86)\Proxy Switcher Standard\ProxySwitcher.exe FirewallRules: [{D8428F3B-BFD4-4256-9093-B8530BE2321E}] => (Allow) C:\Program Files (x86)\Proxy Switcher Standard\ProxySwitcher.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/01/2015 08:06:20 PM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0. Error: (12/01/2015 08:06:13 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (12/01/2015 08:06:12 PM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Error: (12/01/2015 07:25:30 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (12/01/2015 05:00:37 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (12/01/2015 05:00:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (12/01/2015 05:00:34 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (12/01/2015 02:59:44 PM) (Source: Windows Search Service) (EventID: 10021) (User: ) Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0. Error: (12/01/2015 02:59:36 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Kontext: Anwendung, SystemIndex Katalog Error: (12/01/2015 02:59:33 PM) (Source: Windows Search Service) (EventID: 3006) (User: ) Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut. Systemfehler: ============= Error: (12/01/2015 08:06:44 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (12/01/2015 08:04:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "VMware Workstation Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/01/2015 05:02:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 05:02:07 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (12/01/2015 05:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 05:02:06 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (12/01/2015 05:02:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 05:02:06 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (12/01/2015 05:01:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (12/01/2015 05:01:39 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. CodeIntegrity: =================================== Date: 2015-11-18 20:49:53.977 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2015-11-18 20:49:53.930 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Prozentuale Nutzung des RAM: 41% Installierter physikalischer RAM: 3071.12 MB Verfügbarer physikalischer RAM: 1791.32 MB Summe virtueller Speicher: 6440.44 MB Verfügbarer virtueller Speicher: 4514.31 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:679.22 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3941A79A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ |
02.12.2015, 16:40 | #19 |
/// the machine /// TB-Ausbilder | komische prozesse,bin ich infiziert? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {596D779F-F60F-4054-9D5F-E020291E3D10} - \bvxvhxvh -> Keine Datei <==== ACHTUNG HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [MicroUpdate] => C:\Users\admin\Documents\MSDCSC\knRa5jw1eyde\msdcsc.exe C:\Users\admin\Documents\MSDCSC Task: {A8F7DD9B-7B2B-4046-BD9A-042487AD3470} - \csrss.exe -> Keine Datei <==== ACHTUNG C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17INPJB2\Stub[1].exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL0OS9O4\OrbiterInstaller[1].exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL0OS9O4\Setup[1].exe C:\Users\admin\AppData\Local\Temp\vmware-admin\VMwareDnD\ec32200c\Customized.exe C:\Users\admin\Desktop\darc400 C:\Users\admin\Documents\MSDCSC Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST log bitte. und bitte erklär mir mal wer sich mit Absicht einen Backdoor zum Spielen auf den Desktop legt und dann über Malware wundert.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.12.2015, 04:33 | #20 |
| komische prozesse,bin ich infiziert? [/CODE][/FRSTFIX] Frisches FRST log bitte. und bitte erklär mir mal wer sich mit Absicht einen Backdoor zum Spielen auf den Desktop legt und dann über Malware wundert.[/QUOTE] gut das du das erwähnst! das war meine beklopte nichte,ich hatte ja geschrieben das ich einige tage nicht am pc bin und die ist erst 15 jahre alt und denkt sie wäre voll cool wenn sie solche programme runterläd und damit irgendwas macht wovon sie aber garkeine ahnung hat. ich werde in zukunft besser aufpassen..... hier das fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von admin (2015-12-03 04:11:23) Run:5 Gestartet von C:\Users\admin\Desktop Geladene Profile: admin (Verfügbare Profile: admin & schinken42.ddns.net) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** Task: {596D779F-F60F-4054-9D5F-E020291E3D10} - \bvxvhxvh -> Keine Datei <==== ACHTUNG HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [MicroUpdate] => C:\Users\admin\Documents\MSDCSC\knRa5jw1eyde\msdcsc.exe C:\Users\admin\Documents\MSDCSC Task: {A8F7DD9B-7B2B-4046-BD9A-042487AD3470} - \csrss.exe -> Keine Datei <==== ACHTUNG C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17INPJB2\Stub[1].exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL0OS9O4\OrbiterInstaller[1].exe C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL0OS9O4\Setup[1].exe C:\Users\admin\AppData\Local\Temp\vmware-admin\VMwareDnD\ec32200c\Customized.exe C:\Users\admin\Desktop\darc400 C:\Users\admin\Documents\MSDCSC Emptytemp: ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{596D779F-F60F-4054-9D5F-E020291E3D10}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{596D779F-F60F-4054-9D5F-E020291E3D10}" => Schlüssel erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvhxvh => Schlüssel nicht gefunden. HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate => Wert erfolgreich entfernt C:\Users\admin\Documents\MSDCSC => erfolgreich verschoben "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8F7DD9B-7B2B-4046-BD9A-042487AD3470}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8F7DD9B-7B2B-4046-BD9A-042487AD3470}" => Schlüssel erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\csrss.exe" => Schlüssel erfolgreich entfernt C:\Sandbox\admin\DefaultBox\user\current\Documents\MSDCSC => erfolgreich verschoben "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17INPJB2\Stub[1].exe" => nicht gefunden. C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL0OS9O4\OrbiterInstaller[1].exe => erfolgreich verschoben C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZL0OS9O4\Setup[1].exe => erfolgreich verschoben "C:\Users\admin\AppData\Local\Temp\vmware-admin\VMwareDnD\ec32200c\Customized.exe" => nicht gefunden. "C:\Users\admin\Desktop\darc400" => nicht gefunden. "C:\Users\admin\Documents\MSDCSC" => nicht gefunden. EmptyTemp: => 991.1 MB temporäre Dateien entfernt. Das System musste neu gestartet werden. ==== Ende von Fixlog 04:12:23 ==== Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von admin (Administrator) auf PC (03-12-2015 04:18:10) Gestartet von C:\Users\admin\Desktop Geladene Profile: admin (Verfügbare Profile: admin & schinken42.ddns.net) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\wmi64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-06-15] (LogMeIn, Inc.) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] () HKLM-x32\...\Run: [ConsoleApplication5] => C:\ProgramData\ConsoleApplication5\ConsoleApplication5\1.0.0.0\msdcsc.exe [0 2015-11-14] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [113344 2015-11-03] (VMware, Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM-x32\...\RunOnce: [{f255478c-ebfa-426d-a975-4a8d1f9432a4}] => C:\ProgramData\Package Cache\{f255478c-ebfa-426d-a975-4a8d1f9432a4}\vs_langpack.exe [1016624 2015-08-15] (Microsoft Corporation) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2015-05-19] (Nero AG) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-11-02] (Piriform Ltd) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-11-02] (Sandboxie Holdings, LLC) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-09-13] (Disc Soft Ltd) HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5F5F453A-D4F4-4706-A6F5-2CA516EBDD64}: [NameServer] 37.221.175.198,95.169.183.219 Tcpip\..\Interfaces\{92F26E54-F45F-436B-AB09-400A4B3518BA}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9B565D28-496B-44AD-9D4C-B0823127D20C}: [DhcpNameServer] 8.8.8.8 Internet Explorer: ================== HKU\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-560193511-1957534509-1735208640-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation) BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default FF Homepage: www.google.com FF NetworkProxy: "autoconfig_url", "file://C:/Program Files (x86)/ChrisPC Anonymous Proxy Pro/chrispc_proxy_fox.pac" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-07] () FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-07] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-07] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN) FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-07] [ist nicht signiert] FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-07] [ist nicht signiert] FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2015-07-21] (Microsoft Corporation) R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-09-13] (Disc Soft Ltd) S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2015-07-21] (Microsoft Corporation) [Datei ist nicht signiert] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation) R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1873616 2015-10-12] (AnchorFree Inc.) S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-10-12] () R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [850128 2015-10-12] () R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-11-19] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc.) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S2 named; C:\Windows\SysWOW64\dns\bin\named.exe [376832 2012-09-27] () [Datei ist nicht signiert] R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2015-05-19] (Nero AG) R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [Datei ist nicht signiert] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation) R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2015-05-19] (Prolific Technology Inc.) [Datei ist nicht signiert] R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-11-02] (Sandboxie Holdings, LLC) S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2015-07-21] (Microsoft Corporation) [Datei ist nicht signiert] R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12731584 2015-11-03] () S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2015-07-21] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-13] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-12-01] (Emsisoft GmbH) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831672 2015-11-07] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-11-07] (Kaspersky Lab ZAO) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-06-15] (LogMeIn, Inc.) S4 LMIRfsClientNP; kein ImagePath R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] () R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-07-29] (NVIDIA Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-09-13] (Duplex Secure Ltd.) R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-10-12] (Anchorfree Inc.) R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-11-03] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.) S3 athr; system32\DRIVERS\athrx.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-03 04:18 - 2015-12-03 04:18 - 00021639 _____ C:\Users\admin\Desktop\FRST.txt 2015-12-03 04:11 - 2015-12-03 04:12 - 00003153 _____ C:\Users\admin\Desktop\Fixlog.txt 2015-12-03 04:10 - 2015-12-03 04:11 - 02350080 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe 2015-12-02 22:34 - 2015-12-02 22:34 - 00001952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk 2015-12-02 22:34 - 2015-12-02 22:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Ignition 2015-12-02 22:32 - 2015-12-03 04:15 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2015-12-02 22:32 - 2015-12-02 22:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2015-12-02 22:32 - 2015-12-02 22:32 - 00001024 _____ C:\.rnd 2015-12-02 22:32 - 2015-11-19 11:08 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2015-12-02 22:32 - 2015-11-19 11:07 - 00107008 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2015-12-02 22:32 - 2015-11-19 11:07 - 00035328 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2015-12-02 22:32 - 2015-06-15 08:14 - 00072216 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys 2015-12-02 22:21 - 2015-12-03 04:16 - 00000000 ____D C:\Users\admin\AppData\Local\LogMeIn Hamachi 2015-12-02 22:21 - 2015-12-03 04:15 - 00000000 ____D C:\ProgramData\LogMeIn 2015-12-02 22:21 - 2015-12-02 22:21 - 00000000 ____D C:\Users\admin\AppData\Local\LogMeIn 2015-12-02 22:21 - 2015-12-02 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2015-12-02 22:21 - 2015-12-02 22:21 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2015-12-02 22:21 - 2015-11-12 11:51 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2015-12-02 18:29 - 2015-12-02 18:29 - 00000020 ___SH C:\Users\schinken42.ddns.net\ntuser.ini 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Vorlagen 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Startmenü 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Netzwerkumgebung 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Lokale Einstellungen 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Eigene Dateien 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Druckumgebung 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Documents\Eigene Videos 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Documents\Eigene Musik 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Documents\Eigene Bilder 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\AppData\Local\Verlauf 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\AppData\Local\Anwendungsdaten 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 _SHDL C:\Users\schinken42.ddns.net\Anwendungsdaten 2015-12-02 18:29 - 2015-12-02 18:29 - 00000000 ____D C:\Users\schinken42.ddns.net 2015-12-02 18:29 - 2011-04-12 08:54 - 00000000 ____D C:\Users\schinken42.ddns.net\AppData\Roaming\Media Center Programs 2015-12-02 18:24 - 2015-12-02 18:24 - 00000000 ____D C:\Windows\SysWOW64\dns 2015-12-01 20:04 - 2015-12-01 20:04 - 00000000 ____D C:\Windows\SysWOW64\Hotspot Shield 2015-11-30 01:46 - 2015-11-30 01:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC 2015-11-29 22:54 - 2015-12-02 21:14 - 00000000 ____D C:\Users\admin\.zenmap 2015-11-29 22:54 - 2015-11-29 22:54 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap 2015-11-29 22:53 - 2015-11-29 22:54 - 00000000 ____D C:\Program Files (x86)\Nmap 2015-11-29 22:53 - 2015-11-29 22:53 - 00000000 ____D C:\Program Files\WinPcap 2015-11-29 21:31 - 2015-11-29 21:31 - 00000083 _____ C:\Users\admin\Documents\hosts.txt 2015-11-29 21:22 - 2015-11-30 00:44 - 00000000 ____D C:\Program Files (x86)\ChrisPC Anonymous Proxy Pro 2015-11-29 21:22 - 2015-11-29 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChrisPC Anonymous Proxy Pro 2015-11-29 21:00 - 2015-11-29 21:00 - 00000000 ____D C:\ProgramData\WNR 2015-11-29 20:59 - 2015-11-29 20:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\WNR 2015-11-26 00:06 - 2015-11-26 00:06 - 00000000 ____D C:\Users\admin\AppData\Local\CrashRpt 2015-11-26 00:05 - 2015-11-26 00:06 - 00000000 ____D C:\ProgramData\Hotspot Shield 2015-11-26 00:05 - 2015-11-26 00:06 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield 2015-11-26 00:05 - 2015-11-26 00:05 - 00000000 ____D C:\Users\admin\AppData\Roaming\Hotspot Shield 2015-11-26 00:05 - 2015-11-26 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2015-11-25 21:13 - 2015-11-25 21:13 - 00000197 _____ C:\Users\admin\ddclient.conf 2015-11-25 21:05 - 2015-11-25 21:15 - 00000000 ____D C:\Program Files (x86)\ddclient 2015-11-24 19:44 - 2015-11-24 19:51 - 00000000 ____D C:\Users\admin\AppData\Local\CyberGhost 2015-11-24 19:44 - 2015-11-24 19:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5 2015-11-24 19:44 - 2015-11-24 19:44 - 00000000 ____D C:\Program Files\TAP-Windows 2015-11-24 18:11 - 2015-12-02 22:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\qBittorrent 2015-11-24 18:11 - 2015-11-24 18:11 - 00000000 ____D C:\Users\admin\AppData\Local\qBittorrent 2015-11-24 18:10 - 2015-11-24 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2015-11-24 18:10 - 2015-11-24 18:10 - 00000000 ____D C:\Program Files (x86)\qBittorrent 2015-11-23 22:54 - 2015-11-03 19:50 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys 2015-11-23 22:54 - 2015-11-03 19:49 - 00031936 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMparport.sys 2015-11-23 22:54 - 2015-05-21 17:36 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys 2015-11-23 22:54 - 2015-05-21 17:35 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll 2015-11-23 22:54 - 2015-05-21 17:35 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll 2015-11-23 22:53 - 2015-11-23 22:53 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines 2015-11-23 22:53 - 2015-11-23 22:53 - 00000000 ____D C:\Program Files\Common Files\VMware 2015-11-23 22:53 - 2015-11-23 22:53 - 00000000 ____D C:\Program Files (x86)\VMware 2015-11-23 22:53 - 2015-11-03 19:49 - 00931520 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll 2015-11-23 22:53 - 2015-11-03 19:49 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe 2015-11-23 22:53 - 2015-11-03 19:49 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe 2015-11-23 22:53 - 2015-11-03 19:49 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys 2015-11-23 22:53 - 2015-10-21 12:41 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys 2015-11-23 20:46 - 2015-11-23 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\16EB6D88.sys 2015-11-23 20:46 - 2015-11-23 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0EC06DB0.sys 2015-11-23 19:21 - 2015-12-01 19:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\dclogs 2015-11-23 03:17 - 2015-11-23 03:17 - 00002633 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-11-23 03:16 - 2015-11-24 22:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent 2015-11-21 15:30 - 2015-11-21 15:46 - 00040435 _____ C:\Windows\update.exe 2015-11-20 15:39 - 2015-11-21 20:56 - 00000000 ____D C:\Users\admin\Documents\Gothic3ForsakenGods 2015-11-20 15:33 - 2015-11-20 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Götterdämmerung Enhanced Edition 2015-11-20 15:09 - 2015-11-20 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Modkit 2015-11-20 15:04 - 2015-11-20 15:04 - 00000000 ____D C:\Users\admin\Documents\Gothic3 2015-11-20 15:04 - 2015-11-20 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Enhanced Edition 2015-11-19 11:01 - 2015-11-19 11:01 - 00035616 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr.dll 2015-11-19 11:01 - 2015-11-19 11:01 - 00014624 _____ (LogMeIn, Inc.) C:\Windows\system32\lmimirr2.dll 2015-11-19 11:01 - 2015-11-19 11:01 - 00011552 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\lmimirr.sys 2015-11-19 00:50 - 2015-11-19 00:56 - 00000000 ____D C:\Program Files (x86)\Resource Hacker 2015-11-19 00:50 - 2015-11-19 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker 2015-11-19 00:33 - 2015-11-19 00:33 - 00000000 ____D C:\ProgramData\Microsoft Corporation 2015-11-18 20:54 - 2015-11-18 21:00 - 00032970 _____ C:\ComboFix.txt 2015-11-18 20:38 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-18 20:38 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-18 20:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-18 20:38 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-18 13:24 - 2015-11-18 13:24 - 00270720 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-18 00:34 - 2015-11-18 00:34 - 00059616 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-17 22:12 - 2015-11-17 22:12 - 00000325 _____ C:\Users\admin\SciTE.session 2015-11-17 20:34 - 2015-11-17 22:11 - 00000000 ____D C:\Users\admin\AppData\Local\AutoIt v3 2015-11-17 19:10 - 2015-11-17 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3 2015-11-17 19:10 - 2015-11-17 22:11 - 00000000 ____D C:\Program Files (x86)\AutoIt3 2015-11-16 19:59 - 2015-11-16 19:59 - 00002673 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2015-11-16 19:58 - 2015-12-02 22:18 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent 2015-11-15 17:30 - 2015-11-15 17:30 - 00370424 _____ (Riverbed Technology, Inc.) C:\Windows\system32\wpcap.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00107768 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Packet.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00098040 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Packet.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00053299 _____ C:\Windows\SysWOW64\pthreadVC.dll 2015-11-15 17:30 - 2015-11-15 17:30 - 00036600 _____ (Riverbed Technology, Inc.) C:\Windows\system32\Drivers\npf.sys 2015-11-14 22:23 - 2015-11-14 22:23 - 00000000 ____D C:\Users\admin\AppData\Local\SkinSoft 2015-11-12 17:51 - 2015-11-12 17:51 - 00000000 ____D C:\ProgramData\ConsoleApplication5 2015-11-12 09:35 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-11 18:01 - 2015-11-11 18:01 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation 2015-11-11 14:36 - 2015-11-11 18:44 - 00002832 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2015-11-11 14:36 - 2015-11-11 18:44 - 00002832 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2015-11-11 14:36 - 2015-11-11 14:36 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2015-11-11 14:36 - 2015-11-11 14:36 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2015-11-11 13:50 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-11 13:50 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-11 13:50 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-11 13:50 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-11 13:50 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-11 13:50 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-11 13:50 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-11 13:50 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-11 13:50 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-11 13:50 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-11 13:50 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-11 13:50 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-11 13:50 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-11 13:50 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-11 13:50 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-11 13:50 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-11 13:50 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-11 13:50 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-11 13:50 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-11 13:50 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-11 13:50 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-11 13:50 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-11 13:50 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-11 13:50 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-11 13:50 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-11 13:50 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-11 13:50 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-11 13:50 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-11 13:50 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-11 13:50 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-11 13:50 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-11 13:50 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-11 13:50 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-11 13:50 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-11 13:50 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-11 13:50 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-11 13:50 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-11 13:50 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-11 13:50 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-11 13:50 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-11 13:50 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-11 13:50 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-11 13:50 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-11 13:50 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-11 13:50 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-11 13:50 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-11 13:49 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-11 13:49 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-11 13:49 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-11 13:49 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-11 13:49 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-11 13:49 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-11 13:49 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-11 13:49 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-11 13:49 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-11 13:49 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-11 13:49 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-11 13:49 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-11 13:49 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-11 13:49 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-11 13:49 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-11 13:49 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-11 13:49 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-11 13:49 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-11 13:49 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-11 13:49 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-11 13:49 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-11 13:49 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-11 13:49 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-11 13:49 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-11 13:49 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-11 13:49 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-11 13:49 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-11 13:49 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-11 13:49 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-11 13:49 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-11 13:49 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-11 13:49 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-11 13:49 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-11 13:49 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-11 13:49 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-11 13:49 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-11 13:49 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-11 13:49 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-11 13:49 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-11 13:49 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-11 13:49 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-11 13:49 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-11 13:49 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-11 13:49 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-11 13:49 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-11 13:49 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-11 13:49 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-11 13:49 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-11 13:49 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-11 13:49 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-11 13:49 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-11 13:49 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-11 13:49 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-11 13:49 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-11 13:49 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-11 13:49 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-11 13:49 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-11 13:49 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-11 13:49 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-11 13:49 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-11 13:49 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-11 13:49 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-11 13:49 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-11 13:49 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-11 13:49 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-11 13:49 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-11 13:49 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-11 13:49 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-11 13:49 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-11 13:49 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-11 13:49 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-11 13:49 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-11 13:49 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-11 13:49 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-11 13:42 - 2015-11-11 13:42 - 00000000 ____D C:\ProgramData\A 2015-11-11 13:15 - 2015-11-11 13:15 - 00000000 ____D C:\ProgramData\Vitalwerks 2015-11-10 18:12 - 2015-11-10 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-11-10 18:12 - 2015-10-13 20:00 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-11-10 18:12 - 2015-10-13 20:00 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-11-10 18:12 - 2015-10-13 20:00 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-11-10 18:12 - 2015-10-13 20:00 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-11-10 18:11 - 2015-10-13 16:26 - 00608048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-11-10 18:09 - 2015-10-13 20:00 - 31514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 24199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 22993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 15293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 13916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 13828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 12898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-11-10 18:09 - 2015-10-13 20:00 - 11272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 11209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 04245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 03986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 01908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 01556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 00944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 00907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 00903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-11-10 18:09 - 2015-10-13 20:00 - 00869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-11-08 11:30 - 2015-12-01 20:07 - 00000000 ____D C:\EEK 2015-11-07 01:02 - 2015-11-07 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security 2015-11-07 01:02 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2015-11-07 01:01 - 2015-11-07 01:44 - 00831672 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-11-07 01:01 - 2015-11-07 01:01 - 00000000 ____D C:\Windows\ELAMBKUP 2015-11-07 01:01 - 2015-11-07 01:01 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2015-11-07 01:01 - 2015-06-27 22:14 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-11-07 01:01 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-11-06 23:17 - 2015-11-06 23:44 - 00000105 _____ C:\ProgramData\vhzvLr.path 2015-11-06 23:17 - 2015-11-06 23:44 - 00000091 _____ C:\ProgramData\vhzvLr.folder 2015-11-06 21:28 - 2015-11-07 01:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2015-11-06 21:21 - 2015-11-06 21:21 - 00262144 _____ C:\Windows\system32\config\elam 2015-11-06 21:14 - 2015-12-03 04:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-11-06 20:50 - 2015-11-06 20:50 - 00000000 ____D C:\Users\admin\Documents\My Games 2015-11-06 20:50 - 2015-11-06 20:50 - 00000000 ____D C:\ProgramData\Steam 2015-11-06 19:45 - 2015-11-06 19:45 - 00003360 _____ C:\Windows\System32\Tasks\{FC69F42C-6F7E-4342-A66C-6801059D8962} 2015-11-06 19:45 - 2015-11-06 19:45 - 00003360 _____ C:\Windows\System32\Tasks\{DD797C40-69B3-4789-8E7D-61D869973BFA} 2015-11-06 16:53 - 2015-11-06 16:53 - 00000000 ____D C:\Program Files (x86)\Running With Scissors 2015-11-06 15:27 - 2015-11-06 15:27 - 00000000 ____D C:\Program Files (x86)\Ubisoft 2015-11-06 14:36 - 2015-11-06 14:36 - 00000000 ____D C:\Program Files (x86)\Team 17 2015-11-05 16:06 - 2015-11-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86 2015-11-05 16:06 - 2015-11-05 16:07 - 00000000 ____D C:\Program Files (x86)\Dolphin x86 2015-11-03 19:49 - 2015-11-03 19:49 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll 2015-11-03 19:49 - 2015-11-03 19:49 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll 2015-11-03 19:49 - 2015-11-03 19:49 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys 2015-11-03 19:49 - 2015-11-03 19:49 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys 2015-11-03 19:49 - 2015-11-03 19:49 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-03 04:18 - 2015-06-25 22:14 - 00000000 ____D C:\FRST 2015-12-03 04:15 - 2015-06-24 00:08 - 00000000 ____D C:\ProgramData\VMware 2015-12-03 04:14 - 2015-05-19 14:30 - 00000000 ____D C:\ProgramData\NVIDIA 2015-12-03 04:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-03 04:11 - 2015-10-08 07:44 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Temp 2015-12-03 03:47 - 2015-10-07 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-03 03:10 - 2009-07-14 05:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-03 03:10 - 2009-07-14 05:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-02 23:10 - 2015-06-25 01:04 - 00001956 _____ C:\Windows\Sandboxie.ini 2015-12-02 23:10 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-02 23:06 - 2015-09-03 21:20 - 00000000 ____D C:\Users\admin\AppData\Local\JDownloader 2.0 2015-12-02 22:52 - 2015-06-25 03:16 - 00000000 ____D C:\Users\admin\Desktop\Sachen 2015-12-02 20:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-02 16:59 - 2015-07-21 15:57 - 00000000 ____D C:\Users\admin\Documents\Visual Studio 2013 2015-12-02 06:49 - 2015-05-19 12:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-02 05:17 - 2011-04-12 08:43 - 00757166 _____ C:\Windows\system32\perfh007.dat 2015-12-02 05:17 - 2011-04-12 08:43 - 00191018 _____ C:\Windows\system32\perfc007.dat 2015-12-02 05:17 - 2009-07-14 06:13 - 01704624 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-30 01:46 - 2015-06-27 21:26 - 00000000 ____D C:\Program Files (x86)\No-IP 2015-11-29 22:54 - 2015-05-19 12:27 - 00000000 ____D C:\Users\admin 2015-11-28 09:54 - 2015-10-17 16:00 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-11-26 19:35 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-26 01:38 - 2015-06-24 00:10 - 00000000 ____D C:\Users\admin\AppData\Roaming\VMware 2015-11-26 01:38 - 2015-06-24 00:10 - 00000000 ____D C:\Users\admin\AppData\Local\VMware 2015-11-26 01:23 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-11-25 02:07 - 2015-05-23 17:32 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc 2015-11-24 19:44 - 2015-10-28 17:37 - 00000000 ____D C:\Program Files\CyberGhost 5 2015-11-23 23:00 - 2015-06-24 01:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-23 22:53 - 2015-05-19 17:50 - 01698440 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-23 20:40 - 2015-10-17 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-23 20:40 - 2015-10-17 16:22 - 00000000 ____D C:\Program Files\Java 2015-11-23 20:40 - 2015-05-30 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2015-11-23 20:40 - 2015-05-30 20:01 - 00000000 ____D C:\Program Files (x86)\Java 2015-11-23 20:39 - 2015-09-02 16:03 - 00000000 ____D C:\Users\admin\.oracle_jre_usage 2015-11-23 20:38 - 2015-10-17 16:23 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-11-23 19:33 - 2015-11-02 22:52 - 00000000 ____D C:\AdwCleaner 2015-11-23 19:20 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\DigitalLocker 2015-11-23 18:55 - 2015-06-24 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-23 18:55 - 2015-06-24 01:14 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-11-23 18:35 - 2015-10-08 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-23 18:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2015-11-20 15:12 - 2015-05-30 12:47 - 00000000 ____D C:\Program Files (x86)\Nordic Games 2015-11-18 23:36 - 2015-11-01 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HashCalc 2015-11-18 23:36 - 2015-11-01 14:17 - 00000000 ____D C:\Program Files (x86)\HashCalc 2015-11-18 20:54 - 2015-09-14 19:48 - 00000000 ____D C:\Qoobox 2015-11-18 20:51 - 2015-09-14 19:48 - 00000000 ____D C:\Windows\erdnt 2015-11-18 20:50 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-11-18 20:46 - 2015-06-21 20:48 - 00000000 ____D C:\ProgramData\TEMP 2015-11-17 19:51 - 2011-04-12 08:54 - 00000000 ____D C:\Windows\ShellNew 2015-11-17 18:34 - 2015-05-19 12:21 - 00000000 ____D C:\Windows\CSC 2015-11-15 03:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system 2015-11-14 19:04 - 2015-05-30 17:09 - 00000000 ____D C:\Program Files (x86)\Lee_ 2015-11-13 23:21 - 2015-08-04 12:08 - 00000000 ____D C:\Tor Browser 2015-11-12 18:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-12 08:54 - 2015-06-24 01:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\Lavasoft 2015-11-12 08:54 - 2015-06-24 01:21 - 00000000 ____D C:\ProgramData\Lavasoft 2015-11-11 23:37 - 2011-04-12 08:54 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-11 18:01 - 2015-05-19 14:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2015-11-11 14:36 - 2015-10-15 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2015-11-11 14:36 - 2015-10-15 04:43 - 00000000 ____D C:\ProgramData\Freemake 2015-11-10 20:47 - 2015-10-17 16:00 - 00003928 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-11-10 20:47 - 2015-10-07 16:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-10 20:47 - 2015-05-19 18:47 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-10 20:47 - 2015-05-19 18:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-10 20:19 - 2015-10-21 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-11-10 18:12 - 2015-05-19 14:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2015-11-10 18:12 - 2015-05-19 14:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2015-11-07 04:04 - 2015-09-13 21:54 - 00000000 ____D C:\Users\admin\AppData\Roaming\DAEMON Tools Lite 2015-11-07 01:44 - 2015-06-27 22:14 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys 2015-11-07 01:25 - 2015-07-23 15:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2015-11-06 20:50 - 2015-05-19 13:10 - 00000000 ____D C:\Program Files\COMODO 2015-11-06 20:41 - 2015-05-19 13:09 - 00000000 ____D C:\ProgramData\Comodo 2015-11-06 19:43 - 2015-06-18 20:59 - 00000000 ____D C:\Windows\SysWOW64\directx 2015-11-06 17:04 - 2015-07-21 15:18 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-06 16:42 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-11-06 16:29 - 2015-11-02 12:28 - 00007597 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg 2015-11-05 16:08 - 2015-08-22 16:32 - 00000000 ____D C:\Users\admin\Documents\Dolphin Emulator ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-20 21:51 - 2015-06-05 15:58 - 0000001 _____ () C:\Users\admin\AppData\Roaming\update.dat 2015-11-02 12:28 - 2015-11-06 16:29 - 0007597 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg 2015-10-28 13:58 - 2015-10-28 13:58 - 1859600 _____ () C:\ProgramData\vhzvLr 2015-10-28 13:58 - 2015-10-28 13:58 - 0750320 _____ (AutoIt Team) C:\ProgramData\vhzvLr.exe 2015-11-06 23:17 - 2015-11-06 23:44 - 0000091 _____ () C:\ProgramData\vhzvLr.folder 2015-11-06 23:17 - 2015-11-06 23:44 - 0000105 _____ () C:\ProgramData\vhzvLr.path Dateien, die verschoben oder gelöscht werden sollten: ==================== C:\ProgramData\vhzvLr.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-30 18:50 ==================== Ende von FRST.txt ============================ jetzt sind die meisten komischen prozesse weg denk ich mal aber der prozess "plugin-container" ist jetzt statt 4 mal immernoch 3 mal da.ist das normal? |
03.12.2015, 22:05 | #21 |
/// the machine /// TB-Ausbilder | komische prozesse,bin ich infiziert? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\RunOnce: [{f255478c-ebfa-426d-a975-4a8d1f9432a4}] => C:\ProgramData\Package Cache\{f255478c-ebfa-426d-a975-4a8d1f9432a4}\vs_langpack.exe [1016624 2015-08-15] (Microsoft Corporation) Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schau mal ob der Container weg ist wenn der Browser zu ist.
__________________ --> komische prozesse,bin ich infiziert? |
05.12.2015, 08:25 | #22 |
| komische prozesse,bin ich infiziert? hier das fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-12-2015 durchgeführt von admin (2015-12-05 08:19:13) Run:6 Gestartet von C:\Users\admin\Desktop Geladene Profile: admin (Verfügbare Profile: admin & schinken42.ddns.net) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** HKLM-x32\...\RunOnce: [{f255478c-ebfa-426d-a975-4a8d1f9432a4}] => C:\ProgramData\Package Cache\{f255478c-ebfa-426d-a975-4a8d1f9432a4}\vs_langpack.exe [1016624 2015-08-15] (Microsoft Corporation) ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{f255478c-ebfa-426d-a975-4a8d1f9432a4} => Wert erfolgreich entfernt ==== Ende von Fixlog 08:19:13 ==== ja du hast recht wenn mein firefox geschlossen ist sind die 3 plugin-container nicht mehr da.ist mein firefox infected? |
05.12.2015, 22:26 | #23 |
/// the machine /// TB-Ausbilder | komische prozesse,bin ich infiziert? nee, is normal
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.12.2015, 02:50 | #24 |
| komische prozesse,bin ich infiziert? ok dann wäre das hier wohl erledigt, danke. mfg, |
07.12.2015, 15:55 | #25 |
/// the machine /// TB-Ausbilder | komische prozesse,bin ich infiziert? Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix deinstallieren .
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung: Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.12.2015, 12:36 | #26 |
| komische prozesse,bin ich infiziert? danke für die hilfe. jetzt sind in meinem taskmanager nur noch die prozesse drinen die ich auch normalen programmen zuordnen kann da. mfg, |
Themen zu komische prozesse,bin ich infiziert? |
backdoor.darkcomet.trace, backdoor.daromec, bestimmte, bestimmten, bin ich infiziert, cyberghost, diverse, dnsapi.dll, festplatte, gefährlich, google, immernoch, infiziert, kaspersky total security, komische, logfile, neustart, platte, prozess, prozesse, rundll, rundll32.exe, scanner, taskmanager, virtool.vbbind, windows, ähnliches |