|
Log-Analyse und Auswertung: Windows X64 mit FakeAlert infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.11.2015, 18:44 | #1 |
| Windows X64 mit FakeAlert infiziert Hallo, mein Rechner ist mit FakeAlert infiziert. Habe mit Malwarebyte durchsucht, gelöscht, gebootet ... alles beim alten. Ich benötige Unterstützung. Dazu füge ich bei: a) Log von Malwarebytes 2) log von Defogger 3) 2 logs von FRST 4) Log vom GMER reiche wegen Beitragsgröße nach Besten Dank Rk1757 Code:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2015/11/24 21:47:21 +0100</date> <logfile>mbam-log-2015-11-24 (21-47-04).xml</logfile> <isadmin>no</isadmin> </header> <engine> <version>2.2.0.1024</version> <malware-database>v2015.11.24.06</malware-database> <rootkit-database>v2015.11.23.01</rootkit-database> <license>premium</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>enabled</self-protection> </engine> <system> <hostname>R-PC-SAM</hostname> <ip>192.168.178.23</ip> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Privat</username> <filesys>NTFS</filesys> </system> <summary> <type>custom</type> <result>cancelled</result> <objects>105189</objects> <time>1142</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>11</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>enabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <file><path>C:\Program Files\GIMP 2\bin\freebl3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>cc0a0180315ab08640255dd225dcad53</hash></file> <file><path>C:\Program Files\GIMP 2\bin\libnspr4.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>bc1aa8d91b70a2942144c36c8d74fd03</hash></file> <file><path>C:\Program Files\GIMP 2\bin\libplc4.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>cb0bf091ec9f082e95d040ef51b013ed</hash></file> <file><path>C:\Program Files\GIMP 2\bin\libplds4.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>4096ccb5c4c754e2c1a4ad826b9645bb</hash></file> <file><path>C:\Program Files\GIMP 2\bin\nss3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>3e98235e177442f40c59111e3fc2f30d</hash></file> <file><path>C:\Program Files\GIMP 2\bin\nssckbi.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>5e78d1b0692260d6da8ba08f53ae45bb</hash></file> <file><path>C:\Program Files\GIMP 2\bin\nssdbm3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>775f19683d4ec1751e471d1204fd36ca</hash></file> <file><path>C:\Program Files\GIMP 2\bin\nssutil3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>775ffe83eaa1dc5adc8955daf40d9b65</hash></file> <file><path>C:\Program Files\GIMP 2\bin\smime3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>09cdaad77219280e5c091d120cf514ec</hash></file> <file><path>C:\Program Files\GIMP 2\bin\softokn3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>409685fc7f0c8aac2c39f8370ff204fc</hash></file> <file><path>C:\Program Files\GIMP 2\bin\ssl3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>b323225f68232610e87d151a3ec3be42</hash></file> </items> </mbam-log> Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:01 on 25/11/2015 (R) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015 durchgeführt von Privat (ACHTUNG: der Benutzer ist kein Administrator) auf R-PC-SAM (25-11-2015 18:02:39) Gestartet von C:\Users\Privat\Downloads\FRST Geladene Profile: R & Privat (Verfügbare Profile: R & Coach & Privat) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) konnte nicht auf den Prozess zugreifen -> smss.exe konnte nicht auf den Prozess zugreifen -> csrss.exe konnte nicht auf den Prozess zugreifen -> wininit.exe konnte nicht auf den Prozess zugreifen -> csrss.exe konnte nicht auf den Prozess zugreifen -> services.exe konnte nicht auf den Prozess zugreifen -> lsass.exe konnte nicht auf den Prozess zugreifen -> lsm.exe konnte nicht auf den Prozess zugreifen -> winlogon.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> MsMpEng.exe konnte nicht auf den Prozess zugreifen -> atiesrxx.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> atieclxx.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> spoolsv.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> armsvc.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> mbamservice.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe konnte nicht auf den Prozess zugreifen -> svchost.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe konnte nicht auf den Prozess zugreifen -> TeamViewer_Service.exe konnte nicht auf den Prozess zugreifen -> WmiPrvSE.exe konnte nicht auf den Prozess zugreifen -> NisSrv.exe konnte nicht auf den Prozess zugreifen -> svchost.exe konnte nicht auf den Prozess zugreifen -> WUDFHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe konnte nicht auf den Prozess zugreifen -> SearchIndexer.exe konnte nicht auf den Prozess zugreifen -> wmpnetwk.exe konnte nicht auf den Prozess zugreifen -> tv_w32.exe konnte nicht auf den Prozess zugreifen -> tv_x64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE konnte nicht auf den Prozess zugreifen -> svchost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe konnte nicht auf den Prozess zugreifen -> dllhost.exe konnte nicht auf den Prozess zugreifen -> OSPPSVC.EXE (AVAST Software) C:\Users\Privat\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe konnte nicht auf den Prozess zugreifen -> MpCmdRun.exe konnte nicht auf den Prozess zugreifen -> MpCmdRun.exe konnte nicht auf den Prozess zugreifen -> conhost.exe konnte nicht auf den Prozess zugreifen -> SearchProtocolHost.exe konnte nicht auf den Prozess zugreifen -> TrustedInstaller.exe konnte nicht auf den Prozess zugreifen -> SearchFilterHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\...\MountPoints2: {fab08242-f2ed-11e4-992c-002454164d61} - G:\start.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-03] (Microsoft Corporation) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{577C61D7-1B72-41BF-A1D7-2A177E50DDC8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{97B1E5B2-DDE4-4846-98AF-3ED3951786B1}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://zeus.daa.de/ URLSearchHook: [S-1-5-21-1269753938-3578349479-3780603664-1001] ACHTUNG => Standard URLSearchHook fehlt SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-30] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Privat\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll [2015-06-24] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default FF NewTab: www.google.de FF Homepage: hxxp://www.google.de www.yahoo.de hxxp://science.orf.at/ hxxp://www.ard-text.de/ hxxp://www.checkliste.de/selbstmanagement/bewerbung-und-job/ hxxp://zattoo.com/watch/ard hxxps://mail.daa.de/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1 hxxps://zeus.daa.de/vpn/index.html hxxp://fritz.box FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-16] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1269753938-3578349479-3780603664-1004: @Citrix.com/npican -> C:\Users\Privat\AppData\Local\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.) FF Plugin HKU\S-1-5-21-1269753938-3578349479-3780603664-1004: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Privat\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) FF Extension: FoxyProxy Standard - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\extensions\foxyproxy@eric.h.jung [2015-06-02] FF Extension: HTTPS-Everywhere - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\extensions\https-everywhere-eff@eff.org [2015-08-28] FF Extension: Deutsch (DE) Language Pack - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-11-07] FF Extension: Locale Switcher - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-06-10] FF Extension: New Tab Homepage - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2015-10-19] FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-09-21] FF Extension: Adblock Plus - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-25] FF Extension: Bitdefender QuickScan - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-10-19] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd) S3 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-06-02] (SurfRight B.V.) S4 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2480640 2014-05-27] () [Datei ist nicht signiert] R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-20] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2015-11-20] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-05-09] (Acronis International GmbH) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-06-02] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2015-05-05] (Paragon Software Group) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2015-05-23] (Realtek Semiconductor Corporation ) R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-07-26] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-26] (Acronis International GmbH) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-07-24] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-07-24] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-07-24] () R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2015-05-16] (Vimicro Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-25 18:00 - 2015-11-25 18:00 - 00000000 _____ C:\Users\R\defogger_reenable 2015-11-25 17:59 - 2015-11-25 18:00 - 00000000 ____D C:\Users\Privat\Downloads\Defogger 2015-11-24 14:58 - 2015-11-24 14:58 - 00000000 ____D C:\Users\Privat\Downloads\QuizPro 2015-11-24 14:42 - 2015-11-25 17:48 - 00000280 _____ C:\Windows\setupact.log 2015-11-24 14:42 - 2015-11-24 14:42 - 00000000 _____ C:\Windows\setuperr.log 2015-11-24 14:22 - 2015-11-24 14:22 - 00223505 _____ C:\Users\R\Downloads\Setup.exe 2015-11-24 14:21 - 2015-11-24 14:57 - 00000000 ____D C:\Users\Privat\Downloads\SIMcon 2015-11-24 08:55 - 2015-11-24 08:55 - 00000848 _____ C:\Users\Public\Desktop\UltraDefrag.lnk 2015-11-23 14:12 - 2015-11-23 14:12 - 00001138 _____ C:\Users\Privat\Desktop\MediathekView.lnk 2015-11-23 06:41 - 2015-11-23 06:41 - 00002022 _____ C:\Users\R\Desktop\FileHippo App Manager.lnk 2015-11-23 06:40 - 2015-11-23 06:40 - 00000000 ____D C:\Users\Privat\Downloads\FileHippo 2015-11-22 09:51 - 2015-11-22 09:52 - 00000000 ____D C:\TEMP 2015-11-21 18:28 - 2015-11-21 18:28 - 00200974 _____ C:\Users\Privat\AppData\Local\recently-used.xbel 2015-11-21 12:59 - 2015-11-21 13:01 - 00000000 ____D C:\Users\R\.gimp-2.8 2015-11-21 12:59 - 2015-11-21 12:59 - 00000000 ____D C:\Users\R\AppData\Local\gegl-0.2 2015-11-21 12:32 - 2015-11-21 12:32 - 00001852 _____ C:\Users\Public\Desktop\IrfanView 64 Thumbnails.lnk 2015-11-21 12:32 - 2015-11-21 12:32 - 00000982 _____ C:\Users\Public\Desktop\IrfanView 64.lnk 2015-11-21 12:32 - 2015-11-21 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2015-11-21 12:32 - 2015-11-21 12:32 - 00000000 ____D C:\Program Files\IrfanView 2015-11-21 12:30 - 2015-11-23 08:10 - 00002192 _____ C:\Windows\system32\ASOROSet.bin 2015-11-21 12:28 - 2015-11-21 12:28 - 00000000 ____D C:\Users\R\Desktop\Alte Firefox-Daten 2015-11-21 11:27 - 2015-11-21 13:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\IrfanView 2015-11-21 09:44 - 2015-11-21 12:32 - 00000000 ____D C:\Users\R\AppData\Roaming\IrfanView 2015-11-21 09:42 - 2015-11-21 11:54 - 00000000 ____D C:\Users\Privat\Downloads\IrfanView 2015-11-20 17:31 - 2015-11-20 17:31 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2015-11-20 16:54 - 2015-11-20 16:54 - 00047160 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2015-11-20 16:53 - 2015-11-24 18:25 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-11-20 16:53 - 2015-11-20 16:53 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-11-20 11:42 - 2015-11-20 11:42 - 00089600 _____ (UltraDefrag Development Team) C:\Windows\system32\udefrag.exe 2015-11-20 11:42 - 2015-11-20 11:42 - 00013312 _____ (UltraDefrag Development Team) C:\Windows\system32\hibernate4win.exe 2015-11-20 11:42 - 2015-11-20 11:42 - 00012288 _____ (UltraDefrag Development Team) C:\Windows\system32\bootexctrl.exe 2015-11-20 11:41 - 2015-11-20 11:41 - 00394752 _____ (UltraDefrag Development Team) C:\Windows\system32\defrag_native.exe 2015-11-20 11:41 - 2015-11-20 11:41 - 00132608 _____ C:\Windows\system32\lua5.1a.dll 2015-11-20 11:41 - 2015-11-20 11:41 - 00055808 _____ (UltraDefrag Development Team) C:\Windows\system32\udefrag.dll 2015-11-20 11:41 - 2015-11-20 11:41 - 00033792 _____ (UltraDefrag Development Team) C:\Windows\system32\wgx.dll 2015-11-20 11:40 - 2015-11-20 11:40 - 00337920 _____ (UltraDefrag Development Team) C:\Windows\system32\zenwinx.dll 2015-11-17 06:44 - 2015-11-17 08:25 - 00014217 _____ C:\Users\Privat\Documents\Fritzbox.xlsx 2015-11-12 08:33 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-10 21:59 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-10 21:59 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-10 21:59 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-10 21:59 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-10 21:59 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-10 21:59 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-10 21:59 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-10 21:59 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-10 21:59 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-10 21:59 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-10 21:59 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-10 21:59 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-10 21:59 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-10 21:59 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-10 21:59 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-10 21:59 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-10 21:59 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-10 21:59 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-10 21:59 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-10 21:59 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-10 21:59 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-10 21:59 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-10 21:59 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-10 21:59 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-10 21:59 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-10 21:59 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-10 21:59 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-10 21:59 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-10 21:59 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-10 21:59 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-10 21:59 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-10 21:59 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-10 21:59 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-10 21:59 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-10 21:59 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-10 21:59 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-10 21:59 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-10 21:59 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-10 21:59 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-10 21:59 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-10 21:59 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-10 21:59 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-10 21:59 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-10 21:59 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-10 21:59 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-10 21:59 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-10 21:59 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-10 21:59 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-10 21:59 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-10 21:59 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-10 21:59 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-10 21:59 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-10 21:59 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-10 21:59 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-10 21:59 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-10 21:59 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-10 21:59 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-10 21:59 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-10 21:59 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-10 21:59 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-10 21:59 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-10 21:59 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-10 21:59 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-10 21:59 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-10 21:59 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-10 21:59 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-10 21:59 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-10 21:59 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-10 21:59 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-10 21:59 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-10 21:59 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-10 21:59 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-10 21:59 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-10 21:59 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-10 21:59 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-10 21:59 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-10 21:59 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-10 21:59 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-10 21:59 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-10 21:59 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-10 21:59 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-10 21:59 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-10 21:59 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-10 21:58 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-10 21:58 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-10 21:58 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-10 21:50 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-10 21:50 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-10 21:50 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-10 21:49 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-10 21:49 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-10 21:49 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-10 18:05 - 2015-11-10 18:05 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 2015-11-10 18:00 - 2015-11-10 18:00 - 00000000 ____D C:\Users\R\Desktop\OpenOffice 4.1.2 (de) Installation Files 2015-11-10 17:35 - 2015-11-10 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2015-11-08 18:38 - 2015-11-09 09:37 - 00000000 ____D C:\Users\Privat\AppData\Roaming\SmartTools 2015-11-08 18:38 - 2015-11-08 18:38 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools 2015-11-08 18:37 - 2015-11-08 18:37 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Programme 2015-11-08 16:09 - 2015-11-08 16:09 - 00000000 ____D C:\Users\Privat\Downloads\Falzassi 2015-11-08 14:14 - 2015-11-08 14:14 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2015-11-08 14:14 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-08 14:14 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-08 14:14 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-08 14:14 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-08 14:14 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-08 14:14 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-08 14:13 - 2015-11-08 14:14 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2015-11-08 14:13 - 2015-11-08 14:13 - 00000000 ____D C:\ProgramData\HP Photo Creations 2015-11-07 09:50 - 2015-11-08 16:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-02 11:11 - 2015-11-02 11:12 - 00000000 ____D C:\Users\Privat\Downloads\Setup Pixum Fotowelt 2015-11-01 11:59 - 2015-11-09 15:09 - 00000000 ___RD C:\Users\Privat\Documents\RocketLifeNetwork 2015-11-01 11:53 - 2015-11-09 15:09 - 00000000 ____D C:\Users\Privat\AppData\Roaming\HP Photo Creations 2015-11-01 11:53 - 2015-11-01 11:59 - 00001954 _____ C:\Users\Privat\Desktop\HP Photo Creations.lnk 2015-11-01 11:53 - 2015-11-01 11:59 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Visan 2015-11-01 11:53 - 2015-11-01 11:53 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2015-11-01 11:40 - 2015-11-01 11:40 - 00000322 _____ C:\Users\R\Desktop\HP Druckerdiagnosetools.url 2015-11-01 11:40 - 2015-11-01 11:40 - 00000000 ____D C:\ProgramData\Visan 2015-11-01 11:36 - 2015-11-01 11:36 - 00000000 ____D C:\Windows\Hewlett-Packard 2015-11-01 11:34 - 2015-11-15 14:13 - 00000000 ____D C:\Users\Privat\AppData\Roaming\HpUpdate 2015-11-01 09:19 - 2015-11-01 08:19 - 00000052 _____ C:\Users\Privat\Documents\KlimaLoggPro.log 2015-11-01 08:19 - 2015-10-14 05:16 - 00000052 _____ C:\Users\Privat\Documents\2015_11_01-KlimaLoggPro.log 2015-11-01 08:16 - 2015-11-01 08:17 - 04103179 _____ C:\Users\Privat\Downloads\npp.6.8.6.Installer.exe 2015-10-30 20:13 - 2015-10-20 20:39 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-25 18:03 - 2015-05-03 20:14 - 00000000 ____D C:\Users\Privat\Documents\Outlook-Dateien 2015-11-25 18:03 - 2015-05-03 19:39 - 00000000 ____D C:\Windows\CryptoGuard 2015-11-25 18:02 - 2015-05-03 18:43 - 00000000 ____D C:\Users\Privat\Downloads\FRST 2015-11-25 18:02 - 2015-05-03 15:02 - 01261293 _____ C:\Windows\WindowsUpdate.log 2015-11-25 18:02 - 2015-03-28 08:26 - 00000000 ____D C:\FRST 2015-11-25 18:00 - 2015-05-03 15:27 - 00000000 ____D C:\Users\R 2015-11-25 17:56 - 2009-07-14 05:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-25 17:56 - 2009-07-14 05:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-25 17:48 - 2015-05-23 19:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-25 17:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-25 07:04 - 2015-05-23 19:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-25 06:50 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\Birkenring 40 2015-11-25 06:41 - 2015-06-28 13:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-24 22:16 - 2014-12-22 04:01 - 00000000 ____D C:\AdwCleaner 2015-11-24 18:26 - 2015-05-03 18:42 - 00000000 ____D C:\Users\Privat\Downloads\CCleaner 2015-11-24 18:23 - 2015-05-14 18:43 - 00007631 _____ C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-11-24 15:01 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\Microsoft Safety Scanner 2015-11-24 13:50 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Mp3tag 2015-11-24 13:49 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\vlc 2015-11-24 09:39 - 2015-05-03 20:24 - 00000000 ____D C:\Users\Privat\Documents\T-Mobile 2015-11-24 09:26 - 2015-05-03 20:25 - 00000000 ____D C:\Users\Privat\Documents\T-Online 2015-11-24 08:56 - 2015-05-04 09:41 - 00000000 ____D C:\Program Files\UltraDefrag 2015-11-24 08:55 - 2015-05-04 09:41 - 00000860 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk 2015-11-24 08:54 - 2015-05-03 18:52 - 00000000 ____D C:\Users\Privat\Downloads\UltraDefrag 2015-11-24 08:53 - 2015-05-03 19:23 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-11-24 08:28 - 2015-05-07 06:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-23 14:12 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\MediathekView 2015-11-23 14:10 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.mediathek3 2015-11-23 08:56 - 2009-07-14 18:58 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-11-23 08:56 - 2009-07-14 18:58 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-11-23 08:56 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-23 08:11 - 2015-05-03 17:40 - 00000000 ____D C:\Users\Privat 2015-11-23 06:41 - 2015-05-09 11:44 - 00002052 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk 2015-11-23 06:41 - 2015-05-09 11:44 - 00000000 ____D C:\Program Files (x86)\FileHippo.com 2015-11-22 18:46 - 2015-07-17 17:02 - 00000000 ____D C:\Users\Privat\MediathekView 2015-11-21 18:28 - 2015-05-03 18:25 - 00000000 ____D C:\Users\Privat\AppData\Local\gtk-2.0 2015-11-21 18:28 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.gimp-2.8 2015-11-21 12:31 - 2015-05-03 17:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-21 12:26 - 2015-05-03 15:28 - 00000000 ____D C:\Users\R\AppData\Local\VirtualStore 2015-11-21 12:04 - 2015-05-03 17:40 - 00000000 ____D C:\Users\Privat\AppData\Local\VirtualStore 2015-11-21 11:52 - 2015-05-03 16:44 - 00156352 _____ C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-21 09:33 - 2015-05-03 18:25 - 00000000 ____D C:\Users\Privat\AppData\Local\JDownloader 2.0 2015-11-20 17:31 - 2015-08-30 10:49 - 00001159 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-11-20 17:31 - 2015-08-30 10:49 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-11-20 17:30 - 2015-05-08 18:42 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Skype 2015-11-20 17:29 - 2015-05-08 18:41 - 00000000 ____D C:\ProgramData\Skype 2015-11-20 16:45 - 2015-05-03 18:43 - 00000000 ____D C:\Users\Privat\Downloads\Daemon Lite 2015-11-20 12:35 - 2015-05-03 20:25 - 00000000 ____D C:\Users\Privat\Documents\Trauerrede 2015-11-19 22:22 - 2015-10-09 16:29 - 00000930 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-11-19 22:22 - 2015-10-09 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-11-19 22:22 - 2015-10-09 16:29 - 00000000 ____D C:\Program Files\Calibre2 2015-11-19 22:20 - 2015-05-03 18:42 - 00000000 ____D C:\Users\Privat\Downloads\Calibre 2015-11-16 06:41 - 2015-05-12 07:54 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-16 06:41 - 2015-05-12 07:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-12 14:53 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\DAA GVM 2015-11-12 12:27 - 2009-07-14 05:45 - 00536848 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-12 12:18 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-11 09:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-10 22:25 - 2015-05-03 15:35 - 00000000 ____D C:\Windows\system32\MRT 2015-11-10 22:17 - 2015-05-03 15:35 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-10 22:16 - 2015-05-03 21:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-10 22:08 - 2015-05-04 05:29 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-10 22:03 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-10 21:56 - 2015-09-12 14:06 - 00000000 ____D C:\Users\Privat\TapinRadio 2015-11-10 18:51 - 2015-05-03 17:41 - 00156352 _____ C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-10 18:05 - 2015-05-13 09:55 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2015-11-10 18:05 - 2015-05-03 18:48 - 00000000 ____D C:\Users\Privat\Downloads\OpenOffice 2015-11-10 17:35 - 2015-05-03 19:20 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2015-11-10 17:34 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\Mp3Tag 2015-11-09 09:37 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\Add-in Express 2015-11-08 16:03 - 2015-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-08 14:14 - 2015-05-07 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-11-07 15:34 - 2015-07-25 08:14 - 00000000 ____D C:\Users\Privat\AppData\LocalLow\Adblock Plus for IE 2015-11-04 08:07 - 2015-07-17 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-03 10:47 - 2015-05-03 18:28 - 00000000 ____D C:\Users\Privat\Desktop\DAA GVM 2015-11-02 11:02 - 2015-05-03 18:12 - 00000000 ____D C:\Users\Privat\Downloads\TotalComander 2015-11-02 09:46 - 2015-05-03 18:28 - 00000000 ___RD C:\Users\Privat\Desktop\Admi 2015-11-01 11:43 - 2015-05-09 08:47 - 00000000 ____D C:\Users\R\AppData\Roaming\HpUpdate 2015-11-01 11:37 - 2015-05-07 16:29 - 00000000 ____D C:\Program Files (x86)\HP 2015-11-01 08:24 - 2015-05-14 11:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1.tmp 2015-11-01 08:24 - 2015-05-14 11:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1 2015-11-01 08:24 - 2015-05-03 18:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\KlimaLoggPro 2015-11-01 08:17 - 2015-09-06 09:15 - 00000000 ____D C:\Users\R\AppData\Roaming\Notepad++ 2015-10-30 20:14 - 2015-08-24 17:31 - 00000000 ____D C:\Users\R\.oracle_jre_usage 2015-10-30 20:14 - 2015-08-24 17:31 - 00000000 ____D C:\Users\Privat\.oracle_jre_usage 2015-10-30 20:13 - 2015-08-24 17:31 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-10-30 20:13 - 2015-08-24 17:30 - 00000000 ____D C:\Program Files\Java 2015-10-30 16:53 - 2015-07-03 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-03 18:20 - 2015-01-25 14:16 - 0000093 _____ () C:\Users\Privat\AppData\Roaming\ARCompanion.log 2015-05-15 08:04 - 2015-07-15 07:40 - 0000842 _____ () C:\Users\Privat\AppData\Roaming\Drives Meter_Settings.ini 2015-11-21 18:28 - 2015-11-21 18:28 - 0200974 _____ () C:\Users\Privat\AppData\Local\recently-used.xbel 2015-05-09 10:11 - 2015-05-09 10:11 - 0000043 ___SH () C:\ProgramData\.zreglib 2015-05-23 08:16 - 2015-05-23 08:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-05-14 11:14 - 2015-11-01 08:24 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1 2015-05-14 11:14 - 2015-11-01 08:24 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1.tmp 2015-05-07 11:33 - 2015-05-07 11:33 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. der Benutzer ist kein Administrator ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-11-2015 durchgeführt von Privat (2015-11-25 18:04:08) Gestartet von C:\Users\Privat\Downloads\FRST Windows 7 Ultimate Service Pack 1 (X64) (2015-05-03 14:27:52) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1269753938-3578349479-3780603664-500 - Administrator - Disabled) Coach (S-1-5-21-1269753938-3578349479-3780603664-1003 - Limited - Enabled) => C:\Users\Coach Gast (S-1-5-21-1269753938-3578349479-3780603664-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1269753938-3578349479-3780603664-1002 - Limited - Enabled) Privat (S-1-5-21-1269753938-3578349479-3780603664-1004 - Limited - Enabled) => C:\Users\Privat R (S-1-5-21-1269753938-3578349479-3780603664-1001 - Administrator - Enabled) => C:\Users\R ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Acronis True Image 2015 (HKLM-x32\...\{2F70A6E6-2F71-4907-8441-BDC5D300310B}Visible) (Version: 18.0.6613 - Acronis) Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{25107779-C295-EB3E-3C92-AC1B45680012}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) avast! Browser Cleanup (HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\...\avast! Browser Cleanup) (Version: 10.2.2218.80 - AVAST Software) AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin) AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin) AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) BatteryLifeExtender (HKLM-x32\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung) Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation) calibre 64bit (HKLM\...\{A80512D3-A72D-4DAF-B7DF-3804F9FAB1CE}) (Version: 2.44.1 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Citrix Receiver (HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\...\CitrixOnlinePluginPackWeb) (Version: 14.1.2.3 - Citrix Systems, Inc.) CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes) COMODO System Utilities (HKLM\...\{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}) (Version: 4.0.226743.26 - COMODO) Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd) Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Photo Creations (HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\...\HP Photo Creations) (Version: 1.0.0.19382 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation) Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version: - TFA Dostmann) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.16.3 - Marvell) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) Mp3tag v2.72 (HKLM-x32\...\Mp3tag) (Version: v2.72 - Florian Heidenreich) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Namuga 1.3M Webcam (HKLM-x32\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) Paragon Festplatten Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software) Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC) Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7459 - Realtek Semiconductor Corp.) S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Self-Service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Hidden SmartTools Falz & Lochmarken-Assistent 8.3 für Word (HKLM-x32\...\{522C2E5C-3895-44C3-9AD7-F59CAFE8990A}) (Version: 8.3.0.0 - SmartTools Publishing) Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{C9347A74-CDAD-4076-B754-11752F6BE324}) (Version: 22.0.334.0 - Hewlett-Packard Co.) SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated) TapinRadio 1.71.2 (x64) (HKLM-x32\...\TapinRadio_is1) (Version: - Raimersoft) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems) Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.1 - UltraDefrag Development Team) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation) WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden Youtube Downloader HD v. 2.9.9.23 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= ACHTUNG: Systemwiederherstellung ist deaktiviert Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: !SASCORE => 3 MSCONFIG\Services: AcrSch2Svc => 3 MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\Services: CSUService => 2 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: KlimaLogg Service => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: Lexware_Update_Service => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: SWUpdateService => 2 MSCONFIG\Services: syncagentsrv => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => REM C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: adm_tray.exe => REM C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming MSCONFIG\startupreg: HP Software Update => REM C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: PDFPrint => REM C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => REM "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TrueImageMonitor.exe => REM "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: UCam_Menu => REM "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{5B5BAAD7-C27A-433D-BF15-8D0466696919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{079FAD09-9EA7-421E-AADB-78B42598D130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{20034301-9439-4F46-AF5C-548B4F2C3809}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{1246295B-6556-44D9-AE3A-E4E573CE8430}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{C9AD7762-34D0-46EF-B212-938167D6034C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{5CF7127C-5FB7-4EE5-8704-DDFAB4E4A8BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{02CE4919-36F7-4A9E-B5A2-3218DA5F6B8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AF83AD2D-3A2B-43E9-91A2-89EE3B1FA357}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe FirewallRules: [{7C43FFFB-EDCD-4BFD-B1C7-4B3B261D3345}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe FirewallRules: [{8E13B30F-4358-4215-9B06-EB97420A34A2}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe FirewallRules: [{F48AC153-3B3D-4455-B792-CE825D18B5D3}] => (Allow) LPort=1900 FirewallRules: [{E69511C7-8E5A-4946-A703-72AFF079FD3D}] => (Allow) LPort=2869 FirewallRules: [{A1709944-5227-47E7-90C1-A74419ADFADD}] => (Allow) C:\Windows\ehome\ehrecvr.exe FirewallRules: [{AC489AC5-F72B-48C4-AAF9-ACB209AAFAC5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6C82E8B0-543E-497D-8811-23688FAA2D03}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{E8714BE3-A289-4D00-AB7F-4C84D6DF7F5D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{CE91B477-E531-4FBB-A876-7FCC8843DF48}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [TCP Query User{62B2E79A-791B-4208-85D7-AD32377322E9}C:\program files (x86)\teamviewer\teamviewer.exe] => (Block) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [UDP Query User{7CDFF5E7-AE45-4F06-B610-4806C66E8E8D}C:\program files (x86)\teamviewer\teamviewer.exe] => (Block) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [TCP Query User{26746768-E0E9-4991-815E-0F6FCC02138D}C:\tapinradio\tapinradio.exe] => (Allow) C:\tapinradio\tapinradio.exe FirewallRules: [UDP Query User{DA4EECC3-B75D-4FC7-85CB-CA966377DFF7}C:\tapinradio\tapinradio.exe] => (Allow) C:\tapinradio\tapinradio.exe FirewallRules: [{C9A70CE1-4739-4B08-A02B-D048B1CF77AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E028CCF8-70A9-4C2A-ABF9-D80E2458CD94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{BCB88373-596B-4477-B74A-479B0950E202}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E649F107-CC76-4CFB-9C6E-2BB03EAD4D68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3966F306-E517-4E73-AA60-C289B2066D78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{108BAB21-0794-4B55-8A82-11C701FB435C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/24/2015 02:48:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:48:48 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:25:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:25:29 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 11:39:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7162.5003, Zeitstempel: 0x56344207 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56258f05 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x1208 Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0 Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1 Pfad des fehlerhaften Moduls: OUTLOOK.EXE2 Berichtskennung: OUTLOOK.EXE3 Error: (11/16/2015 06:39:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: dmhkcore.exe, Version: 3.0.3.8, Zeitstempel: 0x4aab9389 Name des fehlerhaften Moduls: dmhkcore.exe, Version: 3.0.3.8, Zeitstempel: 0x4aab9389 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00029497 ID des fehlerhaften Prozesses: 0x8b0 Startzeit der fehlerhaften Anwendung: 0xdmhkcore.exe0 Pfad der fehlerhaften Anwendung: dmhkcore.exe1 Pfad des fehlerhaften Moduls: dmhkcore.exe2 Berichtskennung: dmhkcore.exe3 Error: (11/11/2015 06:00:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7162.5003, Zeitstempel: 0x56344207 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56258e62 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ced0b ID des fehlerhaften Prozesses: 0x904 Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0 Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1 Pfad des fehlerhaften Moduls: OUTLOOK.EXE2 Berichtskennung: OUTLOOK.EXE3 Systemfehler: ============= Error: (11/25/2015 05:49:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 05:49:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 07:05:37 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/25/2015 06:53:58 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 06:53:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 10:09:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 10:09:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 09:45:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 09:45:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 06:27:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 CodeIntegrity: =================================== Date: 2015-11-25 17:59:46.426 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 17:48:11.307 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 07:04:35.952 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 06:52:20.630 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 01:33:31.578 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22943_none_c02edbb4165e839e\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 01:33:31.453 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22943_none_c02edbb4165e839e\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 01:33:31.329 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22943_none_c02edbb4165e839e\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 01:33:30.751 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 01:33:30.611 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 01:33:30.393 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows.old\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz Prozentuale Nutzung des RAM: 68% Installierter physikalischer RAM: 4060.61 MB Verfügbarer physikalischer RAM: 1282.71 MB Summe virtueller Speicher: 8119.43 MB Verfügbarer virtueller Speicher: 5472.41 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:198.89 GB) (Free:30.72 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (Daten) (Fixed) (Total:131.39 GB) (Free:36.52 GB) NTFS Drive e: (temp) (Fixed) (Total:59.43 GB) (Free:6.35 GB) NTFS Drive f: (CDRoot) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS ==================== MBR & Partitionstabelle ================== ==================== Ende von Addition.txt ============================ |
25.11.2015, 18:47 | #2 |
| Hier noch das Gmer-logCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-11-25 18:22:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\R\AppData\Local\Temp\kwlcrpog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000135400 7 bytes [00, 5C, F3, FF, 41, 66, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000135408 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\System32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\System32\svchost.exe[1032] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\svchost.exe[1076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\svchost.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\atieclxx.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\atieclxx.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\atieclxx.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\atieclxx.exe[1264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\svchost.exe[1316] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\System32\spoolsv.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\System32\spoolsv.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\System32\spoolsv.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\System32\spoolsv.exe[1496] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\svchost.exe[1536] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f2fb00 5 bytes JMP 0000000173308cf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f2fb98 5 bytes JMP 0000000173308ea0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f30078 5 bytes JMP 0000000173308d80 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\System32\svchost.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\svchost.exe[1764] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\taskhost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\taskhost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\taskhost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\taskhost.exe[2020] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\taskeng.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\taskeng.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\taskeng.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\taskeng.exe[1916] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f2fb00 5 bytes JMP 0000000173308cf0 .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f2fb98 5 bytes JMP 0000000173308ea0 .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[2084] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f30078 5 bytes JMP 0000000173308d80 .text C:\Windows\Explorer.EXE[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\Explorer.EXE[2236] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\Explorer.EXE[2236] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\Explorer.EXE[2236] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\svchost.exe[2468] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f2fb00 5 bytes JMP 0000000173308cf0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f2fb98 5 bytes JMP 0000000173308ea0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f30078 5 bytes JMP 0000000173308d80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076ee1401 2 bytes JMP 7607b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076ee1419 2 bytes JMP 7607b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076ee1431 2 bytes JMP 760f8fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076ee144a 2 bytes CALL 7605489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076ee14dd 2 bytes JMP 760f88c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076ee14f5 2 bytes JMP 760f8aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076ee150d 2 bytes JMP 760f87ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076ee1525 2 bytes JMP 760f8b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076ee153d 2 bytes JMP 7606fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076ee1555 2 bytes JMP 760768ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076ee156d 2 bytes JMP 760f9089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076ee1585 2 bytes JMP 760f8bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076ee159d 2 bytes JMP 760f877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076ee15b5 2 bytes JMP 7606fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076ee15cd 2 bytes JMP 7607b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076ee16b2 2 bytes JMP 760f8f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2580] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076ee16bd 2 bytes JMP 760f8713 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\System32\WUDFHost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\System32\WUDFHost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\System32\WUDFHost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\System32\WUDFHost.exe[2072] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files\Microsoft Security Client\msseces.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Program Files\Microsoft Security Client\msseces.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Program Files\Microsoft Security Client\msseces.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Program Files\Microsoft Security Client\msseces.exe[3188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3344] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files\Windows Sidebar\sidebar.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Program Files\Windows Sidebar\sidebar.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Program Files\Windows Sidebar\sidebar.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Program Files\Windows Sidebar\sidebar.exe[3364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\SearchIndexer.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\SearchIndexer.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\SearchIndexer.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\SearchIndexer.exe[3528] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3832] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\System32\svchost.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\System32\svchost.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\System32\svchost.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\System32\svchost.exe[3208] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f2fb00 5 bytes JMP 0000000173308cf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f2fb98 5 bytes JMP 0000000173308ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4336] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f30078 5 bytes JMP 0000000173308d80 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4344] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f2fb00 5 bytes JMP 0000000173308cf0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4344] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f2fb98 5 bytes JMP 0000000173308ea0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4344] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f30078 5 bytes JMP 0000000173308d80 .text C:\Windows\system32\DllHost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\DllHost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\DllHost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\DllHost.exe[4524] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\wbem\unsecapp.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\wbem\unsecapp.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\wbem\unsecapp.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\wbem\unsecapp.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\notepad.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\notepad.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\notepad.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\notepad.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\notepad.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d7db30 5 bytes JMP 0000000176d20010 .text C:\Windows\system32\notepad.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d7db90 5 bytes JMP 0000000176d20028 .text C:\Windows\system32\notepad.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d7deb0 1 byte JMP 0000000176d20040 .text C:\Windows\system32\notepad.exe[3496] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076d7deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Users\Privat\Downloads\Gmer\Gmer-19357.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076f2fb00 5 bytes JMP 0000000173308cf0 .text C:\Users\Privat\Downloads\Gmer\Gmer-19357.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076f2fb98 5 bytes JMP 0000000173308ea0 .text C:\Users\Privat\Downloads\Gmer\Gmer-19357.exe[4204] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076f30078 5 bytes JMP 0000000173308d80 ---- EOF - GMER 2.1 ---- |
25.11.2015, 20:51 | #3 |
/// the machine /// TB-Ausbilder | Windows X64 mit FakeAlert infiziert hi,
__________________alle Scans bitte nochmal, unsere Tools brauchen immer Adminrechte.
__________________ |
26.11.2015, 06:55 | #4 |
| Jetzt Logs mit Admi-RechtenCode:
ATTFilter <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2015/11/24 22:09:41 +0100</date> <logfile>mbam-log-2015-11-24 (22-09-33).xml</logfile> <isadmin>no</isadmin> </header> <engine> <version>2.2.0.1024</version> <malware-database>v2015.11.24.06</malware-database> <rootkit-database>v2015.11.23.01</rootkit-database> <license>premium</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>enabled</self-protection> </engine> <system> <hostname>R-PC-SAM</hostname> <ip>192.168.178.23</ip> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Privat</username> <filesys>NTFS</filesys> </system> <summary> <type>custom</type> <result>completed</result> <objects>655643</objects> <time>13088</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>11</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>enabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <file><path>C:\Program Files\GIMP 2\bin\freebl3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>7f57354c5b301224bca9939c1ee33dc3</hash></file> <file><path>C:\Program Files\GIMP 2\bin\libnspr4.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>1eb8b9c82e5d0630f96c939cf90835cb</hash></file> <file><path>C:\Program Files\GIMP 2\bin\libplc4.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>36a0661b048713231a4b73bca45dd62a</hash></file> <file><path>C:\Program Files\GIMP 2\bin\libplds4.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>e1f5fb86e1aaf6401055db54be43b947</hash></file> <file><path>C:\Program Files\GIMP 2\bin\nss3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>4096c2bf820932048fd69e911fe260a0</hash></file> <file><path>C:\Program Files\GIMP 2\bin\nssckbi.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>7e58add4e6a587afda8bb679b74ae719</hash></file> <file><path>C:\Program Files\GIMP 2\bin\nssdbm3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>4f87562b8506eb4b01641817ed1441bf</hash></file> <file><path>C:\Program Files\GIMP 2\bin\nssutil3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>8c4afc85becded49ff6686a9699813ed</hash></file> <file><path>C:\Program Files\GIMP 2\bin\smime3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>2fa711709bf00e28a4c19e910ff2e917</hash></file> <file><path>C:\Program Files\GIMP 2\bin\softokn3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>f0e6c9b874179a9c0f563cf3e51cc53b</hash></file> <file><path>C:\Program Files\GIMP 2\bin\ssl3.dll</path><vendor>Trojan.FakeAlert</vendor><action>delete-on-reboot</action><hash>fadc6b165c2f87af1d48da55926f2bd5</hash></file> </items> </mbam-log> Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:08 on 25/11/2015 (R) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015 durchgeführt von R (Administrator) auf R-PC-SAM (25-11-2015 23:09:21) Gestartet von C:\Users\Privat\Downloads\FRST Geladene Profile: R (Verfügbare Profile: R & Coach & Privat) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd) HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] () HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-03] (Microsoft Corporation) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{577C61D7-1B72-41BF-A1D7-2A177E50DDC8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{97B1E5B2-DDE4-4846-98AF-3ED3951786B1}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-30] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\677lsznv.default-1448105328320 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-16] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd) S3 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-06-02] (SurfRight B.V.) S4 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2480640 2014-05-27] () [Datei ist nicht signiert] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-20] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2015-11-20] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-05-09] (Acronis International GmbH) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-06-02] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2015-05-05] (Paragon Software Group) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-25] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2015-05-23] (Realtek Semiconductor Corporation ) R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-07-26] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-26] (Acronis International GmbH) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-07-24] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-07-24] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-07-24] () R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2015-05-16] (Vimicro Corporation) U3 kwlcrpog; \??\C:\Users\R\AppData\Local\Temp\kwlcrpog.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-25 23:08 - 2015-11-25 23:08 - 00001595 _____ C:\Users\R\Desktop\FRST64.exe.lnk 2015-11-25 22:22 - 2015-11-25 22:22 - 00001224 _____ C:\Users\R\Desktop\Defogger.exe.lnk 2015-11-25 18:22 - 2015-11-25 18:22 - 00027136 _____ C:\Users\R\Desktop\Gmer.txt 2015-11-25 18:07 - 2015-11-25 18:07 - 00000000 ____D C:\Users\Privat\Downloads\Gmer 2015-11-25 18:00 - 2015-11-25 18:00 - 00000000 _____ C:\Users\R\defogger_reenable 2015-11-25 17:59 - 2015-11-25 23:08 - 00000000 ____D C:\Users\Privat\Downloads\Defogger 2015-11-24 14:58 - 2015-11-24 14:58 - 00000000 ____D C:\Users\Privat\Downloads\QuizPro 2015-11-24 14:42 - 2015-11-25 17:48 - 00000280 _____ C:\Windows\setupact.log 2015-11-24 14:42 - 2015-11-24 14:42 - 00000000 _____ C:\Windows\setuperr.log 2015-11-24 14:22 - 2015-11-24 14:22 - 00223505 _____ C:\Users\R\Downloads\Setup.exe 2015-11-24 14:21 - 2015-11-24 14:57 - 00000000 ____D C:\Users\Privat\Downloads\SIMcon 2015-11-24 08:55 - 2015-11-24 08:55 - 00000848 _____ C:\Users\Public\Desktop\UltraDefrag.lnk 2015-11-23 14:12 - 2015-11-23 14:12 - 00001138 _____ C:\Users\Privat\Desktop\MediathekView.lnk 2015-11-23 06:41 - 2015-11-23 06:41 - 00002022 _____ C:\Users\R\Desktop\FileHippo App Manager.lnk 2015-11-23 06:40 - 2015-11-23 06:40 - 00000000 ____D C:\Users\Privat\Downloads\FileHippo 2015-11-22 09:51 - 2015-11-22 09:52 - 00000000 ____D C:\TEMP 2015-11-21 18:28 - 2015-11-21 18:28 - 00200974 _____ C:\Users\Privat\AppData\Local\recently-used.xbel 2015-11-21 12:59 - 2015-11-21 13:01 - 00000000 ____D C:\Users\R\.gimp-2.8 2015-11-21 12:59 - 2015-11-21 12:59 - 00000000 ____D C:\Users\R\AppData\Local\gegl-0.2 2015-11-21 12:32 - 2015-11-21 12:32 - 00001852 _____ C:\Users\Public\Desktop\IrfanView 64 Thumbnails.lnk 2015-11-21 12:32 - 2015-11-21 12:32 - 00000982 _____ C:\Users\Public\Desktop\IrfanView 64.lnk 2015-11-21 12:32 - 2015-11-21 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2015-11-21 12:32 - 2015-11-21 12:32 - 00000000 ____D C:\Program Files\IrfanView 2015-11-21 12:30 - 2015-11-23 08:10 - 00002192 _____ C:\Windows\system32\ASOROSet.bin 2015-11-21 12:30 - 2015-11-21 12:30 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2015-11-21 12:28 - 2015-11-21 12:28 - 00000000 ____D C:\Users\R\Desktop\Alte Firefox-Daten 2015-11-21 11:27 - 2015-11-21 13:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\IrfanView 2015-11-21 09:44 - 2015-11-21 12:32 - 00000000 ____D C:\Users\R\AppData\Roaming\IrfanView 2015-11-21 09:42 - 2015-11-21 11:54 - 00000000 ____D C:\Users\Privat\Downloads\IrfanView 2015-11-20 17:31 - 2015-11-20 17:31 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2015-11-20 16:54 - 2015-11-20 16:54 - 00047160 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2015-11-20 16:53 - 2015-11-24 18:25 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-11-20 16:53 - 2015-11-20 16:53 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-11-20 11:42 - 2015-11-20 11:42 - 00089600 _____ (UltraDefrag Development Team) C:\Windows\system32\udefrag.exe 2015-11-20 11:42 - 2015-11-20 11:42 - 00013312 _____ (UltraDefrag Development Team) C:\Windows\system32\hibernate4win.exe 2015-11-20 11:42 - 2015-11-20 11:42 - 00012288 _____ (UltraDefrag Development Team) C:\Windows\system32\bootexctrl.exe 2015-11-20 11:41 - 2015-11-20 11:41 - 00394752 _____ (UltraDefrag Development Team) C:\Windows\system32\defrag_native.exe 2015-11-20 11:41 - 2015-11-20 11:41 - 00132608 _____ C:\Windows\system32\lua5.1a.dll 2015-11-20 11:41 - 2015-11-20 11:41 - 00055808 _____ (UltraDefrag Development Team) C:\Windows\system32\udefrag.dll 2015-11-20 11:41 - 2015-11-20 11:41 - 00033792 _____ (UltraDefrag Development Team) C:\Windows\system32\wgx.dll 2015-11-20 11:40 - 2015-11-20 11:40 - 00337920 _____ (UltraDefrag Development Team) C:\Windows\system32\zenwinx.dll 2015-11-17 06:44 - 2015-11-17 08:25 - 00014217 _____ C:\Users\Privat\Documents\Fritzbox.xlsx 2015-11-12 08:33 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-10 21:59 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-10 21:59 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-10 21:59 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-10 21:59 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-10 21:59 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-10 21:59 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-10 21:59 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-10 21:59 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-10 21:59 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-10 21:59 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-10 21:59 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-10 21:59 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-10 21:59 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-10 21:59 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-10 21:59 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-10 21:59 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-10 21:59 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-10 21:59 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-10 21:59 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-10 21:59 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-10 21:59 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-10 21:59 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-10 21:59 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-10 21:59 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-10 21:59 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-10 21:59 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-10 21:59 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-10 21:59 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-10 21:59 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-10 21:59 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-10 21:59 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-10 21:59 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-10 21:59 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-10 21:59 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-10 21:59 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-10 21:59 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-10 21:59 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-10 21:59 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-10 21:59 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-10 21:59 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-10 21:59 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-10 21:59 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-10 21:59 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-10 21:59 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-10 21:59 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-10 21:59 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-10 21:59 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-10 21:59 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-10 21:59 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-10 21:59 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-10 21:59 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-10 21:59 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-10 21:59 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-10 21:59 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-10 21:59 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-10 21:59 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-10 21:59 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-10 21:59 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-10 21:59 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-10 21:59 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-10 21:59 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-10 21:59 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-10 21:59 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-10 21:59 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-10 21:59 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-10 21:59 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-10 21:59 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-10 21:59 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-10 21:59 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-10 21:59 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-10 21:59 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-10 21:59 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-10 21:59 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-10 21:59 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-10 21:59 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-10 21:59 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-10 21:59 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-10 21:59 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-10 21:59 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-10 21:59 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-10 21:59 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-10 21:59 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-10 21:59 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-10 21:58 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-10 21:58 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-10 21:58 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-10 21:50 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-10 21:50 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-10 21:50 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-10 21:49 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-10 21:49 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-10 21:49 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-10 18:05 - 2015-11-10 18:05 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 2015-11-10 18:00 - 2015-11-10 18:00 - 00000000 ____D C:\Users\R\Desktop\OpenOffice 4.1.2 (de) Installation Files 2015-11-10 17:35 - 2015-11-10 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2015-11-08 18:38 - 2015-11-09 09:37 - 00000000 ____D C:\Users\Privat\AppData\Roaming\SmartTools 2015-11-08 18:38 - 2015-11-08 18:38 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools 2015-11-08 18:37 - 2015-11-08 18:37 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Programme 2015-11-08 16:09 - 2015-11-08 16:09 - 00000000 ____D C:\Users\Privat\Downloads\Falzassi 2015-11-08 14:14 - 2015-11-08 14:14 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2015-11-08 14:14 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-08 14:14 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-08 14:14 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-08 14:14 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-08 14:14 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-08 14:14 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-08 14:13 - 2015-11-08 14:14 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2015-11-08 14:13 - 2015-11-08 14:13 - 00000000 ____D C:\ProgramData\HP Photo Creations 2015-11-07 09:50 - 2015-11-08 16:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-02 11:11 - 2015-11-02 11:12 - 00000000 ____D C:\Users\Privat\Downloads\Setup Pixum Fotowelt 2015-11-01 11:59 - 2015-11-09 15:09 - 00000000 ___RD C:\Users\Privat\Documents\RocketLifeNetwork 2015-11-01 11:53 - 2015-11-09 15:09 - 00000000 ____D C:\Users\Privat\AppData\Roaming\HP Photo Creations 2015-11-01 11:53 - 2015-11-01 11:59 - 00001954 _____ C:\Users\Privat\Desktop\HP Photo Creations.lnk 2015-11-01 11:53 - 2015-11-01 11:59 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Visan 2015-11-01 11:53 - 2015-11-01 11:53 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP 2015-11-01 11:40 - 2015-11-01 11:40 - 00000322 _____ C:\Users\R\Desktop\HP Druckerdiagnosetools.url 2015-11-01 11:40 - 2015-11-01 11:40 - 00000000 ____D C:\ProgramData\Visan 2015-11-01 11:36 - 2015-11-01 11:36 - 00000000 ____D C:\Windows\Hewlett-Packard 2015-11-01 11:34 - 2015-11-15 14:13 - 00000000 ____D C:\Users\Privat\AppData\Roaming\HpUpdate 2015-11-01 09:19 - 2015-11-01 08:19 - 00000052 _____ C:\Users\Privat\Documents\KlimaLoggPro.log 2015-11-01 08:19 - 2015-10-14 05:16 - 00000052 _____ C:\Users\Privat\Documents\2015_11_01-KlimaLoggPro.log 2015-11-01 08:16 - 2015-11-01 08:17 - 04103179 _____ C:\Users\Privat\Downloads\npp.6.8.6.Installer.exe 2015-10-30 20:13 - 2015-10-20 20:39 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-25 23:09 - 2015-05-03 18:43 - 00000000 ____D C:\Users\Privat\Downloads\FRST 2015-11-25 23:09 - 2015-03-28 08:26 - 00000000 ____D C:\FRST 2015-11-25 23:04 - 2015-05-23 19:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-25 22:27 - 2015-07-03 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-25 22:15 - 2015-06-28 13:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-25 22:14 - 2015-05-23 19:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-25 22:14 - 2015-05-03 17:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-25 22:12 - 2015-05-03 19:39 - 00000000 ____D C:\Windows\CryptoGuard 2015-11-25 19:53 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\Birkenring 40 2015-11-25 18:08 - 2015-05-03 20:14 - 00000000 ____D C:\Users\Privat\Documents\Outlook-Dateien 2015-11-25 18:05 - 2015-05-03 15:02 - 01270004 _____ C:\Windows\WindowsUpdate.log 2015-11-25 18:00 - 2015-05-03 15:27 - 00000000 ____D C:\Users\R 2015-11-25 17:56 - 2009-07-14 05:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-25 17:56 - 2009-07-14 05:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-25 17:55 - 2015-05-03 18:01 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{188137A1-1E81-4F3A-8688-E6E423B81A2B} 2015-11-25 17:48 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-24 22:16 - 2014-12-22 04:01 - 00000000 ____D C:\AdwCleaner 2015-11-24 18:26 - 2015-05-03 18:42 - 00000000 ____D C:\Users\Privat\Downloads\CCleaner 2015-11-24 18:23 - 2015-05-14 18:43 - 00007631 _____ C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-11-24 15:01 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\Microsoft Safety Scanner 2015-11-24 14:23 - 2015-07-26 17:13 - 00004238 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-1269753938-3578349479-3780603664-1004 2015-11-24 14:23 - 2015-07-26 17:13 - 00003300 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-1269753938-3578349479-3780603664-1004 2015-11-24 13:50 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Mp3tag 2015-11-24 13:49 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\vlc 2015-11-24 09:39 - 2015-05-03 20:24 - 00000000 ____D C:\Users\Privat\Documents\T-Mobile 2015-11-24 09:26 - 2015-05-03 20:25 - 00000000 ____D C:\Users\Privat\Documents\T-Online 2015-11-24 08:56 - 2015-05-04 09:41 - 00000000 ____D C:\Program Files\UltraDefrag 2015-11-24 08:55 - 2015-05-04 09:41 - 00000860 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk 2015-11-24 08:54 - 2015-05-03 18:52 - 00000000 ____D C:\Users\Privat\Downloads\UltraDefrag 2015-11-24 08:53 - 2015-05-03 19:23 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-11-24 08:28 - 2015-05-07 06:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-23 14:12 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\MediathekView 2015-11-23 14:10 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.mediathek3 2015-11-23 08:56 - 2009-07-14 18:58 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-11-23 08:56 - 2009-07-14 18:58 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-11-23 08:56 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-23 08:11 - 2015-05-03 17:40 - 00000000 ____D C:\Users\Privat 2015-11-23 08:10 - 2009-07-14 03:34 - 94633984 _____ C:\Windows\system32\config\software.bak 2015-11-23 08:10 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\system.bak 2015-11-23 08:10 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2015-11-23 06:57 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2015-11-23 06:41 - 2015-05-09 11:44 - 00002052 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk 2015-11-23 06:41 - 2015-05-09 11:44 - 00000000 ____D C:\Program Files (x86)\FileHippo.com 2015-11-22 18:46 - 2015-07-17 17:02 - 00000000 ____D C:\Users\Privat\MediathekView 2015-11-21 18:28 - 2015-05-03 18:25 - 00000000 ____D C:\Users\Privat\AppData\Local\gtk-2.0 2015-11-21 18:28 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.gimp-2.8 2015-11-21 12:26 - 2015-05-03 15:28 - 00000000 ____D C:\Users\R\AppData\Local\VirtualStore 2015-11-21 12:04 - 2015-05-03 17:40 - 00000000 ____D C:\Users\Privat\AppData\Local\VirtualStore 2015-11-21 11:52 - 2015-05-03 16:44 - 00156352 _____ C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-21 09:33 - 2015-05-03 18:25 - 00000000 ____D C:\Users\Privat\AppData\Local\JDownloader 2.0 2015-11-20 17:31 - 2015-08-30 10:49 - 00001159 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-11-20 17:31 - 2015-08-30 10:49 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-11-20 17:30 - 2015-05-08 18:42 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Skype 2015-11-20 17:29 - 2015-05-08 18:41 - 00000000 ____D C:\ProgramData\Skype 2015-11-20 16:45 - 2015-05-03 18:43 - 00000000 ____D C:\Users\Privat\Downloads\Daemon Lite 2015-11-20 12:35 - 2015-05-03 20:25 - 00000000 ____D C:\Users\Privat\Documents\Trauerrede 2015-11-19 22:22 - 2015-10-09 16:29 - 00000930 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-11-19 22:22 - 2015-10-09 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-11-19 22:22 - 2015-10-09 16:29 - 00000000 ____D C:\Program Files\Calibre2 2015-11-19 22:20 - 2015-05-03 18:42 - 00000000 ____D C:\Users\Privat\Downloads\Calibre 2015-11-16 06:41 - 2015-06-28 13:05 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-16 06:41 - 2015-05-12 07:54 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-16 06:41 - 2015-05-12 07:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-12 14:53 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\DAA GVM 2015-11-12 12:27 - 2009-07-14 05:45 - 00536848 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-12 12:18 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-11 09:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-10 22:25 - 2015-05-03 15:35 - 00000000 ____D C:\Windows\system32\MRT 2015-11-10 22:17 - 2015-05-03 15:35 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-10 22:16 - 2015-05-03 21:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-10 22:08 - 2015-05-04 05:29 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-10 22:03 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-10 21:56 - 2015-09-12 14:06 - 00000000 ____D C:\Users\Privat\TapinRadio 2015-11-10 18:51 - 2015-05-03 17:41 - 00156352 _____ C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-10 18:05 - 2015-05-13 09:55 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2015-11-10 18:05 - 2015-05-03 18:48 - 00000000 ____D C:\Users\Privat\Downloads\OpenOffice 2015-11-10 17:35 - 2015-05-03 19:20 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2015-11-10 17:34 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\Mp3Tag 2015-11-09 09:37 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\Add-in Express 2015-11-08 16:03 - 2015-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-08 14:14 - 2015-05-07 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-11-07 15:34 - 2015-07-25 08:14 - 00000000 ____D C:\Users\Privat\AppData\LocalLow\Adblock Plus for IE 2015-11-04 08:07 - 2015-07-17 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-03 10:47 - 2015-05-03 18:28 - 00000000 ____D C:\Users\Privat\Desktop\DAA GVM 2015-11-02 11:02 - 2015-05-03 18:12 - 00000000 ____D C:\Users\Privat\Downloads\TotalComander 2015-11-02 09:46 - 2015-05-03 18:28 - 00000000 ___RD C:\Users\Privat\Desktop\Admi 2015-11-01 11:43 - 2015-05-09 08:47 - 00000000 ____D C:\Users\R\AppData\Roaming\HpUpdate 2015-11-01 11:37 - 2015-05-07 16:29 - 00000000 ____D C:\Program Files (x86)\HP 2015-11-01 08:24 - 2015-05-14 11:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1.tmp 2015-11-01 08:24 - 2015-05-14 11:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1 2015-11-01 08:24 - 2015-05-03 18:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\KlimaLoggPro 2015-11-01 08:17 - 2015-09-06 09:15 - 00000000 ____D C:\Users\R\AppData\Roaming\Notepad++ 2015-10-30 20:14 - 2015-08-24 17:31 - 00000000 ____D C:\Users\R\.oracle_jre_usage 2015-10-30 20:14 - 2015-08-24 17:31 - 00000000 ____D C:\Users\Privat\.oracle_jre_usage 2015-10-30 20:13 - 2015-08-24 17:31 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-10-30 20:13 - 2015-08-24 17:30 - 00000000 ____D C:\Program Files\Java 2015-10-30 14:40 - 2015-05-04 05:04 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-14 14:45 - 2015-05-14 14:45 - 0000036 _____ () C:\Users\R\AppData\Local\housecall.guid.cache 2015-05-14 18:43 - 2015-11-24 18:23 - 0007631 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-05-09 10:11 - 2015-05-09 10:11 - 0000043 ___SH () C:\ProgramData\.zreglib 2015-05-23 08:16 - 2015-05-23 08:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-05-14 11:14 - 2015-11-01 08:24 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1 2015-05-14 11:14 - 2015-11-01 08:24 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1.tmp 2015-05-07 11:33 - 2015-05-07 11:33 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-20 11:58 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-11-2015 durchgeführt von R (2015-11-25 23:10:07) Gestartet von C:\Users\Privat\Downloads\FRST Windows 7 Ultimate Service Pack 1 (X64) (2015-05-03 14:27:52) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1269753938-3578349479-3780603664-500 - Administrator - Disabled) Coach (S-1-5-21-1269753938-3578349479-3780603664-1003 - Limited - Enabled) => C:\Users\Coach Gast (S-1-5-21-1269753938-3578349479-3780603664-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1269753938-3578349479-3780603664-1002 - Limited - Enabled) Privat (S-1-5-21-1269753938-3578349479-3780603664-1004 - Limited - Enabled) => C:\Users\Privat R (S-1-5-21-1269753938-3578349479-3780603664-1001 - Administrator - Enabled) => C:\Users\R ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Acronis True Image 2015 (HKLM-x32\...\{2F70A6E6-2F71-4907-8441-BDC5D300310B}Visible) (Version: 18.0.6613 - Acronis) Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{25107779-C295-EB3E-3C92-AC1B45680012}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin) AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin) AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) BatteryLifeExtender (HKLM-x32\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung) Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation) calibre 64bit (HKLM\...\{A80512D3-A72D-4DAF-B7DF-3804F9FAB1CE}) (Version: 2.44.1 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes) COMODO System Utilities (HKLM\...\{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}) (Version: 4.0.226743.26 - COMODO) Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd) Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation) Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version: - TFA Dostmann) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.16.3 - Marvell) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) Mp3tag v2.72 (HKLM-x32\...\Mp3tag) (Version: v2.72 - Florian Heidenreich) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Namuga 1.3M Webcam (HKLM-x32\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) Paragon Festplatten Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software) Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC) Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7459 - Realtek Semiconductor Corp.) S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Self-Service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Hidden SmartTools Falz & Lochmarken-Assistent 8.3 für Word (HKLM-x32\...\{522C2E5C-3895-44C3-9AD7-F59CAFE8990A}) (Version: 8.3.0.0 - SmartTools Publishing) Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{C9347A74-CDAD-4076-B754-11752F6BE324}) (Version: 22.0.334.0 - Hewlett-Packard Co.) SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated) TapinRadio 1.71.2 (x64) (HKLM-x32\...\TapinRadio_is1) (Version: - Raimersoft) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems) Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.1 - UltraDefrag Development Team) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation) WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden Youtube Downloader HD v. 2.9.9.23 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {147A76FB-38C1-4A40-8DE9-3B284390BAD0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {1A54C5A0-282B-4E7A-9D3F-9F0020E8BF46} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe Task: {33D95203-43E0-41F8-8BED-C0B0D9461821} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.) Task: {6F215F83-37A0-4876-95D9-832C96CDB4A0} - System32\Tasks\avastBCLS-1-5-21-1269753938-3578349479-3780603664-1004 => C:\Users\Privat\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2015-11-25] (AVAST Software) Task: {748B07BB-0D89-4567-B40D-B126424B396A} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.) Task: {8B7C2A31-9A81-4927-8D63-849670C324FA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1269753938-3578349479-3780603664-1003 Task: {9254ED14-7CC2-4A82-8270-3DD255AF0A6B} - System32\Tasks\{5727E98A-C166-4F4F-B69A-624308427126} => pcalua.exe -a C:\Users\R\AppData\Local\Temp\Temp1_PageDefrag.zip\pagedfrg.exe Task: {9783CAC9-C0C1-4FDC-9157-30DCC8F71CA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-16] (Adobe Systems Incorporated) Task: {A4924BCE-2A4B-49C8-9327-DDBE8AD1912F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.) Task: {B0A859EF-BAD3-4298-84CA-E8B5888AB69F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {C3281F30-E698-4C18-A372-D68FBE3631FB} - System32\Tasks\avast! BCU UpdateS-1-5-21-1269753938-3578349479-3780603664-1004 => C:\Users\Privat\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software) Task: {C623C884-470A-4844-8297-719433FFEA0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.) Task: {CB7A9EA7-D653-457A-B398-B9AA1857C4B1} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC) Task: {EAEB4E54-B5CF-4C49-80C0-83CB7942E9BB} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.) Task: {F8CEBDFE-68E8-4F46-96D9-0AC6A9394192} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-09-05 12:40 - 2006-02-23 10:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll 2015-09-05 12:40 - 2006-02-22 09:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll 2015-07-31 09:08 - 2015-08-18 12:52 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-10-02 12:11 - 2006-08-12 11:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\R\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: !SASCORE => 3 MSCONFIG\Services: AcrSch2Svc => 3 MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\Services: CSUService => 2 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: KlimaLogg Service => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: Lexware_Update_Service => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: SWUpdateService => 2 MSCONFIG\Services: syncagentsrv => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => REM C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: adm_tray.exe => REM C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming MSCONFIG\startupreg: HP Software Update => REM C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: PDFPrint => REM C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => REM "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TrueImageMonitor.exe => REM "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: UCam_Menu => REM "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{5B5BAAD7-C27A-433D-BF15-8D0466696919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{079FAD09-9EA7-421E-AADB-78B42598D130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{20034301-9439-4F46-AF5C-548B4F2C3809}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{1246295B-6556-44D9-AE3A-E4E573CE8430}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{C9AD7762-34D0-46EF-B212-938167D6034C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{5CF7127C-5FB7-4EE5-8704-DDFAB4E4A8BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{02CE4919-36F7-4A9E-B5A2-3218DA5F6B8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AF83AD2D-3A2B-43E9-91A2-89EE3B1FA357}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe FirewallRules: [{7C43FFFB-EDCD-4BFD-B1C7-4B3B261D3345}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe FirewallRules: [{8E13B30F-4358-4215-9B06-EB97420A34A2}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe FirewallRules: [{F48AC153-3B3D-4455-B792-CE825D18B5D3}] => (Allow) LPort=1900 FirewallRules: [{E69511C7-8E5A-4946-A703-72AFF079FD3D}] => (Allow) LPort=2869 FirewallRules: [{A1709944-5227-47E7-90C1-A74419ADFADD}] => (Allow) C:\Windows\ehome\ehrecvr.exe FirewallRules: [{AC489AC5-F72B-48C4-AAF9-ACB209AAFAC5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6C82E8B0-543E-497D-8811-23688FAA2D03}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{E8714BE3-A289-4D00-AB7F-4C84D6DF7F5D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{CE91B477-E531-4FBB-A876-7FCC8843DF48}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [TCP Query User{62B2E79A-791B-4208-85D7-AD32377322E9}C:\program files (x86)\teamviewer\teamviewer.exe] => (Block) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [UDP Query User{7CDFF5E7-AE45-4F06-B610-4806C66E8E8D}C:\program files (x86)\teamviewer\teamviewer.exe] => (Block) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [TCP Query User{26746768-E0E9-4991-815E-0F6FCC02138D}C:\tapinradio\tapinradio.exe] => (Allow) C:\tapinradio\tapinradio.exe FirewallRules: [UDP Query User{DA4EECC3-B75D-4FC7-85CB-CA966377DFF7}C:\tapinradio\tapinradio.exe] => (Allow) C:\tapinradio\tapinradio.exe FirewallRules: [{C9A70CE1-4739-4B08-A02B-D048B1CF77AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E028CCF8-70A9-4C2A-ABF9-D80E2458CD94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{BCB88373-596B-4477-B74A-479B0950E202}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E649F107-CC76-4CFB-9C6E-2BB03EAD4D68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3966F306-E517-4E73-AA60-C289B2066D78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{108BAB21-0794-4B55-8A82-11C701FB435C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/25/2015 10:27:12 PM) (Source: MsiInstaller) (EventID: 1023) (User: R-PC-Sam) Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Weitere Informationen sind in der Protokolldatei C:\Users\R\AppData\Local\Temp\MSIfd55d.LOG enthalten. Error: (11/24/2015 02:48:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:48:48 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:25:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:25:29 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 11:39:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7162.5003, Zeitstempel: 0x56344207 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56258f05 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x1208 Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0 Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1 Pfad des fehlerhaften Moduls: OUTLOOK.EXE2 Berichtskennung: OUTLOOK.EXE3 Error: (11/16/2015 06:39:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: dmhkcore.exe, Version: 3.0.3.8, Zeitstempel: 0x4aab9389 Name des fehlerhaften Moduls: dmhkcore.exe, Version: 3.0.3.8, Zeitstempel: 0x4aab9389 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00029497 ID des fehlerhaften Prozesses: 0x8b0 Startzeit der fehlerhaften Anwendung: 0xdmhkcore.exe0 Pfad der fehlerhaften Anwendung: dmhkcore.exe1 Pfad des fehlerhaften Moduls: dmhkcore.exe2 Berichtskennung: dmhkcore.exe3 Systemfehler: ============= Error: (11/25/2015 11:00:25 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (11/25/2015 05:49:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 05:49:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 07:05:37 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/25/2015 06:53:58 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 06:53:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 10:09:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 10:09:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 09:45:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 09:45:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) CodeIntegrity: =================================== Date: 2015-11-25 23:07:56.582 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 22:13:54.421 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 19:55:58.042 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 19:43:23.620 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 18:50:06.654 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 18:24:08.533 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 18:13:52.132 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 18:08:34.910 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 17:59:46.426 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 17:48:11.307 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz Prozentuale Nutzung des RAM: 42% Installierter physikalischer RAM: 4060.61 MB Verfügbarer physikalischer RAM: 2329.5 MB Summe virtueller Speicher: 8119.43 MB Verfügbarer virtueller Speicher: 6280.02 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:198.89 GB) (Free:31.08 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive d: (Daten) (Fixed) (Total:131.39 GB) (Free:36.52 GB) NTFS Drive e: (temp) (Fixed) (Total:59.43 GB) (Free:6.35 GB) NTFS Drive f: (CDRoot) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B4B6F23B) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=198.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=251.8 GB) - (Type=OF Extended) ==================== Ende von Addition.txt ============================ |
26.11.2015, 18:10 | #5 |
| Windows X64 mit FakeAlert infiziertCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-11-26 07:11:08 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\R\AppData\Local\Temp\kwlcrpog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000185400 7 bytes [00, 5C, F3, FF, 41, 66, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000185408 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\System32\svchost.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\System32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\System32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\System32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\System32\svchost.exe[1028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\svchost.exe[1052] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\svchost.exe[1084] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\svchost.exe[1268] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\System32\spoolsv.exe[1620] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\svchost.exe[1668] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770bfb00 5 bytes JMP 00000001732b8cf0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770bfb98 5 bytes JMP 00000001732b8ea0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1896] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770c0078 5 bytes JMP 00000001732b8d80 .text C:\Windows\System32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\System32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\System32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\System32\svchost.exe[1956] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\svchost.exe[2000] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\svchost.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\svchost.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\svchost.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\svchost.exe[2124] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770bfb00 5 bytes JMP 00000001732b8cf0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770bfb98 5 bytes JMP 00000001732b8ea0 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770c0078 5 bytes JMP 00000001732b8d80 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000758f1401 2 bytes JMP 7597b21b C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000758f1419 2 bytes JMP 7597b346 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000758f1431 2 bytes JMP 759f8fd1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000758f144a 2 bytes CALL 7595489d C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000758f14dd 2 bytes JMP 759f88c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000758f14f5 2 bytes JMP 759f8aa0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000758f150d 2 bytes JMP 759f87ba C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000758f1525 2 bytes JMP 759f8b8a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000758f153d 2 bytes JMP 7596fca8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000758f1555 2 bytes JMP 759768ef C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000758f156d 2 bytes JMP 759f9089 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000758f1585 2 bytes JMP 759f8bea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000758f159d 2 bytes JMP 759f877e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000758f15b5 2 bytes JMP 7596fd41 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000758f15cd 2 bytes JMP 7597b2dc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000758f16b2 2 bytes JMP 759f8f4c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000758f16bd 2 bytes JMP 759f8713 C:\Windows\syswow64\KERNEL32.dll .text C:\Windows\System32\WUDFHost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\System32\WUDFHost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\System32\WUDFHost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\System32\WUDFHost.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\SearchIndexer.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\SearchIndexer.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\SearchIndexer.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\SearchIndexer.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\System32\svchost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\System32\svchost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\System32\svchost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\System32\svchost.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\DllHost.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\DllHost.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\DllHost.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\DllHost.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\winlogon.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\winlogon.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\winlogon.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\winlogon.exe[4140] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\atieclxx.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\atieclxx.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\atieclxx.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\atieclxx.exe[2616] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\taskhost.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\taskhost.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\taskhost.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\taskhost.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\taskeng.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\taskeng.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\taskeng.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\taskeng.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\Explorer.EXE[5088] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\Explorer.EXE[5088] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\Explorer.EXE[5088] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\Explorer.EXE[5088] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Windows\system32\taskeng.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Windows\system32\taskeng.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Windows\system32\taskeng.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Windows\system32\taskeng.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770bfb00 5 bytes JMP 00000001732b8cf0 .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770bfb98 5 bytes JMP 00000001732b8ea0 .text C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe[380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770c0078 5 bytes JMP 00000001732b8d80 .text C:\Program Files\Microsoft Security Client\msseces.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Program Files\Microsoft Security Client\msseces.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Program Files\Microsoft Security Client\msseces.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Program Files\Microsoft Security Client\msseces.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2724] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[796] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770bfb00 5 bytes JMP 00000001732b8cf0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[796] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770bfb98 5 bytes JMP 00000001732b8ea0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770c0078 5 bytes JMP 00000001732b8d80 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[608] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770bfb00 5 bytes JMP 00000001732b8cf0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[608] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770bfb98 5 bytes JMP 00000001732b8ea0 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[608] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770c0078 5 bytes JMP 00000001732b8d80 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076f0db30 5 bytes JMP 0000000176eb0010 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076f0db90 5 bytes JMP 0000000176eb0028 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076f0deb0 1 byte JMP 0000000176eb0040 .text C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe[3404] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 2 0000000076f0deb2 3 bytes {JMP 0xfffffffffffa2190} .text C:\Users\Privat\Downloads\Gmer\Gmer-19357.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 00000000770bfb00 5 bytes JMP 00000001732b8cf0 .text C:\Users\Privat\Downloads\Gmer\Gmer-19357.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 00000000770bfb98 5 bytes JMP 00000001732b8ea0 .text C:\Users\Privat\Downloads\Gmer\Gmer-19357.exe[5256] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000770c0078 5 bytes JMP 00000001732b8d80 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22FC6F91-8E02-417E-9443-CD870E631461}\offreg.1020.dll (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [1020](2015-11-26 05:59:19) 000007fefb160000 ---- EOF - GMER 2.1 ---- habe neue logs bereitgestellt. Warte auf neue Aufgaben. Danke |
27.11.2015, 00:17 | #6 |
/// the machine /// TB-Ausbilder | Windows X64 mit FakeAlert infiziert hi, Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Windows X64 mit FakeAlert infiziert |
27.11.2015, 18:29 | #7 |
| Windows X64 mit FakeAlert infiziert Die beiden logs: ============= Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2015.11.26.06 rootkit: v2015.11.26.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18097 R :: R-PC-SAM [administrator] 27.11.2015 01:19:41 mbar-log-2015-11-27 (01-19-41).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 432589 Time elapsed: 33 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 04:49:35.0355 0x0f1c TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23 04:49:41.0080 0x0f1c ============================================================ 04:49:41.0080 0x0f1c Current date / time: 2015/11/27 04:49:41.0080 04:49:41.0080 0x0f1c SystemInfo: 04:49:41.0080 0x0f1c 04:49:41.0080 0x0f1c OS Version: 6.1.7601 ServicePack: 1.0 04:49:41.0080 0x0f1c Product type: Workstation 04:49:41.0080 0x0f1c ComputerName: R-PC-SAM 04:49:41.0080 0x0f1c UserName: R 04:49:41.0080 0x0f1c Windows directory: C:\Windows 04:49:41.0080 0x0f1c System windows directory: C:\Windows 04:49:41.0080 0x0f1c Running under WOW64 04:49:41.0080 0x0f1c Processor architecture: Intel x64 04:49:41.0080 0x0f1c Number of processors: 2 04:49:41.0080 0x0f1c Page size: 0x1000 04:49:41.0080 0x0f1c Boot type: Normal boot 04:49:41.0080 0x0f1c ============================================================ 04:49:41.0470 0x0f1c KLMD registered as C:\Windows\system32\drivers\96096361.sys 04:49:42.0609 0x0f1c System UUID: {0C3A14EF-2921-FB6C-89ED-04E6DB88CB6D} 04:49:43.0654 0x0f1c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 04:49:43.0670 0x0f1c ============================================================ 04:49:43.0670 0x0f1c \Device\Harddisk0\DR0: 04:49:43.0670 0x0f1c MBR partitions: 04:49:43.0670 0x0f1c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x18DC7800 04:49:43.0685 0x0f1c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x225E0CB0, BlocksNum 0x106C8FFF 04:49:43.0717 0x0f1c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x32CAA800, BlocksNum 0x76DB800 04:49:43.0717 0x0f1c ============================================================ 04:49:43.0748 0x0f1c C: <-> \Device\Harddisk0\DR0\Partition1 04:49:44.0153 0x0f1c D: <-> \Device\Harddisk0\DR0\Partition2 04:49:44.0231 0x0f1c E: <-> \Device\Harddisk0\DR0\Partition3 04:49:44.0231 0x0f1c ============================================================ 04:49:44.0231 0x0f1c Initialize success 04:49:44.0231 0x0f1c ============================================================ 04:49:52.0375 0x1318 ============================================================ 04:49:52.0375 0x1318 Scan started 04:49:52.0375 0x1318 Mode: Manual; SigCheck; TDLFS; 04:49:52.0375 0x1318 ============================================================ 04:49:52.0375 0x1318 KSN ping started 04:49:54.0808 0x1318 KSN ping finished: true 04:49:55.0635 0x1318 ================ Scan system memory ======================== 04:49:55.0635 0x1318 System memory - ok 04:49:55.0635 0x1318 ================ Scan services ============================= 04:49:55.0791 0x1318 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 04:49:55.0885 0x1318 1394ohci - ok 04:49:55.0916 0x1318 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 04:49:55.0931 0x1318 ACPI - ok 04:49:55.0978 0x1318 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 04:49:56.0025 0x1318 AcpiPmi - ok 04:49:56.0165 0x1318 [ 8EEC0269D86CFADD292C9B05F59F23ED, 779F863563F9F31B102EB7A7C1580281D73F083213B0DD17A82A9EF2886DFD79 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 04:49:56.0212 0x1318 AcrSch2Svc - ok 04:49:56.0259 0x1318 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 04:49:56.0290 0x1318 AdobeARMservice - ok 04:49:56.0384 0x1318 [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 04:49:56.0415 0x1318 AdobeFlashPlayerUpdateSvc - ok 04:49:56.0462 0x1318 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 04:49:56.0493 0x1318 adp94xx - ok 04:49:56.0524 0x1318 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 04:49:56.0555 0x1318 adpahci - ok 04:49:56.0587 0x1318 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 04:49:56.0602 0x1318 adpu320 - ok 04:49:56.0633 0x1318 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 04:49:56.0649 0x1318 AeLookupSvc - ok 04:49:56.0836 0x1318 [ 3B0908381A28DEFD42F42DBA9F06D39B, 3179AC9F26338D684CB806F29CD37EA75BE7F4553834F682E65ECE6D6D797FD4 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 04:49:56.0945 0x1318 afcdpsrv - ok 04:49:56.0992 0x1318 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys 04:49:57.0023 0x1318 AFD - ok 04:49:57.0039 0x1318 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 04:49:57.0070 0x1318 agp440 - ok 04:49:57.0101 0x1318 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 04:49:57.0117 0x1318 ALG - ok 04:49:57.0148 0x1318 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 04:49:57.0164 0x1318 aliide - ok 04:49:57.0195 0x1318 [ 0A098B01D485E6978C596420C5179E98, 5CCF5918B74F03C539D6AADB391776F8C8BD2505BE0D043932757848D3A2F2C1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 04:49:57.0226 0x1318 AMD External Events Utility - ok 04:49:57.0226 0x1318 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 04:49:57.0242 0x1318 amdide - ok 04:49:57.0273 0x1318 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 04:49:57.0289 0x1318 AmdK8 - ok 04:49:57.0725 0x1318 [ B13F0B5859EA6CE01C1DD847E7E50C39, 35ED2D4C1E1EFD7885E91615D3F5E9C241B169BA7BA071BD6542D4CAF1501B50 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 04:49:58.0037 0x1318 amdkmdag - ok 04:49:58.0162 0x1318 [ 48C7EFC581E0E37DD967A5BCC0AB33EF, ADAA881DA6BFBA0918480E9DEA644D01D5B26E4BFB1C8491DECC973124E2F643 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 04:49:58.0193 0x1318 amdkmdap - ok 04:49:58.0225 0x1318 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 04:49:58.0240 0x1318 AmdPPM - ok 04:49:58.0287 0x1318 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 04:49:58.0303 0x1318 amdsata - ok 04:49:58.0318 0x1318 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 04:49:58.0349 0x1318 amdsbs - ok 04:49:58.0365 0x1318 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 04:49:58.0381 0x1318 amdxata - ok 04:49:58.0412 0x1318 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys 04:49:58.0459 0x1318 AppID - ok 04:49:58.0474 0x1318 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll 04:49:58.0490 0x1318 AppIDSvc - ok 04:49:58.0521 0x1318 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll 04:49:58.0537 0x1318 Appinfo - ok 04:49:58.0583 0x1318 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll 04:49:58.0599 0x1318 AppMgmt - ok 04:49:58.0630 0x1318 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 04:49:58.0646 0x1318 arc - ok 04:49:58.0677 0x1318 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 04:49:58.0693 0x1318 arcsas - ok 04:49:58.0802 0x1318 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 04:49:58.0849 0x1318 aspnet_state - ok 04:49:58.0864 0x1318 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 04:49:58.0911 0x1318 AsyncMac - ok 04:49:58.0927 0x1318 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 04:49:58.0942 0x1318 atapi - ok 04:49:58.0973 0x1318 [ ED38B8924DE8C806A2A1C12C4F61E9CF, 88B71426CF09A8458B1AE2DDF41F2C86FE9B4DDA742D22BFF8AF110915486DDA ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 04:49:58.0989 0x1318 AtiHDAudioService - ok 04:49:59.0410 0x1318 [ B13F0B5859EA6CE01C1DD847E7E50C39, 35ED2D4C1E1EFD7885E91615D3F5E9C241B169BA7BA071BD6542D4CAF1501B50 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 04:49:59.0707 0x1318 atikmdag - ok 04:49:59.0800 0x1318 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 04:49:59.0831 0x1318 AudioEndpointBuilder - ok 04:49:59.0863 0x1318 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 04:49:59.0894 0x1318 AudioSrv - ok 04:49:59.0925 0x1318 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 04:49:59.0956 0x1318 AxInstSV - ok 04:49:59.0972 0x1318 [ 9F4320BA8E7CE2342517B182A2F2C0E6, 10A48AC17D88AA8546BFDC519CFFF86FF71BDDFC2DF7448D94126A5BEABFF17D ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys 04:50:00.0003 0x1318 azvusb - ok 04:50:00.0050 0x1318 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 04:50:00.0081 0x1318 b06bdrv - ok 04:50:00.0112 0x1318 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 04:50:00.0128 0x1318 b57nd60a - ok 04:50:00.0237 0x1318 [ A2494901E7226B356B8C1005C45F1C5F, A4A7076D40B012BB415C4B661B8C45671B853330746E278D080EC96596EEECBE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 04:50:00.0284 0x1318 BBSvc - ok 04:50:00.0315 0x1318 [ 63B1CBBAE4790B5BAC98F01BF9449722, 0A49B9FCEF33B38132B0AB8A9D7591A46856E82BC2123841E27A895817D92695 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 04:50:00.0331 0x1318 BBUpdate - ok 04:50:00.0362 0x1318 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 04:50:00.0377 0x1318 BDESVC - ok 04:50:00.0393 0x1318 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 04:50:00.0424 0x1318 Beep - ok 04:50:00.0533 0x1318 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 04:50:00.0596 0x1318 BFE - ok 04:50:00.0674 0x1318 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 04:50:00.0721 0x1318 BITS - ok 04:50:00.0752 0x1318 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 04:50:00.0767 0x1318 blbdrive - ok 04:50:00.0799 0x1318 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 04:50:00.0814 0x1318 bowser - ok 04:50:00.0830 0x1318 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 04:50:00.0861 0x1318 BrFiltLo - ok 04:50:00.0877 0x1318 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 04:50:00.0892 0x1318 BrFiltUp - ok 04:50:00.0939 0x1318 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 04:50:00.0955 0x1318 Browser - ok 04:50:01.0001 0x1318 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 04:50:01.0017 0x1318 Brserid - ok 04:50:01.0033 0x1318 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 04:50:01.0064 0x1318 BrSerWdm - ok 04:50:01.0079 0x1318 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 04:50:01.0095 0x1318 BrUsbMdm - ok 04:50:01.0126 0x1318 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 04:50:01.0142 0x1318 BrUsbSer - ok 04:50:01.0157 0x1318 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 04:50:01.0189 0x1318 BTHMODEM - ok 04:50:01.0220 0x1318 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 04:50:01.0267 0x1318 bthserv - ok 04:50:01.0282 0x1318 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 04:50:01.0329 0x1318 cdfs - ok 04:50:01.0360 0x1318 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 04:50:01.0376 0x1318 cdrom - ok 04:50:01.0407 0x1318 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 04:50:01.0438 0x1318 CertPropSvc - ok 04:50:01.0501 0x1318 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 04:50:01.0547 0x1318 circlass - ok 04:50:01.0594 0x1318 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys 04:50:01.0610 0x1318 CLFS - ok 04:50:01.0688 0x1318 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 04:50:01.0719 0x1318 clr_optimization_v2.0.50727_32 - ok 04:50:01.0781 0x1318 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 04:50:01.0813 0x1318 clr_optimization_v2.0.50727_64 - ok 04:50:01.0875 0x1318 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 04:50:01.0906 0x1318 clr_optimization_v4.0.30319_32 - ok 04:50:01.0922 0x1318 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 04:50:01.0953 0x1318 clr_optimization_v4.0.30319_64 - ok 04:50:01.0969 0x1318 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 04:50:02.0015 0x1318 CmBatt - ok 04:50:02.0047 0x1318 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 04:50:02.0062 0x1318 cmdide - ok 04:50:02.0125 0x1318 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys 04:50:02.0156 0x1318 CNG - ok 04:50:02.0171 0x1318 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 04:50:02.0187 0x1318 Compbatt - ok 04:50:02.0203 0x1318 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 04:50:02.0234 0x1318 CompositeBus - ok 04:50:02.0234 0x1318 COMSysApp - ok 04:50:02.0265 0x1318 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 04:50:02.0281 0x1318 crcdisk - ok 04:50:02.0312 0x1318 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll 04:50:02.0343 0x1318 CryptSvc - ok 04:50:02.0374 0x1318 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 04:50:02.0405 0x1318 CSC - ok 04:50:02.0452 0x1318 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 04:50:02.0483 0x1318 CscService - ok 04:50:02.0577 0x1318 [ F473349F3FDCC29616337612C868B5EB, CBC5B02052ED3949659F5991A36FBB2E587AA16C1BBA7AC1FA93911BA12BDABD ] CSUService C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe 04:50:02.0608 0x1318 CSUService - ok 04:50:02.0639 0x1318 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 04:50:02.0686 0x1318 DcomLaunch - ok 04:50:02.0717 0x1318 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 04:50:02.0764 0x1318 defragsvc - ok 04:50:02.0795 0x1318 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 04:50:02.0827 0x1318 DfsC - ok 04:50:02.0858 0x1318 [ 5492F6FB1F32E10AEF02679872AFD194, 470A0C39734E261DC7443C8E59ECE89A7E367ABCFC15AA325EB995452C3973AA ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 04:50:02.0873 0x1318 dg_ssudbus - ok 04:50:02.0905 0x1318 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 04:50:02.0936 0x1318 Dhcp - ok 04:50:02.0998 0x1318 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll 04:50:03.0045 0x1318 DiagTrack - ok 04:50:03.0170 0x1318 [ B1DF13DA9B64FCBDFA40198EF622BCB0, 56CD3F812E06664465685730E8A39CB5947519CAE096A5437B32EB1FABE1F600 ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe 04:50:03.0232 0x1318 Disc Soft Lite Bus Service - ok 04:50:03.0263 0x1318 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 04:50:03.0326 0x1318 discache - ok 04:50:03.0341 0x1318 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 04:50:03.0357 0x1318 Disk - ok 04:50:03.0404 0x1318 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 04:50:03.0419 0x1318 Dnscache - ok 04:50:03.0451 0x1318 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 04:50:03.0497 0x1318 dot3svc - ok 04:50:03.0529 0x1318 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 04:50:03.0575 0x1318 DPS - ok 04:50:03.0607 0x1318 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 04:50:03.0638 0x1318 drmkaud - ok 04:50:03.0716 0x1318 [ 8407DDFAB85AE664E507C30314090385, 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 04:50:03.0763 0x1318 DrvAgent64 - ok 04:50:03.0794 0x1318 [ 679FF716052109392D870F6A6C4A3535, BEF1784448CCA4AF1D67ED68BD0C7CFE01A7719E98CACF92C2DCBFAA916DC57E ] dtlitescsibus C:\Windows\system32\DRIVERS\dtlitescsibus.sys 04:50:03.0809 0x1318 dtlitescsibus - ok 04:50:03.0825 0x1318 [ C0CF632820DB5F283562E049D929AE49, 37DB5892568FE908BADBF96F41B2EB411FC990BB68DB50800206069ECC517A3C ] dtliteusbbus C:\Windows\system32\DRIVERS\dtliteusbbus.sys 04:50:03.0841 0x1318 dtliteusbbus - ok 04:50:03.0887 0x1318 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 04:50:03.0934 0x1318 DXGKrnl - ok 04:50:03.0950 0x1318 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 04:50:03.0997 0x1318 EapHost - ok 04:50:04.0153 0x1318 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 04:50:04.0246 0x1318 ebdrv - ok 04:50:04.0293 0x1318 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe 04:50:04.0309 0x1318 EFS - ok 04:50:04.0387 0x1318 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 04:50:04.0418 0x1318 ehRecvr - ok 04:50:04.0449 0x1318 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 04:50:04.0465 0x1318 ehSched - ok 04:50:04.0496 0x1318 [ BDD265EEB37DF5953A547FE412E2472F, 17EB4FD54D62207937F8CA7454837DBF1EEC867AEDAF201FC2E839A3ED357F4F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 04:50:04.0511 0x1318 ElbyCDIO - ok 04:50:04.0558 0x1318 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 04:50:04.0589 0x1318 elxstor - ok 04:50:04.0652 0x1318 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 04:50:04.0699 0x1318 ErrDev - ok 04:50:04.0761 0x1318 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 04:50:04.0823 0x1318 EventSystem - ok 04:50:04.0855 0x1318 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 04:50:04.0886 0x1318 exfat - ok 04:50:04.0917 0x1318 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 04:50:04.0948 0x1318 fastfat - ok 04:50:05.0011 0x1318 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 04:50:05.0042 0x1318 Fax - ok 04:50:05.0057 0x1318 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 04:50:05.0089 0x1318 fdc - ok 04:50:05.0120 0x1318 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 04:50:05.0182 0x1318 fdPHost - ok 04:50:05.0182 0x1318 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 04:50:05.0229 0x1318 FDResPub - ok 04:50:05.0260 0x1318 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 04:50:05.0276 0x1318 FileInfo - ok 04:50:05.0276 0x1318 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 04:50:05.0323 0x1318 Filetrace - ok 04:50:05.0354 0x1318 [ 72CC30F0D6DF8D3FBD5CD728259A8F69, F7774D35B38F35E31A8EEE37FF2F203C1CED433FF84EC265CD92B38CBFE3AB8F ] file_tracker C:\Windows\system32\DRIVERS\file_tracker.sys 04:50:05.0385 0x1318 file_tracker - ok 04:50:05.0401 0x1318 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 04:50:05.0416 0x1318 flpydisk - ok 04:50:05.0463 0x1318 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 04:50:05.0494 0x1318 FltMgr - ok 04:50:05.0525 0x1318 [ 9BD0273A5B650CC16E8A54AD9B312BEB, 1AA219C4CC29E8301075537A330CC7FB677CD884AABD8FB3D99CFBEA1AB4CDF2 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys 04:50:05.0541 0x1318 fltsrv - ok 04:50:05.0619 0x1318 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\Windows\system32\FntCache.dll 04:50:05.0666 0x1318 FontCache - ok 04:50:05.0728 0x1318 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 04:50:05.0775 0x1318 FontCache3.0.0.0 - ok 04:50:05.0806 0x1318 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 04:50:05.0822 0x1318 FsDepends - ok 04:50:05.0853 0x1318 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 04:50:05.0869 0x1318 Fs_Rec - ok 04:50:05.0900 0x1318 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 04:50:05.0915 0x1318 fvevol - ok 04:50:05.0947 0x1318 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 04:50:05.0962 0x1318 gagp30kx - ok 04:50:06.0009 0x1318 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 04:50:06.0071 0x1318 gpsvc - ok 04:50:06.0134 0x1318 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 04:50:06.0165 0x1318 gupdate - ok 04:50:06.0181 0x1318 [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 04:50:06.0196 0x1318 gupdatem - ok 04:50:06.0227 0x1318 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 04:50:06.0259 0x1318 hcw85cir - ok 04:50:06.0305 0x1318 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 04:50:06.0321 0x1318 HdAudAddService - ok 04:50:06.0352 0x1318 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 04:50:06.0383 0x1318 HDAudBus - ok 04:50:06.0399 0x1318 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 04:50:06.0415 0x1318 HidBatt - ok 04:50:06.0446 0x1318 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 04:50:06.0461 0x1318 HidBth - ok 04:50:06.0493 0x1318 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 04:50:06.0508 0x1318 HidIr - ok 04:50:06.0539 0x1318 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 04:50:06.0586 0x1318 hidserv - ok 04:50:06.0617 0x1318 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 04:50:06.0633 0x1318 HidUsb - ok 04:50:06.0664 0x1318 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 04:50:06.0727 0x1318 hkmsvc - ok 04:50:06.0758 0x1318 [ CF07C0A9D38A248D036DD9C47E4D0D6E, 6952DA6466DAE2E378F92934E1925887DD122A511BC5D6A0EF2194108E320126 ] hmpalert C:\Windows\system32\drivers\hmpalert.sys 04:50:06.0773 0x1318 hmpalert - ok 04:50:06.0867 0x1318 [ 2638395F6E61889D75C363A80A0E17F4, D61FD993DA6605F32E6CDAC889285EB67F1A112BB9A294838BB90FCBF5FA11C1 ] hmpalertsvc C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe 04:50:06.0929 0x1318 hmpalertsvc - ok 04:50:06.0961 0x1318 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 04:50:06.0992 0x1318 HomeGroupListener - ok 04:50:07.0023 0x1318 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 04:50:07.0054 0x1318 HomeGroupProvider - ok 04:50:07.0070 0x1318 [ 1A657490FDE68BDE4EF3497D215C8D1E, A6A8A6A25118C3B1D06B6C232C3937272324B4C830E8B750C997D8558E366E65 ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys 04:50:07.0085 0x1318 hotcore3 - ok 04:50:07.0117 0x1318 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 04:50:07.0132 0x1318 HpSAMD - ok 04:50:07.0210 0x1318 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys 04:50:07.0257 0x1318 HTTP - ok 04:50:07.0304 0x1318 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 04:50:07.0319 0x1318 hwpolicy - ok 04:50:07.0335 0x1318 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 04:50:07.0351 0x1318 i8042prt - ok 04:50:07.0413 0x1318 [ 1D004CB1DA6323B1F55CAEF7F94B61D9, 8FFFB429BA46938724BBB87AB9B3EC77EA17C4B893BABDBDD38309F02963D405 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 04:50:07.0444 0x1318 iaStor - ok 04:50:07.0491 0x1318 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 04:50:07.0507 0x1318 iaStorV - ok 04:50:07.0600 0x1318 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 04:50:07.0631 0x1318 idsvc - ok 04:50:07.0647 0x1318 IEEtwCollectorService - ok 04:50:07.0694 0x1318 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 04:50:07.0725 0x1318 iirsp - ok 04:50:07.0819 0x1318 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 04:50:07.0850 0x1318 IKEEXT - ok 04:50:08.0068 0x1318 [ 01D355CE087312CB9058C22B963FA4AB, 73AF2929906957044A958FB1BC1A051C7E0AC344215D4D57C18F308F6B1845EE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 04:50:08.0193 0x1318 IntcAzAudAddService - ok 04:50:08.0209 0x1318 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 04:50:08.0224 0x1318 intelide - ok 04:50:08.0271 0x1318 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 04:50:08.0287 0x1318 intelppm - ok 04:50:08.0318 0x1318 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 04:50:08.0349 0x1318 IPBusEnum - ok 04:50:08.0396 0x1318 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 04:50:08.0427 0x1318 IpFilterDriver - ok 04:50:08.0489 0x1318 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 04:50:08.0521 0x1318 iphlpsvc - ok 04:50:08.0567 0x1318 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 04:50:08.0599 0x1318 IPMIDRV - ok 04:50:08.0645 0x1318 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 04:50:08.0708 0x1318 IPNAT - ok 04:50:08.0723 0x1318 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 04:50:08.0739 0x1318 IRENUM - ok 04:50:08.0786 0x1318 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 04:50:08.0833 0x1318 isapnp - ok 04:50:08.0879 0x1318 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 04:50:08.0895 0x1318 iScsiPrt - ok 04:50:08.0926 0x1318 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 04:50:08.0942 0x1318 kbdclass - ok 04:50:08.0973 0x1318 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 04:50:08.0989 0x1318 kbdhid - ok 04:50:09.0004 0x1318 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe 04:50:09.0020 0x1318 KeyIso - ok 04:50:09.0129 0x1318 [ 7B247678D9BA7029DFCD4C56A3253D79, DAD1DA1A18097901AB6B02680EDBB1BF7454690E51B4493BEF944EAA01291DCB ] KlimaLogg Service C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe 04:50:09.0191 0x1318 KlimaLogg Service - detected UnsignedFile.Multi.Generic ( 1 ) 04:50:11.0734 0x1318 KlimaLogg Service ( UnsignedFile.Multi.Generic ) - warning 04:50:14.0246 0x1318 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 04:50:14.0293 0x1318 KSecDD - ok 04:50:14.0324 0x1318 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 04:50:14.0339 0x1318 KSecPkg - ok 04:50:14.0371 0x1318 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 04:50:14.0417 0x1318 ksthunk - ok 04:50:14.0464 0x1318 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 04:50:14.0511 0x1318 KtmRm - ok 04:50:14.0542 0x1318 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 04:50:14.0589 0x1318 LanmanServer - ok 04:50:14.0620 0x1318 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 04:50:14.0667 0x1318 LanmanWorkstation - ok 04:50:14.0714 0x1318 [ EAB70270BDDCFEF56FCC7425C2D9883D, 7B351EE3DA3DA4677DD8E4F91A5FFA6EBB3A15BF76F34EAC8879ECB16D01190F ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys 04:50:14.0729 0x1318 LEqdUsb - ok 04:50:14.0761 0x1318 [ 5EBB7C1FC685D45A1D3D8B2B9A656E48, 8C4D984D3566DE29D13A294ED927525A7D7A106887E809986EBDDA8CC0B98FFB ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys 04:50:14.0776 0x1318 LHidEqd - ok 04:50:14.0792 0x1318 [ AFDFA4A6B0F7B15AA38E494FD4595741, 0D89CCEBC816F4A3F6DDB093B3F8BB8B85293E94559085961DA31F9330D43C21 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 04:50:14.0807 0x1318 LHidFilt - ok 04:50:14.0839 0x1318 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 04:50:14.0870 0x1318 lltdio - ok 04:50:14.0917 0x1318 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 04:50:14.0963 0x1318 lltdsvc - ok 04:50:14.0995 0x1318 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 04:50:15.0041 0x1318 lmhosts - ok 04:50:15.0057 0x1318 [ C3E82B320F34C97F32B8026F4C249BEF, CAF53CD4738D2C92E4764372F75B5D0D74EBA896E59E685ED15B915F4E7223A0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 04:50:15.0073 0x1318 LMouFilt - ok 04:50:15.0135 0x1318 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 04:50:15.0166 0x1318 LSI_FC - ok 04:50:15.0197 0x1318 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 04:50:15.0213 0x1318 LSI_SAS - ok 04:50:15.0229 0x1318 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 04:50:15.0244 0x1318 LSI_SAS2 - ok 04:50:15.0275 0x1318 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 04:50:15.0291 0x1318 LSI_SCSI - ok 04:50:15.0322 0x1318 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 04:50:15.0369 0x1318 luafv - ok 04:50:15.0385 0x1318 [ C71AD919F64815B8E7C027AB167A1859, 9B61EAA332BFBAB458833F30087E08CFD81D47B02E4429C6D91D79DC0DC22C1C ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 04:50:15.0400 0x1318 LUsbFilt - ok 04:50:15.0431 0x1318 [ 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849, 80E571FEE4373E4AF487176C9265FB89912739E961C47880A60115BD50638AEA ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys 04:50:15.0447 0x1318 mbamchameleon - ok 04:50:15.0478 0x1318 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 04:50:15.0494 0x1318 MBAMProtector - ok 04:50:15.0603 0x1318 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe 04:50:15.0650 0x1318 MBAMScheduler - ok 04:50:15.0759 0x1318 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 04:50:15.0790 0x1318 MBAMService - ok 04:50:15.0821 0x1318 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 04:50:15.0837 0x1318 MBAMWebAccessControl - ok 04:50:15.0868 0x1318 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 04:50:15.0931 0x1318 Mcx2Svc - ok 04:50:15.0962 0x1318 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 04:50:15.0977 0x1318 megasas - ok 04:50:16.0009 0x1318 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 04:50:16.0024 0x1318 MegaSR - ok 04:50:16.0087 0x1318 Microsoft SharePoint Workspace Audit Service - ok 04:50:16.0118 0x1318 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 04:50:16.0180 0x1318 MMCSS - ok 04:50:16.0227 0x1318 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 04:50:16.0258 0x1318 Modem - ok 04:50:16.0289 0x1318 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 04:50:16.0305 0x1318 monitor - ok 04:50:16.0336 0x1318 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 04:50:16.0352 0x1318 mouclass - ok 04:50:16.0352 0x1318 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 04:50:16.0383 0x1318 mouhid - ok 04:50:16.0414 0x1318 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 04:50:16.0445 0x1318 mountmgr - ok 04:50:16.0492 0x1318 [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 04:50:16.0523 0x1318 MozillaMaintenance - ok 04:50:16.0555 0x1318 [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 04:50:16.0570 0x1318 MpFilter - ok 04:50:16.0617 0x1318 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 04:50:16.0648 0x1318 mpio - ok 04:50:16.0679 0x1318 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 04:50:16.0711 0x1318 mpsdrv - ok 04:50:16.0757 0x1318 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 04:50:16.0820 0x1318 MpsSvc - ok 04:50:16.0867 0x1318 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 04:50:16.0882 0x1318 MRxDAV - ok 04:50:16.0913 0x1318 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 04:50:16.0945 0x1318 mrxsmb - ok 04:50:16.0976 0x1318 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 04:50:16.0991 0x1318 mrxsmb10 - ok 04:50:17.0023 0x1318 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 04:50:17.0038 0x1318 mrxsmb20 - ok 04:50:17.0054 0x1318 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 04:50:17.0069 0x1318 msahci - ok 04:50:17.0116 0x1318 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 04:50:17.0132 0x1318 msdsm - ok 04:50:17.0163 0x1318 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 04:50:17.0179 0x1318 MSDTC - ok 04:50:17.0225 0x1318 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 04:50:17.0272 0x1318 Msfs - ok 04:50:17.0288 0x1318 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 04:50:17.0335 0x1318 mshidkmdf - ok 04:50:17.0366 0x1318 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 04:50:17.0381 0x1318 msisadrv - ok 04:50:17.0413 0x1318 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 04:50:17.0459 0x1318 MSiSCSI - ok 04:50:17.0459 0x1318 msiserver - ok 04:50:17.0506 0x1318 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 04:50:17.0553 0x1318 MSKSSRV - ok 04:50:17.0615 0x1318 [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 04:50:17.0647 0x1318 MsMpSvc - ok 04:50:17.0662 0x1318 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 04:50:17.0709 0x1318 MSPCLOCK - ok 04:50:17.0725 0x1318 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 04:50:17.0771 0x1318 MSPQM - ok 04:50:17.0803 0x1318 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 04:50:17.0834 0x1318 MsRPC - ok 04:50:17.0865 0x1318 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 04:50:17.0881 0x1318 mssmbios - ok 04:50:17.0927 0x1318 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 04:50:17.0974 0x1318 MSTEE - ok 04:50:18.0005 0x1318 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 04:50:18.0021 0x1318 MTConfig - ok 04:50:18.0037 0x1318 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 04:50:18.0052 0x1318 Mup - ok 04:50:18.0099 0x1318 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 04:50:18.0146 0x1318 napagent - ok 04:50:18.0161 0x1318 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 04:50:18.0193 0x1318 NativeWifiP - ok 04:50:18.0255 0x1318 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys 04:50:18.0286 0x1318 NDIS - ok 04:50:18.0317 0x1318 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 04:50:18.0349 0x1318 NdisCap - ok 04:50:18.0364 0x1318 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 04:50:18.0411 0x1318 NdisTapi - ok 04:50:18.0442 0x1318 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 04:50:18.0505 0x1318 Ndisuio - ok 04:50:18.0551 0x1318 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 04:50:18.0598 0x1318 NdisWan - ok 04:50:18.0614 0x1318 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 04:50:18.0661 0x1318 NDProxy - ok 04:50:18.0692 0x1318 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 04:50:18.0739 0x1318 NetBIOS - ok 04:50:18.0770 0x1318 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 04:50:18.0817 0x1318 NetBT - ok 04:50:18.0832 0x1318 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe 04:50:18.0863 0x1318 Netlogon - ok 04:50:18.0895 0x1318 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 04:50:18.0957 0x1318 Netman - ok 04:50:19.0004 0x1318 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 04:50:19.0035 0x1318 NetMsmqActivator - ok 04:50:19.0066 0x1318 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 04:50:19.0082 0x1318 NetPipeActivator - ok 04:50:19.0113 0x1318 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 04:50:19.0160 0x1318 netprofm - ok 04:50:19.0175 0x1318 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 04:50:19.0191 0x1318 NetTcpActivator - ok 04:50:19.0222 0x1318 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 04:50:19.0238 0x1318 NetTcpPortSharing - ok 04:50:19.0285 0x1318 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 04:50:19.0300 0x1318 nfrd960 - ok 04:50:19.0347 0x1318 [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 04:50:19.0363 0x1318 NisDrv - ok 04:50:19.0394 0x1318 [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 04:50:19.0425 0x1318 NisSrv - ok 04:50:19.0472 0x1318 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 04:50:19.0503 0x1318 NlaSvc - ok 04:50:19.0534 0x1318 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 04:50:19.0565 0x1318 Npfs - ok 04:50:19.0597 0x1318 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 04:50:19.0628 0x1318 nsi - ok 04:50:19.0643 0x1318 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 04:50:19.0690 0x1318 nsiproxy - ok 04:50:19.0768 0x1318 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 04:50:19.0831 0x1318 Ntfs - ok 04:50:19.0846 0x1318 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 04:50:19.0893 0x1318 Null - ok 04:50:19.0924 0x1318 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 04:50:19.0940 0x1318 nvraid - ok 04:50:19.0987 0x1318 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 04:50:20.0018 0x1318 nvstor - ok 04:50:20.0065 0x1318 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 04:50:20.0080 0x1318 nv_agp - ok 04:50:20.0111 0x1318 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 04:50:20.0143 0x1318 ohci1394 - ok 04:50:20.0205 0x1318 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 04:50:20.0236 0x1318 ose - ok 04:50:20.0470 0x1318 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 04:50:20.0595 0x1318 osppsvc - ok 04:50:20.0657 0x1318 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 04:50:20.0689 0x1318 p2pimsvc - ok 04:50:20.0720 0x1318 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 04:50:20.0751 0x1318 p2psvc - ok 04:50:20.0782 0x1318 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 04:50:20.0798 0x1318 Parport - ok 04:50:20.0845 0x1318 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 04:50:20.0860 0x1318 partmgr - ok 04:50:20.0891 0x1318 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 04:50:20.0907 0x1318 PcaSvc - ok 04:50:20.0954 0x1318 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 04:50:20.0969 0x1318 pci - ok 04:50:21.0001 0x1318 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 04:50:21.0016 0x1318 pciide - ok 04:50:21.0094 0x1318 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 04:50:21.0110 0x1318 pcmcia - ok 04:50:21.0141 0x1318 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 04:50:21.0157 0x1318 pcw - ok 04:50:21.0203 0x1318 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 04:50:21.0235 0x1318 PEAUTH - ok 04:50:21.0313 0x1318 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 04:50:21.0359 0x1318 PeerDistSvc - ok 04:50:21.0437 0x1318 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 04:50:21.0484 0x1318 PerfHost - ok 04:50:21.0578 0x1318 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 04:50:21.0640 0x1318 pla - ok 04:50:21.0687 0x1318 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 04:50:21.0718 0x1318 PlugPlay - ok 04:50:21.0749 0x1318 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 04:50:21.0781 0x1318 PNRPAutoReg - ok 04:50:21.0812 0x1318 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 04:50:21.0843 0x1318 PNRPsvc - ok 04:50:21.0874 0x1318 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 04:50:21.0921 0x1318 PolicyAgent - ok 04:50:21.0968 0x1318 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 04:50:22.0015 0x1318 Power - ok 04:50:22.0046 0x1318 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 04:50:22.0077 0x1318 PptpMiniport - ok 04:50:22.0108 0x1318 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 04:50:22.0124 0x1318 Processor - ok 04:50:22.0171 0x1318 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 04:50:22.0186 0x1318 ProfSvc - ok 04:50:22.0202 0x1318 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe 04:50:22.0217 0x1318 ProtectedStorage - ok 04:50:22.0264 0x1318 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 04:50:22.0327 0x1318 Psched - ok 04:50:22.0420 0x1318 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 04:50:22.0483 0x1318 ql2300 - ok 04:50:22.0514 0x1318 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 04:50:22.0529 0x1318 ql40xx - ok 04:50:22.0576 0x1318 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 04:50:22.0623 0x1318 QWAVE - ok 04:50:22.0639 0x1318 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 04:50:22.0654 0x1318 QWAVEdrv - ok 04:50:22.0685 0x1318 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 04:50:22.0732 0x1318 RasAcd - ok 04:50:22.0763 0x1318 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 04:50:22.0795 0x1318 RasAgileVpn - ok 04:50:22.0810 0x1318 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 04:50:22.0857 0x1318 RasAuto - ok 04:50:22.0888 0x1318 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 04:50:22.0935 0x1318 Rasl2tp - ok 04:50:22.0966 0x1318 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 04:50:23.0013 0x1318 RasMan - ok 04:50:23.0044 0x1318 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 04:50:23.0091 0x1318 RasPppoe - ok 04:50:23.0107 0x1318 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 04:50:23.0153 0x1318 RasSstp - ok 04:50:23.0185 0x1318 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 04:50:23.0216 0x1318 rdbss - ok 04:50:23.0231 0x1318 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 04:50:23.0247 0x1318 rdpbus - ok 04:50:23.0263 0x1318 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 04:50:23.0309 0x1318 RDPCDD - ok 04:50:23.0372 0x1318 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 04:50:23.0387 0x1318 RDPDR - ok 04:50:23.0403 0x1318 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 04:50:23.0434 0x1318 RDPENCDD - ok 04:50:23.0450 0x1318 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 04:50:23.0497 0x1318 RDPREFMP - ok 04:50:23.0590 0x1318 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 04:50:23.0621 0x1318 RdpVideoMiniport - ok 04:50:23.0684 0x1318 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 04:50:23.0715 0x1318 RDPWD - ok 04:50:23.0746 0x1318 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 04:50:23.0762 0x1318 rdyboost - ok 04:50:23.0793 0x1318 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 04:50:23.0840 0x1318 RemoteAccess - ok 04:50:23.0871 0x1318 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 04:50:23.0918 0x1318 RemoteRegistry - ok 04:50:23.0933 0x1318 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 04:50:23.0965 0x1318 RpcEptMapper - ok 04:50:24.0011 0x1318 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 04:50:24.0027 0x1318 RpcLocator - ok 04:50:24.0074 0x1318 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 04:50:24.0121 0x1318 RpcSs - ok 04:50:24.0167 0x1318 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 04:50:24.0199 0x1318 rspndr - ok 04:50:24.0261 0x1318 [ 10AB689DB4C90037FC753F6962460D9F, 00F2CBFA029990585FB0B3BB11D9F00A4BEF608DC7FD33FD376C53CEBA1F3879 ] rtl819xpn64 C:\Windows\system32\DRIVERS\rtl819xp.sys 04:50:24.0292 0x1318 rtl819xpn64 - ok 04:50:24.0323 0x1318 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 04:50:24.0339 0x1318 s3cap - ok 04:50:24.0370 0x1318 [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI C:\Windows\system32\Drivers\SABI.sys 04:50:24.0386 0x1318 SABI - ok 04:50:24.0401 0x1318 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe 04:50:24.0433 0x1318 SamSs - ok 04:50:24.0448 0x1318 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 04:50:24.0464 0x1318 sbp2port - ok 04:50:24.0495 0x1318 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 04:50:24.0542 0x1318 SCardSvr - ok 04:50:24.0573 0x1318 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 04:50:24.0604 0x1318 scfilter - ok 04:50:24.0698 0x1318 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll 04:50:24.0745 0x1318 Schedule - ok 04:50:24.0776 0x1318 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 04:50:24.0807 0x1318 SCPolicySvc - ok 04:50:24.0838 0x1318 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 04:50:24.0869 0x1318 SDRSVC - ok 04:50:24.0901 0x1318 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 04:50:24.0916 0x1318 secdrv - ok 04:50:24.0947 0x1318 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 04:50:24.0994 0x1318 seclogon - ok 04:50:25.0010 0x1318 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 04:50:25.0057 0x1318 SENS - ok 04:50:25.0088 0x1318 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 04:50:25.0103 0x1318 SensrSvc - ok 04:50:25.0135 0x1318 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 04:50:25.0150 0x1318 Serenum - ok 04:50:25.0197 0x1318 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 04:50:25.0213 0x1318 Serial - ok 04:50:25.0259 0x1318 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 04:50:25.0306 0x1318 sermouse - ok 04:50:25.0369 0x1318 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 04:50:25.0415 0x1318 SessionEnv - ok 04:50:25.0447 0x1318 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 04:50:25.0462 0x1318 sffdisk - ok 04:50:25.0478 0x1318 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 04:50:25.0493 0x1318 sffp_mmc - ok 04:50:25.0525 0x1318 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 04:50:25.0540 0x1318 sffp_sd - ok 04:50:25.0587 0x1318 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 04:50:25.0603 0x1318 sfloppy - ok 04:50:25.0681 0x1318 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 04:50:25.0743 0x1318 SharedAccess - ok 04:50:25.0790 0x1318 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 04:50:25.0837 0x1318 ShellHWDetection - ok 04:50:25.0868 0x1318 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 04:50:25.0883 0x1318 SiSRaid2 - ok 04:50:25.0915 0x1318 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 04:50:25.0930 0x1318 SiSRaid4 - ok 04:50:25.0993 0x1318 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 04:50:26.0039 0x1318 SkypeUpdate - ok 04:50:26.0071 0x1318 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 04:50:26.0117 0x1318 Smb - ok 04:50:26.0180 0x1318 [ 2F7A6F88A9516EB47B0BF13024434244, 5FC5635D077AAA42853F78306C941995B56E939015CC3F27D376CBD9395C7410 ] snapman C:\Windows\system32\DRIVERS\snapman.sys 04:50:26.0211 0x1318 snapman - ok 04:50:26.0258 0x1318 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 04:50:26.0273 0x1318 SNMPTRAP - ok 04:50:26.0305 0x1318 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 04:50:26.0320 0x1318 spldr - ok 04:50:26.0367 0x1318 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 04:50:26.0398 0x1318 Spooler - ok 04:50:26.0554 0x1318 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 04:50:26.0679 0x1318 sppsvc - ok 04:50:26.0726 0x1318 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 04:50:26.0773 0x1318 sppuinotify - ok 04:50:26.0819 0x1318 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 04:50:26.0851 0x1318 srv - ok 04:50:26.0866 0x1318 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 04:50:26.0897 0x1318 srv2 - ok 04:50:26.0913 0x1318 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 04:50:26.0944 0x1318 srvnet - ok 04:50:26.0975 0x1318 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 04:50:27.0007 0x1318 SSDPSRV - ok 04:50:27.0022 0x1318 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 04:50:27.0069 0x1318 SstpSvc - ok 04:50:27.0116 0x1318 [ 627FFBE52FEDF0460C3D7259FC0EDF50, 92CB006CA91E4AF0CAA3ECD74D9329C349650EAFF70D847E62D9D8F2BE38B3B1 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 04:50:27.0147 0x1318 ssudmdm - ok 04:50:27.0256 0x1318 [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe 04:50:27.0303 0x1318 ss_conn_service - ok 04:50:27.0334 0x1318 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 04:50:27.0350 0x1318 stexstor - ok 04:50:27.0412 0x1318 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 04:50:27.0428 0x1318 StillCam - ok 04:50:27.0490 0x1318 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 04:50:27.0521 0x1318 stisvc - ok 04:50:27.0553 0x1318 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys 04:50:27.0568 0x1318 storflt - ok 04:50:27.0599 0x1318 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys 04:50:27.0615 0x1318 storvsc - ok 04:50:27.0677 0x1318 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 04:50:27.0709 0x1318 swenum - ok 04:50:27.0755 0x1318 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 04:50:27.0818 0x1318 swprv - ok 04:50:27.0896 0x1318 SWUpdateService - ok 04:50:28.0223 0x1318 [ 06A5A15C89E5F2C08D0C595C1DA776AF, EEFC5803E3C76115DF24B00A4BD6F3196D6CD87049802EF58BE6CF2CCB758FBF ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe 04:50:28.0411 0x1318 syncagentsrv - ok 04:50:28.0613 0x1318 [ 929C9FA0B18AD2EBC8340591C4BF00FF, 710704028A069EEC918F67D9776AF1367005E3EF8536F2516CB5A12163AFDE8E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 04:50:28.0660 0x1318 SynTP - ok 04:50:28.0754 0x1318 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll 04:50:28.0816 0x1318 SysMain - ok 04:50:28.0847 0x1318 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 04:50:28.0879 0x1318 TabletInputService - ok 04:50:28.0910 0x1318 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 04:50:28.0957 0x1318 TapiSrv - ok 04:50:28.0988 0x1318 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 04:50:29.0035 0x1318 TBS - ok 04:50:29.0159 0x1318 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 04:50:29.0206 0x1318 Tcpip - ok 04:50:29.0300 0x1318 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 04:50:29.0362 0x1318 TCPIP6 - ok 04:50:29.0425 0x1318 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 04:50:29.0440 0x1318 tcpipreg - ok 04:50:29.0503 0x1318 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 04:50:29.0518 0x1318 TDPIPE - ok 04:50:29.0565 0x1318 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 04:50:29.0596 0x1318 TDTCP - ok 04:50:29.0643 0x1318 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 04:50:29.0659 0x1318 tdx - ok 04:50:29.0939 0x1318 [ 2AA61246A5B813C1B12BCCFAA6F23DD8, 74EE3DB839A0F4BC781294803281DB2248D013B8808FF05F2EE9597C14C6FEED ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 04:50:30.0095 0x1318 TeamViewer - ok 04:50:30.0142 0x1318 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 04:50:30.0158 0x1318 TermDD - ok 04:50:30.0220 0x1318 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 04:50:30.0251 0x1318 TermService - ok 04:50:30.0283 0x1318 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 04:50:30.0314 0x1318 Themes - ok 04:50:30.0345 0x1318 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 04:50:30.0392 0x1318 THREADORDER - ok 04:50:30.0470 0x1318 [ AEEEB1EE424A8D6F17B3A6461E0FC7E6, 3A5FD27DF6132E84DC03366FB684B31A454C0805A5E4EA0C67B0CE85FF446B93 ] tib C:\Windows\system32\DRIVERS\tib.sys 04:50:30.0517 0x1318 tib - ok 04:50:30.0548 0x1318 [ 3813F93D8A69EDE68913CC3050640FE3, 4931BC6DA6FD0808C985CD6202FB759F6B8DE8957FB44E6AD8844EA58C891AC1 ] tib_mounter C:\Windows\system32\DRIVERS\tib_mounter.sys 04:50:30.0563 0x1318 tib_mounter - ok 04:50:30.0626 0x1318 [ 0FE2FC59C0B9A3CA3EC2B18E1CCCF2DD, 26AE50F2263DDDE3C6678566E2B198966CE870DF4B254F2D655752F742F63C12 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 04:50:30.0673 0x1318 TomTomHOMEService - ok 04:50:30.0704 0x1318 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 04:50:30.0735 0x1318 TrkWks - ok 04:50:30.0797 0x1318 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 04:50:30.0829 0x1318 TrustedInstaller - ok 04:50:30.0875 0x1318 [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 04:50:30.0907 0x1318 tssecsrv - ok 04:50:30.0938 0x1318 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 04:50:30.0953 0x1318 TsUsbFlt - ok 04:50:30.0985 0x1318 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 04:50:31.0031 0x1318 tunnel - ok 04:50:31.0078 0x1318 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 04:50:31.0094 0x1318 uagp35 - ok 04:50:31.0141 0x1318 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 04:50:31.0187 0x1318 udfs - ok 04:50:31.0250 0x1318 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 04:50:31.0265 0x1318 UI0Detect - ok 04:50:31.0297 0x1318 [ 40DD904C5FA8B4F614DBAEA94D233169, 3F87B94B0C0EB40C7B67BAE0392D050EFA8F582EA718CD3E7B0E7BB193904C83 ] UimBus C:\Windows\system32\DRIVERS\UimBus.sys 04:50:31.0312 0x1318 UimBus - ok 04:50:31.0343 0x1318 [ 020BEB8F3EACC80F13FD82B39B2AB855, 74307241C5EC3597D9AD09335B61844A24895EA125B5847289C5D264184E3367 ] Uim_DEVIM C:\Windows\system32\DRIVERS\uim_devim.sys 04:50:31.0359 0x1318 Uim_DEVIM - ok 04:50:31.0390 0x1318 [ 887C749A1D91EAFBC7C1BCC69D5220D4, DD6B1C6A2C0CE546A71DC4E5007F77F885B56900AD868A6D5E773D7695BF38B6 ] Uim_IM C:\Windows\system32\DRIVERS\uim_im.sys 04:50:31.0421 0x1318 Uim_IM - ok 04:50:31.0468 0x1318 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 04:50:31.0484 0x1318 uliagpkx - ok 04:50:31.0515 0x1318 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 04:50:31.0531 0x1318 umbus - ok 04:50:31.0577 0x1318 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 04:50:31.0593 0x1318 UmPass - ok 04:50:31.0640 0x1318 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 04:50:31.0671 0x1318 UmRdpService - ok 04:50:31.0702 0x1318 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 04:50:31.0749 0x1318 upnphost - ok 04:50:31.0796 0x1318 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 04:50:31.0811 0x1318 usbccgp - ok 04:50:31.0843 0x1318 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 04:50:31.0858 0x1318 usbcir - ok 04:50:31.0874 0x1318 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 04:50:31.0905 0x1318 usbehci - ok 04:50:31.0921 0x1318 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 04:50:31.0952 0x1318 usbhub - ok 04:50:31.0967 0x1318 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 04:50:31.0999 0x1318 usbohci - ok 04:50:32.0045 0x1318 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 04:50:32.0092 0x1318 usbprint - ok 04:50:32.0123 0x1318 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 04:50:32.0155 0x1318 USBSTOR - ok 04:50:32.0170 0x1318 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 04:50:32.0186 0x1318 usbuhci - ok 04:50:32.0217 0x1318 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 04:50:32.0248 0x1318 usbvideo - ok 04:50:32.0279 0x1318 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 04:50:32.0326 0x1318 UxSms - ok 04:50:32.0357 0x1318 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe 04:50:32.0373 0x1318 VaultSvc - ok 04:50:32.0404 0x1318 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 04:50:32.0420 0x1318 vdrvroot - ok 04:50:32.0482 0x1318 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 04:50:32.0529 0x1318 vds - ok 04:50:32.0560 0x1318 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 04:50:32.0591 0x1318 vga - ok 04:50:32.0623 0x1318 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 04:50:32.0654 0x1318 VgaSave - ok 04:50:32.0701 0x1318 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 04:50:32.0716 0x1318 vhdmp - ok 04:50:32.0763 0x1318 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 04:50:32.0779 0x1318 viaide - ok 04:50:32.0825 0x1318 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 04:50:32.0857 0x1318 vmbus - ok 04:50:32.0888 0x1318 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 04:50:32.0903 0x1318 VMBusHID - ok 04:50:32.0950 0x1318 [ 43D92BF1DF2F65EF2DE2D02DE4573C54, 56D11FAE4D8EFC9EFCD5972181E9BDE0388561D039EC7FD432D7315BF441287C ] VMC326 C:\Windows\system32\Drivers\VMC326.sys 04:50:32.0966 0x1318 VMC326 - ok 04:50:32.0981 0x1318 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 04:50:32.0997 0x1318 volmgr - ok 04:50:33.0059 0x1318 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 04:50:33.0075 0x1318 volmgrx - ok 04:50:33.0122 0x1318 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 04:50:33.0137 0x1318 volsnap - ok 04:50:33.0184 0x1318 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 04:50:33.0215 0x1318 vsmraid - ok 04:50:33.0325 0x1318 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 04:50:33.0403 0x1318 VSS - ok 04:50:33.0434 0x1318 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 04:50:33.0449 0x1318 vwifibus - ok 04:50:33.0465 0x1318 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 04:50:33.0496 0x1318 vwififlt - ok 04:50:33.0512 0x1318 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 04:50:33.0527 0x1318 vwifimp - ok 04:50:33.0590 0x1318 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 04:50:33.0637 0x1318 W32Time - ok 04:50:33.0683 0x1318 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 04:50:33.0699 0x1318 WacomPen - ok 04:50:33.0746 0x1318 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 04:50:33.0777 0x1318 WANARP - ok 04:50:33.0808 0x1318 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 04:50:33.0840 0x1318 Wanarpv6 - ok 04:50:33.0918 0x1318 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 04:50:33.0964 0x1318 wbengine - ok 04:50:33.0996 0x1318 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 04:50:34.0027 0x1318 WbioSrvc - ok 04:50:34.0074 0x1318 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 04:50:34.0105 0x1318 wcncsvc - ok 04:50:34.0120 0x1318 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 04:50:34.0152 0x1318 WcsPlugInService - ok 04:50:34.0183 0x1318 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 04:50:34.0198 0x1318 Wd - ok 04:50:34.0276 0x1318 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 04:50:34.0308 0x1318 Wdf01000 - ok 04:50:34.0354 0x1318 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 04:50:34.0370 0x1318 WdiServiceHost - ok 04:50:34.0401 0x1318 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 04:50:34.0417 0x1318 WdiSystemHost - ok 04:50:34.0448 0x1318 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll 04:50:34.0479 0x1318 WebClient - ok 04:50:34.0510 0x1318 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 04:50:34.0557 0x1318 Wecsvc - ok 04:50:34.0588 0x1318 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 04:50:34.0620 0x1318 wercplsupport - ok 04:50:34.0635 0x1318 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 04:50:34.0682 0x1318 WerSvc - ok 04:50:34.0729 0x1318 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 04:50:34.0760 0x1318 WfpLwf - ok 04:50:34.0791 0x1318 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 04:50:34.0807 0x1318 WIMMount - ok 04:50:34.0854 0x1318 WinDefend - ok 04:50:34.0885 0x1318 WinHttpAutoProxySvc - ok 04:50:34.0963 0x1318 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 04:50:35.0025 0x1318 Winmgmt - ok 04:50:35.0134 0x1318 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 04:50:35.0197 0x1318 WinRM - ok 04:50:35.0259 0x1318 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 04:50:35.0275 0x1318 WinUsb - ok 04:50:35.0322 0x1318 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 04:50:35.0384 0x1318 Wlansvc - ok 04:50:35.0556 0x1318 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 04:50:35.0618 0x1318 wlidsvc - ok 04:50:35.0680 0x1318 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 04:50:35.0712 0x1318 WmiAcpi - ok 04:50:35.0790 0x1318 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 04:50:35.0805 0x1318 wmiApSrv - ok 04:50:35.0836 0x1318 WMPNetworkSvc - ok 04:50:35.0883 0x1318 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 04:50:35.0899 0x1318 WPCSvc - ok 04:50:35.0930 0x1318 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 04:50:35.0961 0x1318 WPDBusEnum - ok 04:50:35.0992 0x1318 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 04:50:36.0024 0x1318 ws2ifsl - ok 04:50:36.0055 0x1318 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 04:50:36.0086 0x1318 wscsvc - ok 04:50:36.0117 0x1318 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 04:50:36.0148 0x1318 WSDPrintDevice - ok 04:50:36.0180 0x1318 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 04:50:36.0195 0x1318 WSDScan - ok 04:50:36.0211 0x1318 WSearch - ok 04:50:36.0336 0x1318 [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv C:\Windows\system32\wuaueng.dll 04:50:36.0429 0x1318 wuauserv - ok 04:50:36.0476 0x1318 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 04:50:36.0492 0x1318 WudfPf - ok 04:50:36.0507 0x1318 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 04:50:36.0538 0x1318 WUDFRd - ok 04:50:36.0570 0x1318 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 04:50:36.0585 0x1318 wudfsvc - ok 04:50:36.0632 0x1318 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 04:50:36.0663 0x1318 WwanSvc - ok 04:50:36.0710 0x1318 [ 728CA8E15873B345BF82F14AD8B65C91, FCD183A7B8F9B39A3C080ADDE6DAF0A72224B0F7D3FF5582EB06F3082A06ACDC ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 04:50:36.0741 0x1318 yukonw7 - ok 04:50:36.0772 0x1318 ================ Scan global =============================== 04:50:36.0819 0x1318 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll 04:50:36.0850 0x1318 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll 04:50:36.0882 0x1318 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll 04:50:36.0913 0x1318 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 04:50:36.0944 0x1318 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe 04:50:36.0960 0x1318 [ Global ] - ok 04:50:36.0960 0x1318 ================ Scan MBR ================================== 04:50:36.0975 0x1318 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 04:50:37.0334 0x1318 \Device\Harddisk0\DR0 - ok 04:50:37.0334 0x1318 ================ Scan VBR ================================== 04:50:37.0350 0x1318 [ 9361320301B2123B7B9EA5BE8BEDFC41 ] \Device\Harddisk0\DR0\Partition1 04:50:37.0350 0x1318 \Device\Harddisk0\DR0\Partition1 - ok 04:50:37.0381 0x1318 [ ED712110D62547237AD70EB5D2EABC68 ] \Device\Harddisk0\DR0\Partition2 04:50:37.0381 0x1318 \Device\Harddisk0\DR0\Partition2 - ok 04:50:37.0396 0x1318 [ B433BE795F669E6A4DE2A7905787ECAB ] \Device\Harddisk0\DR0\Partition3 04:50:37.0412 0x1318 \Device\Harddisk0\DR0\Partition3 - ok 04:50:37.0412 0x1318 ================ Scan generic autorun ====================== 04:50:37.0521 0x1318 [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] C:\Program Files\Microsoft Security Client\msseces.exe 04:50:37.0568 0x1318 MSC - ok 04:50:37.0584 0x1318 SynTPEnh - ok 04:50:37.0615 0x1318 [ 8784236EED5079493DA9FC95B28B89F8, E59C349B964F585C27F63FBF7C1B5D7C6CF8CC958BD35100A36D57542DC13972 ] C:\Windows\SYSTEM32\WerFault.exe 04:50:37.0646 0x1318 *WerKernelReporting - ok 04:50:37.0724 0x1318 [ 4BEE9F6A75933E49BB13834E66C8B36E, 246B1A4CE045A8415C02F6CB7E6181EFE73133217A94C20675AB97FA6B94BA59 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 04:50:37.0755 0x1318 SunJavaUpdateSched - ok 04:50:37.0818 0x1318 [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe 04:50:37.0849 0x1318 HP Software Update - ok 04:50:37.0958 0x1318 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 04:50:38.0005 0x1318 Sidebar - ok 04:50:38.0052 0x1318 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 04:50:38.0083 0x1318 mctadmin - ok 04:50:38.0145 0x1318 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 04:50:38.0192 0x1318 Sidebar - ok 04:50:38.0208 0x1318 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 04:50:38.0239 0x1318 mctadmin - ok 04:50:38.0442 0x1318 [ BFD07A0ADC58DEB79A496BB666A43061, F8FBA5FBCBD0111D8EDAB4DF2A2AB0999EAEEEDB056F9F682605FC7F87D56B0E ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe 04:50:38.0566 0x1318 DAEMON Tools Lite Automount - ok 04:50:38.0972 0x1318 [ 6798339CF7C87F5F567A8F050614D6B8, 679180427BD3423EA2C3D81869CAE77B2E6FF149FE374FFDD40C5D8AC0FCD81B ] C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe 04:50:39.0222 0x1318 FileHippo.com - ok 04:50:39.0424 0x1318 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe 04:50:39.0471 0x1318 Sidebar - ok 04:50:39.0487 0x1318 Waiting for KSN requests completion. In queue: 293 04:50:40.0501 0x1318 Waiting for KSN requests completion. In queue: 293 04:50:41.0515 0x1318 Waiting for KSN requests completion. In queue: 293 04:50:42.0529 0x1318 Waiting for KSN requests completion. In queue: 293 04:50:43.0543 0x1318 Waiting for KSN requests completion. In queue: 293 04:50:44.0557 0x1318 Waiting for KSN requests completion. In queue: 293 04:50:45.0571 0x1318 Waiting for KSN requests completion. In queue: 293 04:50:46.0616 0x1318 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated ) 04:50:46.0632 0x1318 Win FW state via NFP2: enabled ( trusted ) 04:50:49.0081 0x1318 ============================================================ 04:50:49.0081 0x1318 Scan finished 04:50:49.0081 0x1318 ============================================================ 04:50:49.0096 0x0198 Detected object count: 1 04:50:49.0096 0x0198 Actual detected object count: 1 04:51:13.0339 0x0198 KlimaLogg Service ( UnsignedFile.Multi.Generic ) - skipped by user 04:51:13.0339 0x0198 KlimaLogg Service ( UnsignedFile.Multi.Generic ) - User select action: Skip |
29.11.2015, 06:59 | #8 |
/// the machine /// TB-Ausbilder | Windows X64 mit FakeAlert infiziert hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.11.2015, 19:34 | #9 |
| Windows X64 mit FakeAlert infiziertCode:
ATTFilter ComboFix 15-11-27.01 - R 29.11.2015 13:10:39.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4061.1844 [GMT 1:00] ausgeführt von:: c:\users\Privat\Downloads\ComboFix\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\KlimaLogg.dat1.tmp c:\users\Privat\AppData\Local\assembly\tmp c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2015-10-28 bis 2015-11-29 )))))))))))))))))))))))))))))) . . 2015-11-29 10:37 . 2015-11-29 10:37 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A907BAEA-68F8-4361-8233-FCED8340AEBE}\offreg.1004.dll 2015-11-29 10:35 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A907BAEA-68F8-4361-8233-FCED8340AEBE}\mpengine.dll 2015-11-28 09:47 . 2015-10-29 09:28 11138400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-11-28 09:47 . 2015-10-08 23:22 69120 ----a-w- c:\windows\system32\nlsbres.dll 2015-11-28 09:47 . 2015-10-08 23:18 6656 ----a-w- c:\windows\SysWow64\KBDAZEL.DLL 2015-11-28 09:47 . 2015-10-08 23:18 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL 2015-11-28 09:47 . 2015-10-08 23:18 7168 ----a-w- c:\windows\system32\KBDAZE.DLL 2015-11-28 09:47 . 2015-10-08 23:17 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll 2015-11-28 09:47 . 2015-10-08 23:18 6656 ----a-w- c:\windows\SysWow64\kbdgeoqw.dll 2015-11-28 09:47 . 2015-10-08 23:18 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll 2015-11-27 00:19 . 2015-11-27 03:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2015-11-22 08:51 . 2015-11-22 08:52 -------- d-----w- C:\TEMP 2015-11-21 11:59 . 2015-11-21 11:59 -------- d-----w- c:\users\R\AppData\Local\fontconfig 2015-11-21 11:59 . 2015-11-21 12:01 -------- d-----w- c:\users\R\.gimp-2.8 2015-11-21 11:59 . 2015-11-21 11:59 -------- d-----w- c:\users\R\AppData\Local\gegl-0.2 2015-11-21 11:32 . 2015-11-21 11:32 -------- d-----w- c:\program files\IrfanView 2015-11-21 11:30 . 2015-11-23 07:10 2192 ----a-w- c:\windows\system32\ASOROSet.bin 2015-11-21 10:27 . 2015-11-21 12:23 -------- d-----w- c:\users\Privat\AppData\Roaming\IrfanView 2015-11-21 08:44 . 2015-11-21 11:32 -------- d-----w- c:\users\R\AppData\Roaming\IrfanView 2015-11-20 16:31 . 2015-11-20 16:31 -------- d-----w- c:\program files (x86)\CDBurnerXP 2015-11-20 15:54 . 2015-11-20 15:54 47160 ----a-w- c:\windows\system32\drivers\dtliteusbbus.sys 2015-11-20 15:53 . 2015-11-20 15:53 30264 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys 2015-11-20 15:53 . 2015-11-24 17:25 -------- d-----w- c:\program files\DAEMON Tools Lite 2015-11-20 10:42 . 2015-11-20 10:42 89600 ----a-w- c:\windows\system32\udefrag.exe 2015-11-20 10:42 . 2015-11-20 10:42 13312 ----a-w- c:\windows\system32\hibernate4win.exe 2015-11-20 10:42 . 2015-11-20 10:42 12288 ----a-w- c:\windows\system32\bootexctrl.exe 2015-11-20 10:41 . 2015-11-20 10:41 33792 ----a-w- c:\windows\system32\wgx.dll 2015-11-20 10:41 . 2015-11-20 10:41 132608 ----a-w- c:\windows\system32\lua5.1a.dll 2015-11-20 10:41 . 2015-11-20 10:41 394752 ----a-w- c:\windows\system32\defrag_native.exe 2015-11-20 10:41 . 2015-11-20 10:41 55808 ----a-w- c:\windows\system32\udefrag.dll 2015-11-20 10:40 . 2015-11-20 10:40 337920 ----a-w- c:\windows\system32\zenwinx.dll 2015-11-12 07:33 . 2015-11-03 17:55 3211264 ----a-w- c:\windows\system32\win32k.sys 2015-11-10 20:58 . 2015-10-29 17:50 342016 ----a-w- c:\windows\system32\apphelp.dll 2015-11-10 20:58 . 2015-10-29 17:49 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2015-11-10 20:58 . 2015-10-29 17:50 6656 ----a-w- c:\windows\system32\shimeng.dll 2015-11-10 20:58 . 2015-10-29 17:50 72192 ----a-w- c:\windows\system32\aelupsvc.dll 2015-11-10 20:58 . 2015-10-29 17:50 5120 ----a-w- c:\windows\SysWow64\shimeng.dll 2015-11-10 20:58 . 2015-10-29 17:50 23552 ----a-w- c:\windows\system32\sdbinst.exe 2015-11-10 20:58 . 2015-10-29 17:49 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe 2015-11-10 20:50 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys 2015-11-10 20:50 . 2015-10-13 16:41 497664 ----a-w- c:\windows\system32\drivers\afd.sys 2015-11-10 20:50 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys 2015-11-10 20:50 . 2015-10-01 18:00 2103296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2015-11-10 20:50 . 2015-10-01 18:00 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe 2015-11-10 20:50 . 2015-10-01 17:50 1415168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll 2015-11-09 08:37 . 2015-11-29 12:20 -------- d-----w- c:\users\Privat\AppData\Local\assembly 2015-11-08 17:38 . 2015-11-09 08:37 -------- d-----w- c:\users\Privat\AppData\Roaming\SmartTools 2015-11-08 17:37 . 2015-11-08 17:37 -------- d-----w- c:\users\Privat\AppData\Roaming\Programme 2015-11-08 13:13 . 2015-11-08 13:13 -------- d-----w- c:\programdata\HP Photo Creations 2015-11-01 10:53 . 2015-11-09 14:09 -------- d-----w- c:\users\Privat\AppData\Roaming\HP Photo Creations 2015-11-01 10:53 . 2015-11-01 10:59 -------- d-----w- c:\users\Privat\AppData\Roaming\Visan 2015-11-01 10:40 . 2015-11-01 10:40 -------- d-----w- c:\programdata\Visan 2015-11-01 10:36 . 2015-11-01 10:36 -------- d-----w- c:\windows\Hewlett-Packard 2015-11-01 10:34 . 2015-11-15 13:13 -------- d-----w- c:\users\Privat\AppData\Roaming\HpUpdate 2015-10-30 19:15 . 2015-10-30 19:15 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-10-30 19:13 . 2015-10-20 19:39 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-10-30 13:37 . 2015-08-17 12:49 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4FE5B950-DBB7-49CE-8522-7D106762866F}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-11-28 09:53 . 2015-05-03 16:45 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-11-16 05:41 . 2015-05-12 06:54 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-11-16 05:41 . 2015-05-12 06:54 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-11-10 21:17 . 2015-05-03 14:35 145617392 ----a-w- c:\windows\system32\MRT.exe 2015-10-30 19:13 . 2015-08-24 16:31 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2015-10-29 17:50 . 2015-11-10 20:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2015-10-29 17:50 . 2015-11-10 20:58 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-10-29 17:50 . 2015-11-10 20:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2015-10-29 17:50 . 2015-11-10 20:58 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-10-29 17:49 . 2015-11-10 20:58 562176 ----a-w- c:\windows\apppatch\AcLayers.dll 2015-10-29 17:49 . 2015-11-10 20:58 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-10-29 17:49 . 2015-11-10 20:58 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-10-29 17:49 . 2015-11-10 20:58 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2015-10-29 17:39 . 2015-11-10 20:58 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2015-10-20 19:42 . 2015-10-20 19:42 0 ----a-w- c:\windows\SysWow64\RENEE52.tmp 2015-10-20 00:45 . 2015-11-10 20:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-10-13 00:22 . 2015-10-13 00:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-10-05 07:50 . 2015-05-03 16:45 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-10-05 07:50 . 2015-05-03 16:45 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-10-05 07:50 . 2015-05-03 16:45 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-10-01 18:06 . 2015-10-13 19:49 692672 ----a-w- c:\windows\system32\winload.efi 2015-10-01 18:04 . 2015-10-13 19:49 616360 ----a-w- c:\windows\system32\winresume.efi 2015-10-01 18:00 . 2015-10-13 19:49 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-10-01 18:00 . 2015-10-13 19:49 59392 ----a-w- c:\windows\system32\appidapi.dll 2015-10-01 18:00 . 2015-10-13 19:49 32768 ----a-w- c:\windows\system32\appidsvc.dll 2015-10-01 18:00 . 2015-10-13 19:49 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-10-01 18:00 . 2015-10-13 19:49 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-10-01 17:50 . 2015-10-13 19:49 50688 ----a-w- c:\windows\SysWow64\appidapi.dll 2015-10-01 17:00 . 2015-10-13 19:49 61440 ----a-w- c:\windows\system32\drivers\appid.sys 2015-09-18 19:22 . 2015-10-09 04:52 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe 2015-09-18 19:19 . 2015-10-09 04:52 700416 ----a-w- c:\windows\system32\invagent.dll 2015-09-18 19:19 . 2015-10-09 04:52 766464 ----a-w- c:\windows\system32\generaltel.dll 2015-09-18 19:19 . 2015-10-09 04:52 503808 ----a-w- c:\windows\system32\devinv.dll 2015-09-18 19:19 . 2015-10-09 04:52 1291264 ----a-w- c:\windows\system32\appraiser.dll 2015-09-18 19:19 . 2015-10-09 04:52 73216 ----a-w- c:\windows\system32\acmigration.dll 2015-09-18 19:09 . 2015-10-09 04:52 1163776 ----a-w- c:\windows\system32\aeinv.dll 2015-09-02 03:04 . 2015-09-08 20:18 41984 ----a-w- c:\windows\system32\lpk.dll 2015-09-02 03:04 . 2015-09-08 20:18 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-09-02 03:04 . 2015-09-08 20:18 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-09-02 03:04 . 2015-09-08 20:18 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-09-02 02:48 . 2015-09-08 20:18 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-09-02 02:48 . 2015-09-08 20:18 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-09-02 02:48 . 2015-09-08 20:18 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-09-02 02:47 . 2015-09-08 20:18 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-09-02 01:47 . 2015-09-08 20:18 372736 ----a-w- c:\windows\system32\atmfd.dll 2015-09-02 01:33 . 2015-09-08 20:18 299520 ----a-w- c:\windows\SysWow64\atmfd.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FileHippo.com"="c:\program files (x86)\FileHippo.com\FileHippo.AppManager.exe" [2015-09-02 10566352] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-06 597040] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] . c:\users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\ Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=DEU /_WFM="." [2009-11-16 517384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0regdefrag\0PowerRemover.exe\0defrag_native . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] R3 CSUService;COMODO System Utilities Service;c:\program files\COMODO\COMODO System Utilities\CSUService.exe;c:\program files\COMODO\COMODO System Utilities\CSUService.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 hmpalertsvc;HitmanPro.Alert Service;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe;c:\program files (x86)\HitmanPro.Alert\hmpalert.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] R4 KlimaLogg Service;KlimaLogg Service;c:\program files (x86)\KlimaLoggPro\KlimaLoggProService.exe;c:\program files (x86)\KlimaLoggPro\KlimaLoggProService.exe [x] R4 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x] R4 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x] R4 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x] R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x] S0 file_tracker;file_tracker;c:\windows\system32\DRIVERS\file_tracker.sys;c:\windows\SYSNATIVE\DRIVERS\file_tracker.sys [x] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys;c:\windows\SYSNATIVE\DRIVERS\hotcore3.sys [x] S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] S1 Uim_DEVIM;UIM Direct Device Image Plugin;c:\windows\system32\DRIVERS\uim_devim.sys;c:\windows\SYSNATIVE\DRIVERS\uim_devim.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 hmpalert;HitmanPro.Alert Support Driver;c:\windows\system32\drivers\hmpalert.sys;c:\windows\SYSNATIVE\drivers\hmpalert.sys [x] S2 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x] S2 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys;c:\windows\SYSNATIVE\DRIVERS\azvusb.sys [x] S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x] S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 rtl819xpn64;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) PCI NIC-NT-Treiber;c:\windows\system32\DRIVERS\rtl819xp.sys;c:\windows\SYSNATIVE\DRIVERS\rtl819xp.sys [x] S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys;c:\windows\SYSNATIVE\Drivers\VMC326.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2015-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-12 05:41] . 2015-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23 18:37] . 2015-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23 18:37] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError] @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}" [HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}] 2014-09-09 08:05 2832680 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress] @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}" [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}] 2014-09-09 08:05 2832680 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk] @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}" [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}] 2014-09-09 08:05 2832680 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: FRITZ!Box Dial - c:\program files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm IE: FRITZ!Box Dial\Contexts - 16 (0x10) IE: FRITZ!Box Dial\Flags IE: Mit FRITZ!Box Anrufen - c:\program files (x86)\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm IE: Mit FRITZ!Box Anrufen\Contexts - 16 (0x10) IE: Mit FRITZ!Box Anrufen\Flags IE: {{328ECD19-C167-40eb-A0C7-16FE7634105F} - {CC68A724-B5F7-4bd3-865C-7D97141A140F} - c:\program files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\R\AppData\Roaming\Mozilla\Firefox\Profiles\677lsznv.default-1448105328320\ FF - prefs.js: browser.startup.homepage - www.google.de . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{00C74A70-2911-3D24-8535-9F010241E641}] @DACL=(02 0000) @="STP_WdFLAss.ucCommonOptions" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{0C8EE82E-A958-4E00-BC74-0AB54908B85B}] @DACL=(02 0000) @="STP_WdFLAss.AddinModule" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{1CE72AEA-88E4-3AA3-81F3-CAEA793C3236}] @DACL=(02 0000) @="STP_WdFLAss.LanguageComboBox" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{1EFF7739-9BDA-4295-BC07-383554CAAC84}] @DACL=(02 0000) @="PSFactoryBuffer" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{21D20224-BD27-3681-8F20-DFF9135D9101}] @DACL=(02 0000) @="STP_WdFLAss.clsExecProg" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{4215B57E-66D0-313B-8604-5F12E85FAB13}] @DACL=(02 0000) @="STP_WdFLAss.LanguageComboBoxItem" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{47FA387F-4D88-3287-87CB-D2B617676F70}] @DACL=(02 0000) @="STP_WdFLAss.LOGFONT" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{4E9C882E-EFC7-3D8D-9D22-4A893DFDFDD1}] @DACL=(02 0000) @="STP_WdFLAss.ucChooseLine" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{55F5BC39-DE0C-3BBB-B3CA-838ADD86E5B0}] @DACL=(02 0000) @="STP_WdFLAss.clsLICMessages" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{8D278397-5348-37DF-A3AC-2E9A7BC55DEA}] @DACL=(02 0000) @="STP_WdFLAss.frmOptions" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{8FE00501-5235-3AFA-BC1B-736F987D730A}] @DACL=(02 0000) @="STP_WdFLAss.frmInfo" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{A775286B-E15B-3B20-9F69-676E4FF9B439}] @DACL=(02 0000) @="STP_WdFLAss.frmLicense" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{AAB59D6C-A9D6-3432-A706-9E06FA54D5F8}] @DACL=(02 0000) @="STP_WdFLAss.MyImageComboBox" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{BD52027B-C216-3B98-A5E1-39E3BEDAC347}] @DACL=(02 0000) @="STP_WdFLAss.adxWordTPFLAss" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{C199B900-D2D3-39CA-A96E-DDD07CDE6181}] @DACL=(02 0000) @="STP_WdFLAss.frmInpBoxEx" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{CF6DD514-4B56-30D6-986F-D7654CB975CE}] @DACL=(02 0000) @="STP_WdFLAss.ucNewsletterAbo" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{D703D1DA-0666-317D-BE10-BBCB5C81E560}] @DACL=(02 0000) @="STP_WdFLAss.ImageComboBoxItem" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{F3537E65-8FAB-3D5B-8612-48CC6485F80D}] @DACL=(02 0000) @="STP_WdFLAss.frmMsgBoxEx" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{FAB69CC6-94C7-361E-8CB9-2A91619457E2}] @DACL=(02 0000) @="STP_WdFLAss.clsLICCheck" . [HKEY_USERS\S-1-5-21-1269753938-3578349479-3780603664-1004_Classes\CLSID\{FFBAC67A-59A5-3AA8-86D3-805141B519FA}] @DACL=(02 0000) @="STP_WdFLAss.ucOnOff" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.18" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2015-11-29 13:26:24 ComboFix-quarantined-files.txt 2015-11-29 12:26 . Vor Suchlauf: 21 Verzeichnis(se), 30.196.310.016 Bytes frei Nach Suchlauf: 27 Verzeichnis(se), 30.341.832.704 Bytes frei . - - End Of File - - 850B545DDD1DD24104A9C0E2AFD7BF7A A36C5E4F47E84449FF07ED3517B43A31 Rk1757 Rechner ist seehr langsam... Danke Rk1757 |
30.11.2015, 07:59 | #10 |
/// the machine /// TB-Ausbilder | Windows X64 mit FakeAlert infiziert Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.12.2015, 08:16 | #11 |
| Windows X64 mit FakeAlert infiziertCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 01.12.2015 Suchlaufzeit: 21:53 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.01.06 Rootkit-Datenbank: v2015.11.26.01 Lizenz: Premium-Version Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Aktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: R Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 445185 Abgelaufene Zeit: 36 Min., 5 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 02/12/2015 um 06:53:55 # Aktualisiert am 30/11/2015 von Xplode # Datenbank : 2015-11-30.1 [Server] # Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64) # Benutzername : R - R-PC-SAM # Gestartet von : C:\Users\Privat\Downloads\AdwCleaner\AdwCleaner_5.023.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} [-] Schlüssel Gelöscht : HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\distromatic ***** [ Internetbrowser ] ***** ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ########## EOF - \AdwCleaner\AdwCleaner[C16].txt - [1456 Bytes] ########## Code:
ATTFilter # AdwCleaner v5.023 - Bericht erstellt am 02/12/2015 um 06:53:55 # Aktualisiert am 30/11/2015 von Xplode # Datenbank : 2015-11-30.1 [Server] # Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64) # Benutzername : R - R-PC-SAM # Gestartet von : C:\Users\Privat\Downloads\AdwCleaner\AdwCleaner_5.023.exe # Option : Löschen # Unterstützung : hxxp://toolslib.net/forum ***** [ Dienste ] ***** ***** [ Ordner ] ***** ***** [ Dateien ] ***** ***** [ DLLs ] ***** ***** [ Verknüpfungen ] ***** ***** [ Aufgabenplanung ] ***** ***** [ Registrierungsdatenbank ] ***** [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} [-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} [-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} [-] Schlüssel Gelöscht : HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\distromatic ***** [ Internetbrowser ] ***** ************************* :: "Tracing" Schlüssel gelöscht :: Proxy Einstellungen zurückgesetzt :: Winsock Einstellungen zurückgesetzt :: Internet Explorer Richtlinien gelöscht :: Chrome Richtlinien gelöscht ########## EOF - \AdwCleaner\AdwCleaner[C16].txt - [1456 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 7 Ultimate x64 Ran by R (Administrator) on 02.12.2015 at 7:01:06,25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Windows\SysWOW64\RENEE52.tmp (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.12.2015 at 7:05:17,22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015 durchgeführt von R (Administrator) auf R-PC-SAM (02-12-2015 07:10:13) Gestartet von C:\Users\Privat\Downloads\FRST Geladene Profile: R & Privat (Verfügbare Profile: R & Coach & Privat) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] () HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C16].txt HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\...\MountPoints2: {fab08242-f2ed-11e4-992c-002454164d61} - G:\start.exe ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] () BootExecute: autocheck autochk * regdefragPowerRemover.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{577C61D7-1B72-41BF-A1D7-2A177E50DDC8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{97B1E5B2-DDE4-4846-98AF-3ED3951786B1}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://zeus.daa.de/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-30] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\677lsznv.default-1448105328320 FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-16] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1269753938-3578349479-3780603664-1004: @Citrix.com/npican -> C:\Users\Privat\AppData\Local\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.) FF Plugin HKU\S-1-5-21-1269753938-3578349479-3780603664-1004: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Privat\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd) S3 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-06-02] (SurfRight B.V.) S4 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2480640 2014-05-27] () [Datei ist nicht signiert] S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-20] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2015-11-20] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-05-09] (Acronis International GmbH) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-06-02] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2015-05-05] (Paragon Software Group) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2015-05-23] (Realtek Semiconductor Corporation ) R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-07-26] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-26] (Acronis International GmbH) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-07-24] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-07-24] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-07-24] () R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2015-05-16] (Vimicro Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-02 07:05 - 2015-12-02 07:05 - 00000609 _____ C:\Users\R\Desktop\JRT.txt 2015-12-02 06:58 - 2015-12-02 06:58 - 00001735 _____ C:\Users\Privat\Desktop\JRT.exe - Verknüpfung.lnk 2015-12-02 06:50 - 2015-12-02 06:51 - 00001194 _____ C:\Users\Privat\Desktop\mbam.txt 2015-11-29 18:08 - 2015-11-29 18:08 - 00204416 _____ C:\Users\Privat\AppData\Local\recently-used.xbel 2015-11-29 13:26 - 2015-11-29 13:26 - 00030948 _____ C:\ComboFix.txt 2015-11-29 13:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-29 13:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-29 13:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-29 13:07 - 2015-11-29 13:26 - 00000000 ____D C:\Qoobox 2015-11-29 13:07 - 2015-11-29 13:23 - 00000000 ____D C:\Windows\erdnt 2015-11-29 13:05 - 2015-11-29 13:05 - 00000000 ____D C:\Users\Privat\Downloads\ComboFix 2015-11-29 13:04 - 2015-11-29 13:04 - 05639804 _____ (Swearware) C:\Users\Privat\Downloads\ComboFix.exe 2015-11-28 11:11 - 2015-11-28 11:13 - 00000004 _____ C:\Windows\CSCCompactState 2015-11-28 11:11 - 2015-11-28 11:11 - 00002182 _____ C:\Windows\hiveList.dmp 2015-11-28 10:56 - 2015-11-28 10:56 - 00000000 ____D C:\Users\R\Documents\Meine FileHippo-Downloads 2015-11-28 10:47 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-11-28 10:47 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-11-28 10:47 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-11-28 10:47 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-11-28 10:47 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-11-28 10:47 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-11-28 10:47 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-11-28 10:47 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2015-11-28 10:47 - 2015-10-08 20:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls 2015-11-28 10:47 - 2015-10-08 19:52 - 00419928 _____ C:\Windows\system32\locale.nls 2015-11-27 04:49 - 2015-11-27 04:53 - 00214200 _____ C:\TDSSKiller.3.1.0.6_27.11.2015_04.49.35_log.txt 2015-11-27 04:39 - 2015-11-27 04:47 - 00213608 _____ C:\TDSSKiller.3.1.0.6_27.11.2015_04.39.37_log.txt 2015-11-27 04:37 - 2015-11-27 04:38 - 00000000 ____D C:\Users\Privat\Downloads\TDSSKiller 2015-11-27 01:19 - 2015-11-27 04:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-27 01:16 - 2015-11-27 01:17 - 00000000 ____D C:\Users\Privat\Downloads\Malwarebyte Anti-Rootkit 2015-11-25 18:07 - 2015-11-25 18:07 - 00000000 ____D C:\Users\Privat\Downloads\Gmer 2015-11-25 18:00 - 2015-11-25 18:00 - 00000000 _____ C:\Users\R\defogger_reenable 2015-11-25 17:59 - 2015-11-25 23:08 - 00000000 ____D C:\Users\Privat\Downloads\Defogger 2015-11-24 14:58 - 2015-11-24 14:58 - 00000000 ____D C:\Users\Privat\Downloads\QuizPro 2015-11-24 14:22 - 2015-11-24 14:22 - 00223505 _____ C:\Users\R\Downloads\Setup.exe 2015-11-24 14:21 - 2015-11-24 14:57 - 00000000 ____D C:\Users\Privat\Downloads\SIMcon 2015-11-24 08:46 - 2015-11-24 08:46 - 00000000 ____D C:\Users\Privat\Documents\Meine FileHippo-Downloads 2015-11-23 14:12 - 2015-11-23 14:12 - 00001138 _____ C:\Users\Privat\Desktop\MediathekView.lnk 2015-11-23 06:41 - 2015-11-23 06:41 - 00002022 _____ C:\Users\R\Desktop\FileHippo App Manager.lnk 2015-11-23 06:40 - 2015-11-23 06:40 - 00000000 ____D C:\Users\Privat\Downloads\FileHippo 2015-11-22 09:51 - 2015-11-22 09:52 - 00000000 ____D C:\TEMP 2015-11-21 12:59 - 2015-11-21 13:01 - 00000000 ____D C:\Users\R\.gimp-2.8 2015-11-21 12:59 - 2015-11-21 12:59 - 00000000 ____D C:\Users\R\AppData\Local\gegl-0.2 2015-11-21 12:59 - 2015-11-21 12:59 - 00000000 ____D C:\Users\R\AppData\Local\fontconfig 2015-11-21 12:32 - 2015-11-21 12:32 - 00001852 _____ C:\Users\Public\Desktop\IrfanView 64 Thumbnails.lnk 2015-11-21 12:32 - 2015-11-21 12:32 - 00000982 _____ C:\Users\Public\Desktop\IrfanView 64.lnk 2015-11-21 12:32 - 2015-11-21 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2015-11-21 12:32 - 2015-11-21 12:32 - 00000000 ____D C:\Program Files\IrfanView 2015-11-21 12:30 - 2015-11-23 08:10 - 00002192 _____ C:\Windows\system32\ASOROSet.bin 2015-11-21 12:30 - 2015-11-21 12:30 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2015-11-21 12:28 - 2015-11-21 12:28 - 00000000 ____D C:\Users\R\Desktop\Alte Firefox-Daten 2015-11-21 11:27 - 2015-11-21 13:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\IrfanView 2015-11-21 09:44 - 2015-11-21 12:32 - 00000000 ____D C:\Users\R\AppData\Roaming\IrfanView 2015-11-21 09:42 - 2015-11-21 11:54 - 00000000 ____D C:\Users\Privat\Downloads\IrfanView 2015-11-20 17:31 - 2015-11-20 17:31 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2015-11-20 16:54 - 2015-11-20 16:54 - 00047160 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2015-11-20 16:53 - 2015-11-24 18:25 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-11-20 16:53 - 2015-11-20 16:53 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-11-20 11:42 - 2015-11-20 11:42 - 00089600 _____ (UltraDefrag Development Team) C:\Windows\system32\udefrag.exe 2015-11-20 11:42 - 2015-11-20 11:42 - 00013312 _____ (UltraDefrag Development Team) C:\Windows\system32\hibernate4win.exe 2015-11-20 11:42 - 2015-11-20 11:42 - 00012288 _____ (UltraDefrag Development Team) C:\Windows\system32\bootexctrl.exe 2015-11-20 11:41 - 2015-11-20 11:41 - 00394752 _____ (UltraDefrag Development Team) C:\Windows\system32\defrag_native.exe 2015-11-20 11:41 - 2015-11-20 11:41 - 00132608 _____ C:\Windows\system32\lua5.1a.dll 2015-11-20 11:41 - 2015-11-20 11:41 - 00055808 _____ (UltraDefrag Development Team) C:\Windows\system32\udefrag.dll 2015-11-20 11:41 - 2015-11-20 11:41 - 00033792 _____ (UltraDefrag Development Team) C:\Windows\system32\wgx.dll 2015-11-20 11:40 - 2015-11-20 11:40 - 00337920 _____ (UltraDefrag Development Team) C:\Windows\system32\zenwinx.dll 2015-11-17 06:44 - 2015-11-17 08:25 - 00014217 _____ C:\Users\Privat\Documents\Fritzbox.xlsx 2015-11-12 08:33 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-10 21:59 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-10 21:59 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-10 21:59 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-10 21:59 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-10 21:59 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-10 21:59 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-10 21:59 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-10 21:59 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-10 21:59 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-10 21:59 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-10 21:59 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-10 21:59 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-10 21:59 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-10 21:59 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-10 21:59 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-10 21:59 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-10 21:59 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-10 21:59 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-10 21:59 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-10 21:59 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-10 21:59 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-10 21:59 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-10 21:59 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-10 21:59 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-10 21:59 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-10 21:59 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-10 21:59 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-10 21:59 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-10 21:59 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-10 21:59 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-10 21:59 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-10 21:59 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-10 21:59 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-10 21:59 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-10 21:59 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-10 21:59 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-10 21:59 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-10 21:59 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-10 21:59 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-10 21:59 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-10 21:59 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-10 21:59 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-10 21:59 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-10 21:59 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-10 21:59 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-10 21:59 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-10 21:59 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-10 21:59 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-10 21:59 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-10 21:59 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-10 21:59 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-10 21:59 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-10 21:59 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-10 21:59 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-10 21:59 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-10 21:59 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-10 21:59 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-10 21:59 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-10 21:59 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-10 21:59 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-10 21:59 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-10 21:59 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-10 21:59 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-10 21:59 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-10 21:59 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-10 21:59 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-10 21:59 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-10 21:59 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-10 21:59 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-10 21:59 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-10 21:59 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-10 21:59 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-10 21:59 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-10 21:59 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-10 21:59 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-10 21:59 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-10 21:59 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-10 21:59 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-10 21:59 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-10 21:59 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-10 21:59 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-10 21:59 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-10 21:59 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-10 21:59 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-10 21:59 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-10 21:59 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-10 21:59 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-10 21:59 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-10 21:59 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-10 21:59 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-10 21:58 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-10 21:58 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-10 21:58 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-10 21:58 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-10 21:50 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-10 21:50 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-10 21:50 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-10 21:49 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-10 21:49 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-10 21:49 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-10 18:05 - 2015-11-10 18:05 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 2015-11-10 18:00 - 2015-11-10 18:00 - 00000000 ____D C:\Users\R\Desktop\OpenOffice 4.1.2 (de) Installation Files 2015-11-10 17:35 - 2015-11-10 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag 2015-11-08 18:38 - 2015-11-09 09:37 - 00000000 ____D C:\Users\Privat\AppData\Roaming\SmartTools 2015-11-08 18:38 - 2015-11-08 18:38 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTools 2015-11-08 18:37 - 2015-11-08 18:37 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Programme 2015-11-08 16:09 - 2015-11-08 16:09 - 00000000 ____D C:\Users\Privat\Downloads\Falzassi 2015-11-08 14:14 - 2015-11-08 14:14 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk 2015-11-08 14:14 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-08 14:14 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-08 14:14 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-08 14:14 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-08 14:14 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-08 14:14 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-08 14:14 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-08 14:14 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-08 14:13 - 2015-11-08 14:14 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2015-11-08 14:13 - 2015-11-08 14:13 - 00000000 ____D C:\ProgramData\HP Photo Creations 2015-11-07 09:50 - 2015-11-08 16:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-06 01:40 - 2015-11-06 01:40 - 00172765 _____ C:\Users\Privat\Downloads\Rechnung_4101.pdf 2015-11-02 11:11 - 2015-11-02 11:12 - 00000000 ____D C:\Users\Privat\Downloads\Setup Pixum Fotowelt ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-02 08:12 - 2015-06-28 13:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-02 08:12 - 2015-05-23 19:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-02 07:10 - 2015-05-03 18:43 - 00000000 ____D C:\Users\Privat\Downloads\FRST 2015-12-02 07:10 - 2015-03-28 08:26 - 00000000 ____D C:\FRST 2015-12-02 07:09 - 2015-05-03 19:39 - 00000000 ____D C:\Windows\CryptoGuard 2015-12-02 07:04 - 2009-07-14 05:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-02 07:04 - 2009-07-14 05:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-02 06:58 - 2015-07-23 11:16 - 00000000 ____D C:\Users\Privat\Downloads\Junkware Removal Tool 2015-12-02 06:56 - 2015-05-23 19:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-02 06:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-02 06:53 - 2014-12-22 04:01 - 00000000 ____D C:\AdwCleaner 2015-12-02 06:45 - 2015-05-23 19:37 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-02 06:45 - 2015-05-23 19:37 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-02 06:43 - 2015-05-03 18:01 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{188137A1-1E81-4F3A-8688-E6E423B81A2B} 2015-12-02 06:43 - 2015-05-03 17:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-01 21:58 - 2015-05-03 18:41 - 00000000 ____D C:\Users\Privat\Downloads\AdwCleaner 2015-12-01 19:48 - 2015-05-03 20:14 - 00000000 ____D C:\Users\Privat\Documents\Outlook-Dateien 2015-12-01 19:37 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\Birkenring 40 2015-11-29 18:09 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.gimp-2.8 2015-11-29 18:08 - 2015-05-03 18:25 - 00000000 ____D C:\Users\Privat\AppData\Local\gtk-2.0 2015-11-29 17:47 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.thumbnails 2015-11-29 14:51 - 2015-07-28 08:13 - 00002127 _____ C:\Users\Public\Desktop\Smart Switch.lnk 2015-11-29 14:50 - 2015-05-03 18:28 - 00000000 ___RD C:\Users\Privat\Desktop\Admi 2015-11-29 13:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-11-29 13:21 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-11-28 13:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-28 12:18 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\vlc 2015-11-28 11:28 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\DAA GVM 2015-11-28 11:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-11-28 11:14 - 2009-07-14 05:45 - 00536848 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-28 11:07 - 2015-05-03 14:59 - 00000000 ____D C:\Windows\Minidump 2015-11-28 11:05 - 2015-05-14 18:43 - 00007630 _____ C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-11-28 11:01 - 2015-05-03 16:18 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{40C5265C-6D46-4C88-9275-57E22DF0E601} 2015-11-28 10:59 - 2015-10-09 16:29 - 00000930 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-11-28 10:59 - 2015-10-09 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-11-28 10:59 - 2015-10-09 16:29 - 00000000 ____D C:\Program Files\Calibre2 2015-11-28 10:53 - 2015-05-03 15:27 - 00000000 ____D C:\Users\R 2015-11-28 10:09 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\MyPhoneExplorer 2015-11-28 09:58 - 2015-05-14 11:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1 2015-11-28 09:58 - 2015-05-03 18:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\KlimaLoggPro 2015-11-25 22:27 - 2015-07-03 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-24 18:26 - 2015-05-03 18:42 - 00000000 ____D C:\Users\Privat\Downloads\CCleaner 2015-11-24 15:01 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\Microsoft Safety Scanner 2015-11-24 14:23 - 2015-07-26 17:13 - 00004238 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-1269753938-3578349479-3780603664-1004 2015-11-24 14:23 - 2015-07-26 17:13 - 00003300 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-1269753938-3578349479-3780603664-1004 2015-11-24 13:50 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Mp3tag 2015-11-24 09:39 - 2015-05-03 20:24 - 00000000 ____D C:\Users\Privat\Documents\T-Mobile 2015-11-24 09:26 - 2015-05-03 20:25 - 00000000 ____D C:\Users\Privat\Documents\T-Online 2015-11-24 08:56 - 2015-05-04 09:41 - 00000000 ____D C:\Program Files\UltraDefrag 2015-11-24 08:55 - 2015-05-04 09:41 - 00000860 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk 2015-11-24 08:54 - 2015-05-03 18:52 - 00000000 ____D C:\Users\Privat\Downloads\UltraDefrag 2015-11-24 08:53 - 2015-05-03 19:23 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-11-24 08:28 - 2015-05-07 06:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-11-23 14:12 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\MediathekView 2015-11-23 14:10 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.mediathek3 2015-11-23 08:56 - 2009-07-14 18:58 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-11-23 08:56 - 2009-07-14 18:58 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-11-23 08:56 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-23 08:11 - 2015-05-03 17:40 - 00000000 ____D C:\Users\Privat 2015-11-23 08:10 - 2009-07-14 03:34 - 94633984 _____ C:\Windows\system32\config\software.bak 2015-11-23 08:10 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\system.bak 2015-11-23 08:10 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2015-11-23 06:57 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2015-11-23 06:41 - 2015-05-09 11:44 - 00002052 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk 2015-11-23 06:41 - 2015-05-09 11:44 - 00000000 ____D C:\Program Files (x86)\FileHippo.com 2015-11-22 18:46 - 2015-07-17 17:02 - 00000000 ____D C:\Users\Privat\MediathekView 2015-11-21 12:26 - 2015-05-03 15:28 - 00000000 ____D C:\Users\R\AppData\Local\VirtualStore 2015-11-21 12:04 - 2015-05-03 17:40 - 00000000 ____D C:\Users\Privat\AppData\Local\VirtualStore 2015-11-21 11:52 - 2015-05-03 16:44 - 00156352 _____ C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-21 09:33 - 2015-05-03 18:25 - 00000000 ____D C:\Users\Privat\AppData\Local\JDownloader 2.0 2015-11-20 17:31 - 2015-08-30 10:49 - 00001159 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-11-20 17:31 - 2015-08-30 10:49 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-11-20 17:30 - 2015-05-08 18:42 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Skype 2015-11-20 17:29 - 2015-05-08 18:41 - 00000000 ____D C:\ProgramData\Skype 2015-11-20 16:45 - 2015-05-03 18:43 - 00000000 ____D C:\Users\Privat\Downloads\Daemon Lite 2015-11-20 12:35 - 2015-05-03 20:25 - 00000000 ____D C:\Users\Privat\Documents\Trauerrede 2015-11-19 22:20 - 2015-05-03 18:42 - 00000000 ____D C:\Users\Privat\Downloads\Calibre 2015-11-16 06:41 - 2015-06-28 13:05 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-16 06:41 - 2015-05-12 07:54 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-16 06:41 - 2015-05-12 07:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-15 14:13 - 2015-11-01 11:34 - 00000000 ____D C:\Users\Privat\AppData\Roaming\HpUpdate 2015-11-12 12:18 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-10 22:25 - 2015-05-03 15:35 - 00000000 ____D C:\Windows\system32\MRT 2015-11-10 22:17 - 2015-05-03 15:35 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-10 22:16 - 2015-05-03 21:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-11-10 22:08 - 2015-05-04 05:29 - 01593564 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-10 22:03 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-10 21:56 - 2015-09-12 14:06 - 00000000 ____D C:\Users\Privat\TapinRadio 2015-11-10 18:51 - 2015-05-03 17:41 - 00156352 _____ C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT 2015-11-10 18:05 - 2015-05-13 09:55 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2015-11-10 18:05 - 2015-05-03 18:48 - 00000000 ____D C:\Users\Privat\Downloads\OpenOffice 2015-11-10 17:35 - 2015-05-03 19:20 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2015-11-10 17:34 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\Mp3Tag 2015-11-09 15:09 - 2015-11-01 11:59 - 00000000 ___RD C:\Users\Privat\Documents\RocketLifeNetwork 2015-11-09 15:09 - 2015-11-01 11:53 - 00000000 ____D C:\Users\Privat\AppData\Roaming\HP Photo Creations 2015-11-09 09:37 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\Add-in Express 2015-11-08 16:03 - 2015-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-11-08 14:14 - 2015-05-07 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-11-07 15:34 - 2015-07-25 08:14 - 00000000 ____D C:\Users\Privat\AppData\LocalLow\Adblock Plus for IE 2015-11-04 08:07 - 2015-07-17 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-02 11:02 - 2015-05-03 18:12 - 00000000 ____D C:\Users\Privat\Downloads\TotalComander ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-14 14:45 - 2015-05-14 14:45 - 0000036 _____ () C:\Users\R\AppData\Local\housecall.guid.cache 2015-05-14 18:43 - 2015-11-28 11:05 - 0007630 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-05-09 10:11 - 2015-05-09 10:11 - 0000043 ___SH () C:\ProgramData\.zreglib 2015-05-23 08:16 - 2015-05-23 08:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-05-14 11:14 - 2015-11-28 09:58 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1 2015-05-07 11:33 - 2015-05-07 11:33 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore Einige Dateien in TEMP: ==================== C:\Users\R\AppData\Local\temp\Execute2App.exe C:\Users\R\AppData\Local\temp\msvcp90.dll C:\Users\R\AppData\Local\temp\msvcr90.dll C:\Users\R\AppData\Local\temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-01 22:44 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-11-2015 durchgeführt von R (2015-11-25 23:10:07) Gestartet von C:\Users\Privat\Downloads\FRST Windows 7 Ultimate Service Pack 1 (X64) (2015-05-03 14:27:52) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1269753938-3578349479-3780603664-500 - Administrator - Disabled) Coach (S-1-5-21-1269753938-3578349479-3780603664-1003 - Limited - Enabled) => C:\Users\Coach Gast (S-1-5-21-1269753938-3578349479-3780603664-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1269753938-3578349479-3780603664-1002 - Limited - Enabled) Privat (S-1-5-21-1269753938-3578349479-3780603664-1004 - Limited - Enabled) => C:\Users\Privat R (S-1-5-21-1269753938-3578349479-3780603664-1001 - Administrator - Enabled) => C:\Users\R ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Acronis True Image 2015 (HKLM-x32\...\{2F70A6E6-2F71-4907-8441-BDC5D300310B}Visible) (Version: 18.0.6613 - Acronis) Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden Adblock Plus für IE (32-Bit- und 64-Bit) (HKLM\...\{588B7DD2-3480-4A89-A8F6-C6781CBFAD56}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{25107779-C295-EB3E-3C92-AC1B45680012}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - ) AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin) AVM FRITZ!Box AddOn (IE) (x64) (HKLM\...\{EC3671D7-98AC-4951-8FFD-5556BE066137}) (Version: 1.7.0 - AVM Berlin) AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) BatteryLifeExtender (HKLM-x32\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung) Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation) calibre 64bit (HKLM\...\{A80512D3-A72D-4DAF-B7DF-3804F9FAB1CE}) (Version: 2.44.1 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes) COMODO System Utilities (HKLM\...\{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}) (Version: 4.0.226743.26 - COMODO) Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd) Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team) Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.) HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation) Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.17 - Oracle Corporation) Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version: - TFA Dostmann) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.16.3 - Marvell) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) Mp3tag v2.72 (HKLM-x32\...\Mp3tag) (Version: v2.72 - Florian Heidenreich) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger) Namuga 1.3M Webcam (HKLM-x32\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team) Online Plug-in (x32 Version: 14.3.0.5014 - Citrix Systems, Inc.) Hidden OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation) Paragon Festplatten Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software) Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC) Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7459 - Realtek Semiconductor Corp.) S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Self-Service Plug-in (x32 Version: 4.3.0.8352 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.102 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Hidden SmartTools Falz & Lochmarken-Assistent 8.3 für Word (HKLM-x32\...\{522C2E5C-3895-44C3-9AD7-F59CAFE8990A}) (Version: 8.3.0.0 - SmartTools Publishing) Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{C9347A74-CDAD-4076-B754-11752F6BE324}) (Version: 22.0.334.0 - Hewlett-Packard Co.) SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated) TapinRadio 1.71.2 (x64) (HKLM-x32\...\TapinRadio_is1) (Version: - Raimersoft) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems) Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.1 - UltraDefrag Development Team) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation) WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden Youtube Downloader HD v. 2.9.9.23 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Wiederherstellungspunkte ========================= ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {147A76FB-38C1-4A40-8DE9-3B284390BAD0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {1A54C5A0-282B-4E7A-9D3F-9F0020E8BF46} - System32\Tasks\avastBCLRestart_firefox.exe => Firefox.exe Task: {33D95203-43E0-41F8-8BED-C0B0D9461821} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.) Task: {6F215F83-37A0-4876-95D9-832C96CDB4A0} - System32\Tasks\avastBCLS-1-5-21-1269753938-3578349479-3780603664-1004 => C:\Users\Privat\AppData\Roaming\AVAST Software\Browser Cleanup\BCUSched.exe [2015-11-25] (AVAST Software) Task: {748B07BB-0D89-4567-B40D-B126424B396A} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.) Task: {8B7C2A31-9A81-4927-8D63-849670C324FA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1269753938-3578349479-3780603664-1003 Task: {9254ED14-7CC2-4A82-8270-3DD255AF0A6B} - System32\Tasks\{5727E98A-C166-4F4F-B69A-624308427126} => pcalua.exe -a C:\Users\R\AppData\Local\Temp\Temp1_PageDefrag.zip\pagedfrg.exe Task: {9783CAC9-C0C1-4FDC-9157-30DCC8F71CA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-16] (Adobe Systems Incorporated) Task: {A4924BCE-2A4B-49C8-9327-DDBE8AD1912F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.) Task: {B0A859EF-BAD3-4298-84CA-E8B5888AB69F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {C3281F30-E698-4C18-A372-D68FBE3631FB} - System32\Tasks\avast! BCU UpdateS-1-5-21-1269753938-3578349479-3780603664-1004 => C:\Users\Privat\AppData\Roaming\AVAST Software\Browser Cleanup\BCUUpdate.exe [2015-03-18] (AVAST Software) Task: {C623C884-470A-4844-8297-719433FFEA0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.) Task: {CB7A9EA7-D653-457A-B398-B9AA1857C4B1} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC) Task: {EAEB4E54-B5CF-4C49-80C0-83CB7942E9BB} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.) Task: {F8CEBDFE-68E8-4F46-96D9-0AC6A9394192} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2015-09-05 12:40 - 2006-02-23 10:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll 2015-09-05 12:40 - 2006-02-22 09:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll 2015-07-31 09:08 - 2015-08-18 12:52 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2015-10-02 12:11 - 2006-08-12 11:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\R\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: !SASCORE => 3 MSCONFIG\Services: AcrSch2Svc => 3 MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\Services: CSUService => 2 MSCONFIG\Services: Disc Soft Lite Bus Service => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: KlimaLogg Service => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: Lexware_Update_Service => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: SWUpdateService => 2 MSCONFIG\Services: syncagentsrv => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => REM C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: adm_tray.exe => REM C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming MSCONFIG\startupreg: HP Software Update => REM C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: PDFPrint => REM C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SunJavaUpdateSched => REM "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TrueImageMonitor.exe => REM "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: UCam_Menu => REM "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{5B5BAAD7-C27A-433D-BF15-8D0466696919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{079FAD09-9EA7-421E-AADB-78B42598D130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{20034301-9439-4F46-AF5C-548B4F2C3809}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{1246295B-6556-44D9-AE3A-E4E573CE8430}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe FirewallRules: [{C9AD7762-34D0-46EF-B212-938167D6034C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{5CF7127C-5FB7-4EE5-8704-DDFAB4E4A8BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe FirewallRules: [{02CE4919-36F7-4A9E-B5A2-3218DA5F6B8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{AF83AD2D-3A2B-43E9-91A2-89EE3B1FA357}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe FirewallRules: [{7C43FFFB-EDCD-4BFD-B1C7-4B3B261D3345}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe FirewallRules: [{8E13B30F-4358-4215-9B06-EB97420A34A2}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe FirewallRules: [{F48AC153-3B3D-4455-B792-CE825D18B5D3}] => (Allow) LPort=1900 FirewallRules: [{E69511C7-8E5A-4946-A703-72AFF079FD3D}] => (Allow) LPort=2869 FirewallRules: [{A1709944-5227-47E7-90C1-A74419ADFADD}] => (Allow) C:\Windows\ehome\ehrecvr.exe FirewallRules: [{AC489AC5-F72B-48C4-AAF9-ACB209AAFAC5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6C82E8B0-543E-497D-8811-23688FAA2D03}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{E8714BE3-A289-4D00-AB7F-4C84D6DF7F5D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{CE91B477-E531-4FBB-A876-7FCC8843DF48}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [TCP Query User{62B2E79A-791B-4208-85D7-AD32377322E9}C:\program files (x86)\teamviewer\teamviewer.exe] => (Block) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [UDP Query User{7CDFF5E7-AE45-4F06-B610-4806C66E8E8D}C:\program files (x86)\teamviewer\teamviewer.exe] => (Block) C:\program files (x86)\teamviewer\teamviewer.exe FirewallRules: [TCP Query User{26746768-E0E9-4991-815E-0F6FCC02138D}C:\tapinradio\tapinradio.exe] => (Allow) C:\tapinradio\tapinradio.exe FirewallRules: [UDP Query User{DA4EECC3-B75D-4FC7-85CB-CA966377DFF7}C:\tapinradio\tapinradio.exe] => (Allow) C:\tapinradio\tapinradio.exe FirewallRules: [{C9A70CE1-4739-4B08-A02B-D048B1CF77AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E028CCF8-70A9-4C2A-ABF9-D80E2458CD94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{BCB88373-596B-4477-B74A-479B0950E202}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E649F107-CC76-4CFB-9C6E-2BB03EAD4D68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3966F306-E517-4E73-AA60-C289B2066D78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{108BAB21-0794-4B55-8A82-11C701FB435C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/25/2015 10:27:12 PM) (Source: MsiInstaller) (EventID: 1023) (User: R-PC-Sam) Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F094E6F00}" konnte nicht installiert werden. Fehlercode 1625. Weitere Informationen sind in der Protokolldatei C:\Users\R\AppData\Local\Temp\MSIfd55d.LOG enthalten. Error: (11/24/2015 02:48:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:48:48 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:25:32 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/24/2015 02:25:29 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:53 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 03:37:52 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (11/20/2015 11:39:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.7162.5003, Zeitstempel: 0x56344207 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56258f05 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000c42d ID des fehlerhaften Prozesses: 0x1208 Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0 Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1 Pfad des fehlerhaften Moduls: OUTLOOK.EXE2 Berichtskennung: OUTLOOK.EXE3 Error: (11/16/2015 06:39:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: dmhkcore.exe, Version: 3.0.3.8, Zeitstempel: 0x4aab9389 Name des fehlerhaften Moduls: dmhkcore.exe, Version: 3.0.3.8, Zeitstempel: 0x4aab9389 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00029497 ID des fehlerhaften Prozesses: 0x8b0 Startzeit der fehlerhaften Anwendung: 0xdmhkcore.exe0 Pfad der fehlerhaften Anwendung: dmhkcore.exe1 Pfad des fehlerhaften Moduls: dmhkcore.exe2 Berichtskennung: dmhkcore.exe3 Systemfehler: ============= Error: (11/25/2015 11:00:25 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (11/25/2015 05:49:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 05:49:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 07:05:37 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (11/25/2015 06:53:58 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/25/2015 06:53:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 10:09:23 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 10:09:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 09:45:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (11/24/2015 09:45:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC) CodeIntegrity: =================================== Date: 2015-11-25 23:07:56.582 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 22:13:54.421 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 19:55:58.042 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 19:43:23.620 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 18:50:06.654 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 18:24:08.533 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 18:13:52.132 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 18:08:34.910 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 17:59:46.426 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-11-25 17:48:11.307 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz Prozentuale Nutzung des RAM: 42% Installierter physikalischer RAM: 4060.61 MB Verfügbarer physikalischer RAM: 2329.5 MB Summe virtueller Speicher: 8119.43 MB Verfügbarer virtueller Speicher: 6280.02 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:198.89 GB) (Free:31.08 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive d: (Daten) (Fixed) (Total:131.39 GB) (Free:36.52 GB) NTFS Drive e: (temp) (Fixed) (Total:59.43 GB) (Free:6.35 GB) NTFS Drive f: (CDRoot) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B4B6F23B) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=198.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=251.8 GB) - (Type=OF Extended) ==================== Ende von Addition.txt ============================ Gruß rk1757 |
02.12.2015, 17:09 | #12 |
/// the machine /// TB-Ausbilder | Windows X64 mit FakeAlert infiziertESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
06.12.2015, 22:08 | #13 |
| Windows X64 mit FakeAlert infiziert Hallo Schrauber, ich melde mich ca. Mittwoch wieder. Bin aktuell außer Gefecht. Gruß rk1757 |
07.12.2015, 21:40 | #14 |
/// the machine /// TB-Ausbilder | Windows X64 mit FakeAlert infiziert ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
16.12.2015, 13:05 | #15 |
| Windows X64 mit FakeAlert infiziertCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=23783 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-05-10 08:08:14 # local_time=2015-05-10 10:08:14 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 620630 54276088 0 0 # scanned=70222 # found=3 # cleaned=0 # scan_time=3793 sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Privat\Downloads\CCleaner\ccsetup505.exe" sh=76650DB27456675E73FF82727D10BDF8C955554D ft=1 fh=81c710273ba94a0a vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Privat\Downloads\CDBurnerXP\cdbxp_setup_4.5.5.5571.exe" sh=2D7B530EC5FD4EB99A8F1E2B24E90E0A31479C99 ft=1 fh=3bc1ec38b6482fca vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Privat\Downloads\CDEX\CDex-1.78-win32.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=23783 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-05-11 12:27:45 # local_time=2015-05-11 02:27:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 636201 54291659 0 0 # scanned=582446 # found=4 # cleaned=4 # scan_time=15213 sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\CCleaner\ccsetup505.exe" sh=76650DB27456675E73FF82727D10BDF8C955554D ft=1 fh=81c710273ba94a0a vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\CDBurnerXP\cdbxp_setup_4.5.5.5571.exe" sh=2D7B530EC5FD4EB99A8F1E2B24E90E0A31479C99 ft=1 fh=3bc1ec38b6482fca vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\CDEX\CDex-1.78-win32.exe" sh=E214737549AC8E5F5AEA4C9EBB68843D7B78A639 ft=1 fh=c71c00115e31d3cb vn="Win32/Toolbar.Montiera.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="E:\Administrator.Reiner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=23786 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-05-11 08:45:34 # local_time=2015-05-11 10:45:34 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 666070 54321528 0 0 # scanned=582820 # found=0 # cleaned=0 # scan_time=16614 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=23867 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-05-15 05:22:55 # local_time=2015-05-15 07:22:55 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 207084 54698169 0 0 # scanned=75405 # found=0 # cleaned=0 # scan_time=1903 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24017 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-05-25 11:51:03 # local_time=2015-05-26 01:51:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1094372 55585457 0 0 # scanned=509005 # found=0 # cleaned=0 # scan_time=14457 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-02 09:30:52 # local_time=2015-06-02 11:30:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=36882 Update Finalize Updated modules version: 24017 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-03 04:02:46 # local_time=2015-06-03 06:02:46 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24143 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-06-03 04:04:37 # local_time=2015-06-03 06:04:37 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24143 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-03 09:24:08 # local_time=2015-06-03 11:24:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1819957 56311042 0 0 # scanned=489175 # found=2 # cleaned=2 # scan_time=19170 sh=69C29CB155D00FE075DD260B1E26780654A0F1DC ft=1 fh=1b7d157806508673 vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\youtube_downloader_hd_setup.exe" sh=1842A9325703F197956375C64B713635E6A62FD1 ft=1 fh=960cf280be25f633 vn="Variante von Win32/UniBlue.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\Uniblue Driverscanner\driverscanner.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-04 01:01:11 # local_time=2015-06-04 03:01:11 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24170 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-06-04 01:02:10 # local_time=2015-06-04 03:02:10 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24170 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-04 01:10:24 # local_time=2015-06-04 03:10:24 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1919933 56411018 0 0 # scanned=1328 # found=0 # cleaned=0 # scan_time=493 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-11 09:21:58 # local_time=2015-06-11 11:21:58 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24278 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-06-11 09:31:12 # local_time=2015-06-11 11:31:12 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24278 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-11 11:19:24 # local_time=2015-06-11 01:19:24 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 2518073 57009158 0 0 # scanned=144273 # found=2 # cleaned=0 # scan_time=6491 sh=012CB3E628C9FAC1159A4BA01F79C6C905757FF9 ft=1 fh=2ab5bfb1b985039b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Privat\Downloads\ccsetup506.exe" sh=9C57C3F2698DACABA1F7DC6EE4E74079B404D1AB ft=1 fh=00a0b7b1eb8d5611 vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung" ac=I fn="C:\Users\Privat\Downloads\cdbxp_setup_4.5.5.5642.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-11 06:43:18 # local_time=2015-06-11 08:43:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=41217 Update Finalize Updated modules version: 24278 Update Init Update Download Update Finalize Updated modules version: 24287 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-06-11 06:44:30 # local_time=2015-06-11 08:44:30 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24287 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-11 11:29:08 # local_time=2015-06-12 01:29:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 2561857 57052942 0 0 # scanned=490235 # found=2 # cleaned=2 # scan_time=17077 sh=012CB3E628C9FAC1159A4BA01F79C6C905757FF9 ft=1 fh=2ab5bfb1b985039b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\ccsetup506.exe" sh=9C57C3F2698DACABA1F7DC6EE4E74079B404D1AB ft=1 fh=00a0b7b1eb8d5611 vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\cdbxp_setup_4.5.5.5642.exe" ESETSmartInstaller@High as downloader log: Can not open internet# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-23 03:46:16 # local_time=2015-06-23 05:46:16 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-23 03:49:15 # local_time=2015-06-23 05:49:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24464 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-06-23 03:53:16 # local_time=2015-06-23 05:53:16 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24464 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-23 05:12:00 # local_time=2015-06-23 07:12:00 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 3576029 58067114 0 0 # scanned=143167 # found=0 # cleaned=0 # scan_time=4723 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-28 01:21:28 # local_time=2015-06-28 03:21:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24542 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-06-28 01:22:49 # local_time=2015-06-28 03:22:49 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24542 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-28 03:16:59 # local_time=2015-06-28 05:16:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 4001128 58492213 0 0 # scanned=254356 # found=2 # cleaned=0 # scan_time=6850 sh=4E5E8B54DDA603D7E83F3EDE2BCDD8064D4EDF22 ft=1 fh=895bb0fee970ac49 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Privat\AppData\Local\Temp\DMR\dmr_72.exe" sh=C461922E82C7D058F5CF6EC1E77EF38D637330B4 ft=1 fh=3a02e1ae8ff2f3b2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Privat\Downloads\Color\pkColorPicker - CHIP-Installer.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-28 03:26:32 # local_time=2015-06-28 05:26:32 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 24542 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-06-28 03:26:50 # local_time=2015-06-28 05:26:50 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24542 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-28 06:11:15 # local_time=2015-06-28 08:11:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 4011584 58502669 0 0 # scanned=367754 # found=2 # cleaned=0 # scan_time=9864 sh=4E5E8B54DDA603D7E83F3EDE2BCDD8064D4EDF22 ft=1 fh=895bb0fee970ac49 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Privat\AppData\Local\Temp\DMR\dmr_72.exe" sh=C461922E82C7D058F5CF6EC1E77EF38D637330B4 ft=1 fh=3a02e1ae8ff2f3b2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Privat\Downloads\Color\pkColorPicker - CHIP-Installer.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-06-28 06:12:15 # local_time=2015-06-28 08:12:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 24542 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-06-28 06:12:33 # local_time=2015-06-28 08:12:33 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24542 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-06-28 08:45:35 # local_time=2015-06-28 10:45:35 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 4020844 58511929 0 0 # scanned=494463 # found=2 # cleaned=2 # scan_time=9181 sh=4E5E8B54DDA603D7E83F3EDE2BCDD8064D4EDF22 ft=1 fh=895bb0fee970ac49 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\AppData\Local\Temp\DMR\dmr_72.exe" sh=C461922E82C7D058F5CF6EC1E77EF38D637330B4 ft=1 fh=3a02e1ae8ff2f3b2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\Color\pkColorPicker - CHIP-Installer.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-07-05 02:18:01 # local_time=2015-07-05 04:18:01 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24650 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-07-05 02:20:39 # local_time=2015-07-05 04:20:39 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24650 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-07-05 06:38:11 # local_time=2015-07-05 08:38:11 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 4618000 59109085 0 0 # scanned=496970 # found=1 # cleaned=1 # scan_time=15450 sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\ccsetup507.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-07-17 04:42:44 # local_time=2015-07-17 06:42:44 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24842 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-07-17 04:44:45 # local_time=2015-07-17 06:44:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=24842 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-07-17 07:03:22 # local_time=2015-07-17 09:03:22 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 5613111 60104196 0 0 # scanned=160315 # found=0 # cleaned=0 # scan_time=8316 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-07-30 03:00:04 # local_time=2015-07-30 05:00:04 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=45315 Update Finalize Updated modules version: 24842 Update Init Update Download Update Finalize Updated modules version: 25052 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-07-30 03:03:28 # local_time=2015-07-30 05:03:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=25052 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-07-30 08:40:08 # local_time=2015-07-30 10:40:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 6785317 61276402 0 0 # scanned=485323 # found=4 # cleaned=4 # scan_time=20200 sh=FF6FD97BCC603890C9BDFFEBE992A8B95D4F2686 ft=1 fh=6c2a9be43d49c952 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\AppData\Local\Temp\DMR\dmr_72.exe" sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\ccsetup508.exe" sh=2AE74357809E81E6B33D841743591A954486128E ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\Loki-master\signatures\thor-webshells.yar" sh=66B31A0B955E1948B7162E278D6CDF38EDBE4C41 ft=1 fh=1b7d157814ea15d7 vn="Variante von Win32/OpenCandy.C potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\Youtube Downloader\youtube_downloader_hd_setup.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-08-05 08:03:59 # local_time=2015-08-05 10:03:59 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25142 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-08-05 08:06:41 # local_time=2015-08-05 10:06:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=25142 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-08-06 11:29:09 # local_time=2015-08-06 01:29:09 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 7357058 61848143 0 0 # scanned=421923 # found=0 # cleaned=0 # scan_time=55347 ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-08-22 02:14:55 # local_time=2015-08-22 04:14:55 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25400 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-08-22 02:16:56 # local_time=2015-08-22 04:16:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-08-22 06:34:08 # local_time=2015-08-22 08:34:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25403 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-08-22 06:34:45 # local_time=2015-08-22 08:34:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=25403 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-08-22 10:02:21 # local_time=2015-08-23 12:02:21 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 465345 63264935 0 0 # scanned=449051 # found=0 # cleaned=0 # scan_time=12455 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-08-29 10:07:46 # local_time=2015-08-29 12:07:46 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25505 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-08-29 10:22:50 # local_time=2015-08-29 12:22:50 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=25505 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-08-30 04:39:50 # local_time=2015-08-30 06:39:50 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1093994 63893584 0 0 # scanned=450122 # found=1 # cleaned=1 # scan_time=65820 sh=6F77F2137756740F4E632BDD7FDAE582929CB411 ft=1 fh=cd73fc9df274ad5b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-1269753938-3578349479-3780603664-1004\$R046C6O.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-09-05 05:14:00 # local_time=2015-09-05 07:14:00 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25619 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-09-05 05:15:57 # local_time=2015-09-05 07:15:57 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=25619 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-09-05 10:02:09 # local_time=2015-09-06 12:02:09 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 1674933 64474523 0 0 # scanned=439128 # found=0 # cleaned=0 # scan_time=17172 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-09-26 08:14:30 # local_time=2015-09-26 10:14:30 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25952 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-09-26 08:17:21 # local_time=2015-09-26 10:17:21 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=25952 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-09-26 10:51:08 # local_time=2015-09-26 12:51:08 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 3449072 66248662 0 0 # scanned=444796 # found=1 # cleaned=1 # scan_time=9226 sh=2CF9F87AA2EA689D9B9F5CCED4C51B2595C19027 ft=1 fh=4b16eff5bfe216f3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\ccsetup510.exe" # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-10-13 07:39:10 # local_time=2015-10-13 09:39:10 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 26219 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-10-13 07:41:46 # local_time=2015-10-13 09:41:46 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=26219 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-10-13 07:41:52 # local_time=2015-10-13 09:41:52 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 4949716 67749306 0 0 # scanned=53 # found=0 # cleaned=0 # scan_time=5 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-10-19 04:56:42 # local_time=2015-10-19 06:56:42 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 26297 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-10-19 04:57:38 # local_time=2015-10-19 06:57:38 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=26297 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-10-19 11:43:48 # local_time=2015-10-19 01:43:48 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 5439432 68239022 0 0 # scanned=268869 # found=0 # cleaned=0 # scan_time=24369 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-11-07 07:27:07 # local_time=2015-11-07 08:27:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 26617 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-11-07 07:29:13 # local_time=2015-11-07 08:29:13 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=26617 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-11-08 02:36:52 # local_time=2015-11-08 03:36:52 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 7177816 69977406 0 0 # scanned=446873 # found=0 # cleaned=0 # scan_time=68859 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-11-20 02:38:07 # local_time=2015-11-20 03:38:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 26812 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-11-20 02:40:15 # local_time=2015-11-20 03:40:15 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=26812 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-11-20 05:30:55 # local_time=2015-11-20 06:30:55 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 8225059 71024649 0 0 # scanned=322595 # found=1 # cleaned=0 # scan_time=10239 sh=9FDF1BAB66B53B00EA2CBE8A6FFCD960008E75D9 ft=1 fh=c4508c954e6e6ae1 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Privat\Downloads\cdbxp_setup_4.5.6.5931.exe" # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-11-24 01:25:49 # local_time=2015-11-24 02:25:49 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 26872 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-11-24 01:26:26 # local_time=2015-11-24 02:26:26 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=26872 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-11-24 01:34:18 # local_time=2015-11-24 02:34:18 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 8556462 71356052 0 0 # scanned=21127 # found=0 # cleaned=0 # scan_time=471 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-11-24 01:49:03 # local_time=2015-11-24 02:49:03 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 26872 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-11-24 01:49:33 # local_time=2015-11-24 02:49:33 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=26872 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-11-24 05:27:02 # local_time=2015-11-24 06:27:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 8570426 71370016 0 0 # scanned=406849 # found=8 # cleaned=8 # scan_time=13048 sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir" sh=48AE3824B3A8C6E707E34441109CF212114C7FBB ft=1 fh=b4d97fc719b685e8 vn="Variante von Win32/Amonetize.LM evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Program Files\DAEMON Tools Lite\Extractor.exe" sh=1B057302AB8262E193D1D28BB2ABE0577512BA1E ft=1 fh=8bbf5147aca97654 vn="Variante von Win32/InstallCore.ADQ.gen evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\AppData\Local\Temp\Temp1_simconrecoverfull.exe_installer.zip\simconrecoverfull.exe" sh=9FDF1BAB66B53B00EA2CBE8A6FFCD960008E75D9 ft=1 fh=c4508c954e6e6ae1 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\cdbxp_setup_4.5.6.5931(1).exe" sh=9FDF1BAB66B53B00EA2CBE8A6FFCD960008E75D9 ft=1 fh=c4508c954e6e6ae1 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\cdbxp_setup_4.5.6.5931.exe" sh=A46DF78C09D2714F355BB9263FDB0595AF41D91A ft=1 fh=cb0bc9d63a82fde6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\IrfanView Plug ins - CHIP-Installer.exe" sh=5B189555C663407C8DA7930EF070CE16C9B20CE1 ft=1 fh=033ec78b6d86e1cf vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Privat\Downloads\CCleaner\ccsetup512.exe" sh=824D27FA6BFEAAC783B0F1281163CEE3C986DAB3 ft=1 fh=b44dbfe8753433e2 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\R\Downloads\Setup_WinThruster_2015.exe" ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internet# product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-11-27 11:55:47 # local_time=2015-11-28 12:55:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=45315 Update Finalize Updated modules version: 26872 Update Init Update Download Update Finalize Updated modules version: 26940 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-11-27 11:57:46 # local_time=2015-11-28 12:57:46 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=26940 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-11-28 02:17:26 # local_time=2015-11-28 03:17:26 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 8861450 71661040 0 0 # scanned=407485 # found=0 # cleaned=0 # scan_time=8379 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-12-06 09:05:31 # local_time=2015-12-06 10:05:31 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27071 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-12-06 09:06:41 # local_time=2015-12-06 10:06:41 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=27071 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-12-07 12:23:10 # local_time=2015-12-07 01:23:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 9632194 72431784 0 0 # scanned=408051 # found=1 # cleaned=1 # scan_time=11788 sh=A542B94C7286009E09CF4707DBC9E1B00ACF4B77 ft=1 fh=f3e8f5faf657ebd7 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Administrator.Reiner-PC\AppData\LocalLow\Sun\Java\jre1.7.0_17\java_sp.dll" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-12-12 06:49:25 # local_time=2015-12-12 07:49:25 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 27167 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-12-12 06:50:18 # local_time=2015-12-12 07:50:18 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=27167 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-12-12 09:31:05 # local_time=2015-12-12 10:31:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 10140269 72939859 0 0 # scanned=411049 # found=5 # cleaned=2 # scan_time=9646 sh=33E0D777C45A9EF4F15BEDF50F7E6EFD21C5BD33 ft=1 fh=ef5138f1cb8ef343 vn="Variante von MSIL/HackKMS.G potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Documents and Settings\R\Eigene Dateien\MS Office 2010\Toolkit and EZ-Activator\Toolkit and EZ-Activator V 2.3\Microsoft Toolkit.exe" sh=33E0D777C45A9EF4F15BEDF50F7E6EFD21C5BD33 ft=1 fh=ef5138f1cb8ef343 vn="Variante von MSIL/HackKMS.G potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\R\Documents\MS Office 2010\Toolkit and EZ-Activator\Toolkit and EZ-Activator V 2.3\Microsoft Toolkit.exe" sh=33E0D777C45A9EF4F15BEDF50F7E6EFD21C5BD33 ft=1 fh=ef5138f1cb8ef343 vn="Variante von MSIL/HackKMS.G potenziell unsichere Anwendung" ac=I fn="C:\Windows.old\Users\R\Eigene Dateien\MS Office 2010\Toolkit and EZ-Activator\Toolkit and EZ-Activator V 2.3\Microsoft Toolkit.exe" sh=33E0D777C45A9EF4F15BEDF50F7E6EFD21C5BD33 ft=1 fh=ef5138f1cb8ef343 vn="Variante von MSIL/HackKMS.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows.old\Documents and Settings\R\Documents\MS Office 2010\Toolkit and EZ-Activator\Toolkit and EZ-Activator V 2.3\Microsoft Toolkit.exe" sh=4AF3CC489AA8A956F4637393180577AF3A98E3C3 ft=1 fh=df2bde388c59e3fc vn="Variante von MSIL/HackKMS.G potenziell unsichere Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="E:\Ausbildungen\Weiterbildungsträger\MS Office 2010\Office 2010 Toolkit\Office 2010 Toolkit.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=init # utc_time=2015-12-16 09:14:27 # local_time=2015-12-16 10:14:27 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=45315 Update Finalize Updated modules version: 27167 Update Init Update Download Update Finalize Updated modules version: 27218 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # end=updated # utc_time=2015-12-16 09:16:00 # local_time=2015-12-16 10:16:00 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=7e64bd2e39ebf34d9531abde422cc958 # engine=27218 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-12-16 11:28:23 # local_time=2015-12-16 12:28:23 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 10449707 73249297 0 0 # scanned=410747 # found=0 # cleaned=0 # scan_time=7942 Code:
ATTFilter Results of screen317's Security Check version 1.013 --- 11/28/15 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Java version 32-bit out of Date! Adobe Flash Player 19.0.0.245 Mozilla Firefox (43.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Privat AppData Roaming AVAST Software\Browser Cleanup\BCUSched.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-12-2015 01 durchgeführt von R (Administrator) auf R-PC-SAM (16-12-2015 12:55:43) Gestartet von C:\Users\Privat\Downloads\FRST Geladene Profile: R & Privat (Verfügbare Profile: R & Coach & Privat) Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVAST Software) C:\Users\Privat\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Users\Privat\Downloads\SecurityCheck\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] () HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\...\MountPoints2: {fab08242-f2ed-11e4-992c-002454164d61} - G:\start.exe ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{577C61D7-1B72-41BF-A1D7-2A177E50DDC8}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{97B1E5B2-DDE4-4846-98AF-3ED3951786B1}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://zeus.daa.de/ SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-10-30] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Berlin) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\677lsznv.default-1448105328320 FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-16] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1269753938-3578349479-3780603664-1004: @Citrix.com/npican -> C:\Users\Privat\AppData\Local\Citrix\ICA Client\npicaN.dll [2015-06-24] (Citrix Systems, Inc.) FF Plugin HKU\S-1-5-21-1269753938-3578349479-3780603664-1004: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Privat\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP) ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd) S3 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-06-02] (SurfRight B.V.) S4 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2480640 2014-05-27] () [Datei ist nicht signiert] S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S4 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-20] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2015-11-20] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-05-09] (Acronis International GmbH) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-06-02] () R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2015-05-05] (Paragon Software Group) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2015-05-23] (Realtek Semiconductor Corporation ) R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-07-26] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-26] (Acronis International GmbH) R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102576 2015-07-24] () R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25904 2015-07-24] () R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701232 2015-07-24] () R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2015-05-16] (Vimicro Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-16 10:06 - 2015-12-16 10:06 - 00000000 ____D C:\Users\Privat\AppData\Local\Disc_Soft_Ltd 2015-12-16 10:05 - 2015-12-16 10:05 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images 2015-12-16 09:54 - 2015-12-16 09:54 - 09662424 _____ (TeamViewer GmbH) C:\Users\R\Downloads\TeamViewer_Setup_de-lng.exe 2015-12-16 08:14 - 2015-12-16 10:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-14 12:37 - 2015-12-14 12:37 - 00102615 _____ C:\Users\Privat\AppData\Local\recently-used.xbel 2015-12-12 10:36 - 2015-12-12 10:39 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1.tmp 2015-12-10 12:14 - 2015-12-10 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2015-12-09 20:36 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 20:36 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 20:36 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 20:36 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 20:36 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 20:36 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 20:36 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 20:36 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 20:36 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 20:36 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 20:36 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 20:36 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 20:36 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 20:36 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 20:36 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 20:36 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 20:36 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 20:36 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 20:36 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 20:36 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-09 20:36 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-09 20:36 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-09 20:36 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 20:36 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 20:36 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 20:36 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-09 20:36 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 20:36 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 20:36 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 20:36 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-09 20:36 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 20:36 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-09 20:36 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 20:36 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-09 20:36 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 20:36 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 20:36 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 20:36 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-09 20:36 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 20:36 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 20:36 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 20:36 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 20:36 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 20:36 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 20:36 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 20:36 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 20:36 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 20:36 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 20:36 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 20:36 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 20:36 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 20:36 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 20:36 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 20:36 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 20:36 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 20:36 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 20:36 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 20:36 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 20:36 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 20:36 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 20:36 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 20:36 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 20:36 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-09 20:36 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 20:36 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-09 20:36 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 20:36 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 20:36 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-09 20:35 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 20:35 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 20:35 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 20:35 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 20:35 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 20:35 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 20:35 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 20:35 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 20:35 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 20:35 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 20:35 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 20:35 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 20:35 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 20:35 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 20:35 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-09 20:18 - 2015-12-09 20:18 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity 2015-12-09 20:17 - 2015-12-09 20:18 - 00000000 ____D C:\Users\Privat\Downloads\lame3.99.3 2015-12-06 22:07 - 2015-12-06 22:07 - 00000947 _____ C:\Users\Privat\Desktop\SecurityCheck.exe - Verknüpfung.lnk 2015-12-06 22:06 - 2015-12-06 22:07 - 00000000 ____D C:\Users\Privat\Downloads\SecurityCheck 2015-12-04 20:54 - 2015-12-04 20:54 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-12-04 20:54 - 2015-12-04 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-04 18:34 - 2015-12-04 18:34 - 00001306 _____ C:\Users\Privat\Downloads\boxcert.cer 2015-12-03 21:37 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-03 21:37 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-03 21:37 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-03 21:37 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-03 21:37 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-03 21:37 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-03 21:37 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-03 21:37 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-03 21:37 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-03 21:37 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-03 21:37 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-03 21:37 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-03 21:37 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-03 21:37 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-03 21:37 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-03 21:37 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-03 21:09 - 2015-12-03 21:09 - 00000000 ____D C:\Users\Privat\Downloads\Portable Update 2015-12-03 10:27 - 2015-12-03 10:28 - 00000000 ____D C:\Users\Privat\Downloads\Recuva portable 2015-12-02 09:09 - 2015-12-16 09:56 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2015-12-02 07:05 - 2015-12-02 07:05 - 00000609 _____ C:\Users\R\Desktop\JRT.txt 2015-12-02 06:58 - 2015-12-02 06:58 - 00001735 _____ C:\Users\Privat\Desktop\JRT.exe - Verknüpfung.lnk 2015-12-02 06:50 - 2015-12-02 06:51 - 00001194 _____ C:\Users\Privat\Desktop\mbam.txt 2015-11-29 13:26 - 2015-11-29 13:26 - 00030948 _____ C:\ComboFix.txt 2015-11-29 13:08 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-29 13:08 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-29 13:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-29 13:08 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-29 13:07 - 2015-11-29 13:26 - 00000000 ____D C:\Qoobox 2015-11-29 13:07 - 2015-11-29 13:23 - 00000000 ____D C:\Windows\erdnt 2015-11-29 13:05 - 2015-11-29 13:05 - 00000000 ____D C:\Users\Privat\Downloads\ComboFix 2015-11-29 13:04 - 2015-11-29 13:04 - 05639804 _____ (Swearware) C:\Users\Privat\Downloads\ComboFix.exe 2015-11-28 11:11 - 2015-11-28 11:13 - 00000004 _____ C:\Windows\CSCCompactState 2015-11-28 10:56 - 2015-12-16 09:46 - 00000000 ____D C:\Users\R\Documents\Meine FileHippo-Downloads 2015-11-28 10:47 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-11-28 10:47 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-11-28 10:47 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-11-28 10:47 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-11-28 10:47 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-11-28 10:47 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-11-28 10:47 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-11-28 10:47 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2015-11-28 10:47 - 2015-10-08 20:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls 2015-11-28 10:47 - 2015-10-08 19:52 - 00419928 _____ C:\Windows\system32\locale.nls 2015-11-27 04:49 - 2015-11-27 04:53 - 00214200 _____ C:\TDSSKiller.3.1.0.6_27.11.2015_04.49.35_log.txt 2015-11-27 04:39 - 2015-11-27 04:47 - 00213608 _____ C:\TDSSKiller.3.1.0.6_27.11.2015_04.39.37_log.txt 2015-11-27 04:37 - 2015-11-27 04:38 - 00000000 ____D C:\Users\Privat\Downloads\TDSSKiller 2015-11-27 01:19 - 2015-11-27 04:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-11-27 01:16 - 2015-11-27 01:17 - 00000000 ____D C:\Users\Privat\Downloads\Malwarebyte Anti-Rootkit 2015-11-25 18:07 - 2015-11-25 18:07 - 00000000 ____D C:\Users\Privat\Downloads\Gmer 2015-11-25 18:00 - 2015-11-25 18:00 - 00000000 _____ C:\Users\R\defogger_reenable 2015-11-25 17:59 - 2015-11-25 23:08 - 00000000 ____D C:\Users\Privat\Downloads\Defogger 2015-11-24 14:58 - 2015-11-24 14:58 - 00000000 ____D C:\Users\Privat\Downloads\QuizPro 2015-11-24 14:22 - 2015-11-24 14:22 - 00223505 _____ C:\Users\R\Downloads\Setup.exe 2015-11-24 14:21 - 2015-11-24 14:57 - 00000000 ____D C:\Users\Privat\Downloads\SIMcon 2015-11-24 08:46 - 2015-12-16 08:15 - 00000000 ____D C:\Users\Privat\Documents\Meine FileHippo-Downloads 2015-11-23 14:12 - 2015-11-23 14:12 - 00001138 _____ C:\Users\Privat\Desktop\MediathekView.lnk 2015-11-23 06:41 - 2015-11-23 06:41 - 00002022 _____ C:\Users\R\Desktop\FileHippo App Manager.lnk 2015-11-23 06:40 - 2015-11-23 06:40 - 00000000 ____D C:\Users\Privat\Downloads\FileHippo 2015-11-22 09:51 - 2015-11-22 09:52 - 00000000 ____D C:\TEMP 2015-11-21 12:59 - 2015-11-21 13:01 - 00000000 ____D C:\Users\R\.gimp-2.8 2015-11-21 12:59 - 2015-11-21 12:59 - 00000000 ____D C:\Users\R\AppData\Local\gegl-0.2 2015-11-21 12:59 - 2015-11-21 12:59 - 00000000 ____D C:\Users\R\AppData\Local\fontconfig 2015-11-21 12:32 - 2015-11-21 12:32 - 00001852 _____ C:\Users\Public\Desktop\IrfanView 64 Thumbnails.lnk 2015-11-21 12:32 - 2015-11-21 12:32 - 00000982 _____ C:\Users\Public\Desktop\IrfanView 64.lnk 2015-11-21 12:32 - 2015-11-21 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2015-11-21 12:32 - 2015-11-21 12:32 - 00000000 ____D C:\Program Files\IrfanView 2015-11-21 12:30 - 2015-11-23 08:10 - 00002192 _____ C:\Windows\system32\ASOROSet.bin 2015-11-21 12:30 - 2015-11-21 12:30 - 00000000 ____D C:\Windows\system32\config\RCCBakup 2015-11-21 12:28 - 2015-11-21 12:28 - 00000000 ____D C:\Users\R\Desktop\Alte Firefox-Daten 2015-11-21 11:27 - 2015-11-21 13:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\IrfanView 2015-11-21 09:44 - 2015-11-21 12:32 - 00000000 ____D C:\Users\R\AppData\Roaming\IrfanView 2015-11-21 09:42 - 2015-11-21 11:54 - 00000000 ____D C:\Users\Privat\Downloads\IrfanView 2015-11-20 17:31 - 2015-11-20 17:31 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2015-11-20 16:54 - 2015-11-20 16:54 - 00047160 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys 2015-11-20 16:53 - 2015-11-24 18:25 - 00000000 ____D C:\Program Files\DAEMON Tools Lite 2015-11-20 16:53 - 2015-11-20 16:53 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys 2015-11-20 11:42 - 2015-11-20 11:42 - 00089600 _____ (UltraDefrag Development Team) C:\Windows\system32\udefrag.exe 2015-11-20 11:42 - 2015-11-20 11:42 - 00013312 _____ (UltraDefrag Development Team) C:\Windows\system32\hibernate4win.exe 2015-11-20 11:42 - 2015-11-20 11:42 - 00012288 _____ (UltraDefrag Development Team) C:\Windows\system32\bootexctrl.exe 2015-11-20 11:41 - 2015-11-20 11:41 - 00394752 _____ (UltraDefrag Development Team) C:\Windows\system32\defrag_native.exe 2015-11-20 11:41 - 2015-11-20 11:41 - 00132608 _____ C:\Windows\system32\lua5.1a.dll 2015-11-20 11:41 - 2015-11-20 11:41 - 00055808 _____ (UltraDefrag Development Team) C:\Windows\system32\udefrag.dll 2015-11-20 11:41 - 2015-11-20 11:41 - 00033792 _____ (UltraDefrag Development Team) C:\Windows\system32\wgx.dll 2015-11-20 11:40 - 2015-11-20 11:40 - 00337920 _____ (UltraDefrag Development Team) C:\Windows\system32\zenwinx.dll 2015-11-17 06:44 - 2015-11-17 08:25 - 00014217 _____ C:\Users\Privat\Documents\Fritzbox.xlsx ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-16 12:55 - 2015-05-03 18:43 - 00000000 ____D C:\Users\Privat\Downloads\FRST 2015-12-16 12:55 - 2015-03-28 08:26 - 00000000 ____D C:\FRST 2015-12-16 12:54 - 2015-05-03 19:39 - 00000000 ____D C:\Windows\CryptoGuard 2015-12-16 12:50 - 2015-05-23 19:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-16 12:15 - 2015-06-28 13:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-16 10:10 - 2009-07-14 05:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-16 10:10 - 2009-07-14 05:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-16 10:07 - 2009-07-14 18:58 - 00699342 _____ C:\Windows\system32\perfh007.dat 2015-12-16 10:07 - 2009-07-14 18:58 - 00149450 _____ C:\Windows\system32\perfc007.dat 2015-12-16 10:07 - 2009-07-14 06:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-16 10:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-16 10:02 - 2015-05-23 19:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-16 10:01 - 2015-05-03 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-16 10:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-16 10:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-16 09:56 - 2015-05-07 06:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-12-16 09:48 - 2015-06-23 20:54 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype 2015-12-16 09:47 - 2015-05-07 06:51 - 00000000 ____D C:\Users\R\AppData\Roaming\TeamViewer 2015-12-16 09:45 - 2015-05-08 18:41 - 00000000 ____D C:\ProgramData\Skype 2015-12-16 09:43 - 2015-05-03 20:14 - 00000000 ____D C:\Users\Privat\Documents\Outlook-Dateien 2015-12-16 08:16 - 2015-05-08 18:42 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Skype 2015-12-16 08:11 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\Birkenring 40 2015-12-16 08:00 - 2015-05-03 18:01 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{188137A1-1E81-4F3A-8688-E6E423B81A2B} 2015-12-15 18:59 - 2015-05-03 20:24 - 00000000 ____D C:\Users\Privat\Documents\T-Mobile 2015-12-15 15:14 - 2015-05-03 20:19 - 00000000 ____D C:\Users\Privat\Documents\samsung 2015-12-14 12:37 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.gimp-2.8 2015-12-14 12:36 - 2015-05-03 18:25 - 00000000 ____D C:\Users\Privat\AppData\Local\gtk-2.0 2015-12-14 08:54 - 2015-05-03 20:25 - 00000000 ____D C:\Users\Privat\Documents\Trauerrede 2015-12-13 08:54 - 2015-05-03 15:27 - 00000000 ____D C:\Users\R 2015-12-12 15:50 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.mediathek3 2015-12-12 12:21 - 2015-09-06 09:15 - 00000000 ____D C:\Users\R\AppData\Roaming\Notepad++ 2015-12-12 12:20 - 2015-10-09 16:29 - 00000930 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk 2015-12-12 12:20 - 2015-10-09 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-12-12 12:20 - 2015-10-09 16:29 - 00000000 ____D C:\Program Files\Calibre2 2015-12-12 11:21 - 2015-05-03 18:41 - 00000000 ____D C:\Users\Privat\Downloads\AdwCleaner 2015-12-12 11:21 - 2014-12-22 04:01 - 00000000 ____D C:\AdwCleaner 2015-12-12 10:43 - 2015-05-03 18:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\KlimaLoggPro 2015-12-12 10:39 - 2015-05-14 11:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1 2015-12-11 15:44 - 2015-07-17 12:02 - 00000000 ____D C:\Users\Privat\Downloads\Stiftung Warentest 2015-12-11 09:16 - 2015-05-03 18:28 - 00000000 ___RD C:\Users\Privat\Desktop\Admi 2015-12-10 17:23 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Audacity 2015-12-10 12:14 - 2015-05-09 11:24 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2015-12-10 12:14 - 2015-05-09 11:24 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer 2015-12-10 10:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-12-10 09:50 - 2009-07-14 05:45 - 00537080 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-10 09:48 - 2015-09-29 18:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-10 09:48 - 2015-09-29 18:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-10 09:30 - 2015-05-03 21:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-10 09:29 - 2015-09-29 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-10 09:25 - 2015-05-03 15:35 - 00000000 ____D C:\Windows\system32\MRT 2015-12-10 09:17 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\vlc 2015-12-10 09:17 - 2015-05-03 15:35 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 04:39 - 2015-05-03 15:35 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-12-04 20:54 - 2015-06-23 20:54 - 00000000 ____D C:\Users\R\AppData\Local\Skype 2015-12-04 20:54 - 2015-05-03 17:36 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2015-12-04 08:42 - 2015-07-21 12:53 - 00000000 ____D C:\Users\Privat\Downloads\Loki-master 2015-12-04 08:36 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\TeamViewer 2015-12-04 08:33 - 2015-08-10 01:23 - 00000000 ____D C:\Users\Privat\Downloads\MicrosoftFixIt 2015-12-03 17:49 - 2015-05-03 16:44 - 00156352 _____ C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-03 10:26 - 2015-05-03 17:40 - 00000000 ____D C:\Users\Privat 2015-12-02 16:46 - 2015-05-03 17:41 - 00156352 _____ C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-02 06:58 - 2015-07-23 11:16 - 00000000 ____D C:\Users\Privat\Downloads\Junkware Removal Tool 2015-12-02 06:45 - 2015-05-23 19:37 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-02 06:45 - 2015-05-23 19:37 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-02 06:43 - 2015-05-03 17:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-29 17:47 - 2015-05-03 18:20 - 00000000 ____D C:\Users\Privat\.thumbnails 2015-11-29 14:51 - 2015-07-28 08:13 - 00002127 _____ C:\Users\Public\Desktop\Smart Switch.lnk 2015-11-29 13:21 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini 2015-11-28 11:28 - 2015-05-03 18:29 - 00000000 ____D C:\Users\Privat\Documents\DAA GVM 2015-11-28 11:07 - 2015-05-03 14:59 - 00000000 ____D C:\Windows\Minidump 2015-11-28 11:05 - 2015-05-14 18:43 - 00007630 _____ C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-11-28 11:01 - 2015-05-03 16:18 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{40C5265C-6D46-4C88-9275-57E22DF0E601} 2015-11-28 10:09 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\MyPhoneExplorer 2015-11-25 22:27 - 2015-07-03 14:05 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-24 18:26 - 2015-05-03 18:42 - 00000000 ____D C:\Users\Privat\Downloads\CCleaner 2015-11-24 15:01 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\Microsoft Safety Scanner 2015-11-24 14:23 - 2015-07-26 17:13 - 00004238 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-1269753938-3578349479-3780603664-1004 2015-11-24 14:23 - 2015-07-26 17:13 - 00003300 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-1269753938-3578349479-3780603664-1004 2015-11-24 13:50 - 2015-05-03 18:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Mp3tag 2015-11-24 09:26 - 2015-05-03 20:25 - 00000000 ____D C:\Users\Privat\Documents\T-Online 2015-11-24 08:56 - 2015-05-04 09:41 - 00000000 ____D C:\Program Files\UltraDefrag 2015-11-24 08:55 - 2015-05-04 09:41 - 00000860 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk 2015-11-24 08:54 - 2015-05-03 18:52 - 00000000 ____D C:\Users\Privat\Downloads\UltraDefrag 2015-11-24 08:53 - 2015-05-03 19:23 - 00000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk 2015-11-23 14:12 - 2015-05-03 18:44 - 00000000 ____D C:\Users\Privat\Downloads\MediathekView 2015-11-23 08:10 - 2009-07-14 03:34 - 94633984 _____ C:\Windows\system32\config\software.bak 2015-11-23 08:10 - 2009-07-14 03:34 - 23068672 _____ C:\Windows\system32\config\system.bak 2015-11-23 08:10 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2015-11-23 06:57 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2015-11-23 06:41 - 2015-05-09 11:44 - 00002052 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk 2015-11-23 06:41 - 2015-05-09 11:44 - 00000000 ____D C:\Program Files (x86)\FileHippo.com 2015-11-22 18:46 - 2015-07-17 17:02 - 00000000 ____D C:\Users\Privat\MediathekView 2015-11-21 12:26 - 2015-05-03 15:28 - 00000000 ____D C:\Users\R\AppData\Local\VirtualStore 2015-11-21 12:04 - 2015-05-03 17:40 - 00000000 ____D C:\Users\Privat\AppData\Local\VirtualStore 2015-11-21 09:33 - 2015-05-03 18:25 - 00000000 ____D C:\Users\Privat\AppData\Local\JDownloader 2.0 2015-11-20 17:31 - 2015-08-30 10:49 - 00001159 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2015-11-20 17:31 - 2015-08-30 10:49 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2015-11-20 16:45 - 2015-05-03 18:43 - 00000000 ____D C:\Users\Privat\Downloads\Daemon Lite 2015-11-19 22:20 - 2015-05-03 18:42 - 00000000 ____D C:\Users\Privat\Downloads\Calibre 2015-11-16 06:41 - 2015-06-28 13:05 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-16 06:41 - 2015-05-12 07:54 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-16 06:41 - 2015-05-12 07:54 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-05-14 14:45 - 2015-05-14 14:45 - 0000036 _____ () C:\Users\R\AppData\Local\housecall.guid.cache 2015-05-14 18:43 - 2015-11-28 11:05 - 0007630 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg 2015-05-09 10:11 - 2015-05-09 10:11 - 0000043 ___SH () C:\ProgramData\.zreglib 2015-05-23 08:16 - 2015-05-23 08:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-05-14 11:14 - 2015-12-12 10:39 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1 2015-12-12 10:36 - 2015-12-12 10:39 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1.tmp 2015-05-07 11:33 - 2015-05-07 11:33 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 10:37 ==================== Ende von FRST.txt ============================ danke für die "Wartezeit". Aktuell habe ich keine Probleme mehr. Hoffe, dass die Logs das auch bestätigen. Danke und Gruß rk1757 |
Themen zu Windows X64 mit FakeAlert infiziert |
defender, desktop, device driver, dnsapi.dll, explorer, festplatte, firefox, flash player, google analytics, homepage, installation, logfile, monitor, mozilla, officejet, performance, prozesse, realtek, registry, rundll, security, software, system, trojan.fakealert, windows |