| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: extrem langsamer Rechner und zusätzlich auch noch Tohotweb..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.11.2015, 19:51
| #1 |
 |  extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Hallo, ich würde mich wahnsinnig freuen wenn mir jemand hier helfen könnte, ich kenne mich leider nicht aus und bin ziemlich ratlos. Zunächst einmal läuft mein Netbook (mit Windows 7) wirklich extrem langsam, so dass ich denke dass sich irgendetwas hier eingenistet hat. Ich nutze normalerweise Avast (Freeware-Version), nach dem Scannen bekomme ich aber immer die Meldung dass nichts gefunden wurde. Jetzt habe ich neuerdings auch noch das extrem nervige Tohotweb-Virus, daraufhin habe ich Malwarebytes (auch Freeware) und Trojan Remove installiert (Spyhunter hatte ich auch erst, da der aber ziemlich zwielichtig zu sein scheint habe ich ihn wieder deinstalliert.) Ich habe beide laufen lassen, danach den CCleaner, dann Neustart, das Mistviech ist aber immer noch da. In Firefox habe ich auch kein solches Add-On, ich weiß mir hier einfach nicht mehr zu helfen. Wie gesagt, es wäre toll wenn mir hier jemand Hilfestellung geben könnte.. herzlichen Dank! |
|
28.11.2015, 19:59
| #2 |
| /// TB-Ausbilder   | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Die Logdatei von MBAM mit den Funden posten bitte. Zur ersten Analyse bitte FRST und TDSS-Killer ausführen: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
28.11.2015, 20:27
| #3 |
| | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Vielen Dank!!
__________________Das ist TDSS-Killer: (die beiden Programme Idioma Connect und Web'n Walk kenne ich, die sollten eigentlich keine Threads sein) Code:
ATTFilter
20:17:56.0109 0x11a0 TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23
20:18:06.0305 0x11a0 ============================================================
20:18:06.0305 0x11a0 Current date / time: 2015/11/28 20:18:06.0305
20:18:06.0305 0x11a0 SystemInfo:
20:18:06.0306 0x11a0
20:18:06.0306 0x11a0 OS Version: 6.1.7601 ServicePack: 1.0
20:18:06.0306 0x11a0 Product type: Workstation
20:18:06.0307 0x11a0 ComputerName: SUSANNE-NETBOOK
20:18:06.0308 0x11a0 UserName: Susanne
20:18:06.0308 0x11a0 Windows directory: C:\Windows
20:18:06.0308 0x11a0 System windows directory: C:\Windows
20:18:06.0308 0x11a0 Processor architecture: Intel x86
20:18:06.0308 0x11a0 Number of processors: 2
20:18:06.0308 0x11a0 Page size: 0x1000
20:18:06.0308 0x11a0 Boot type: Normal boot
20:18:06.0308 0x11a0 ============================================================
20:18:10.0394 0x11a0 KLMD registered as C:\Windows\system32\drivers\12913162.sys
20:18:14.0381 0x11a0 System UUID: {48812214-B58D-2413-D4E4-F3A595F05658}
20:18:19.0570 0x11a0 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:18:19.0603 0x11a0 ============================================================
20:18:19.0603 0x11a0 \Device\Harddisk0\DR0:
20:18:19.0603 0x11a0 MBR partitions:
20:18:19.0603 0x11a0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1A00800, BlocksNum 0x800000
20:18:19.0603 0x11a0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
20:18:19.0630 0x11a0 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2233000, BlocksNum 0x1AF92000
20:18:19.0630 0x11a0 ============================================================
20:18:19.0786 0x11a0 C: <-> \Device\Harddisk0\DR0\Partition3
20:18:19.0803 0x11a0 D: <-> \Device\Harddisk0\DR0\Partition1
20:18:20.0012 0x11a0 ============================================================
20:18:20.0012 0x11a0 Initialize success
20:18:20.0012 0x11a0 ============================================================
20:19:07.0961 0x1558 ============================================================
20:19:07.0963 0x1558 Scan started
20:19:07.0963 0x1558 Mode: Manual;
20:19:07.0963 0x1558 ============================================================
20:19:07.0963 0x1558 KSN ping started
20:19:22.0717 0x1558 KSN ping finished: true
20:19:25.0113 0x1558 ================ Scan system memory ========================
20:19:25.0113 0x1558 Scan was interrupted by user!
20:19:26.0152 0x1558 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
20:19:26.0165 0x1558 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x40010 ( disabled )
20:19:26.0380 0x1558 Win FW state via NFP2: enabled ( trusted )
20:19:29.0479 0x1558 ============================================================
20:19:29.0479 0x1558 Scan finished
20:19:29.0480 0x1558 ============================================================
20:19:29.0513 0x15a8 Detected object count: 0
20:19:29.0513 0x15a8 Actual detected object count: 0
20:19:44.0116 0x12b4 ============================================================
20:19:44.0116 0x12b4 Scan started
20:19:44.0116 0x12b4 Mode: Manual; SigCheck; TDLFS;
20:19:44.0116 0x12b4 ============================================================
20:19:44.0116 0x12b4 KSN ping started
20:19:47.0093 0x12b4 KSN ping finished: true
20:19:48.0978 0x12b4 ================ Scan system memory ========================
20:19:48.0978 0x12b4 System memory - ok
20:19:48.0981 0x12b4 ================ Scan services =============================
20:19:49.0820 0x12b4 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:19:50.0648 0x12b4 1394ohci - ok
20:19:50.0759 0x12b4 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:19:50.0848 0x12b4 ACPI - ok
20:19:50.0917 0x12b4 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:19:51.0106 0x12b4 AcpiPmi - ok
20:19:51.0318 0x12b4 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:19:51.0408 0x12b4 AdobeARMservice - ok
20:19:51.0656 0x12b4 [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:19:51.0754 0x12b4 AdobeFlashPlayerUpdateSvc - ok
20:19:51.0872 0x12b4 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:19:51.0983 0x12b4 adp94xx - ok
20:19:52.0074 0x12b4 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:19:52.0172 0x12b4 adpahci - ok
20:19:52.0228 0x12b4 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:19:52.0287 0x12b4 adpu320 - ok
20:19:52.0355 0x12b4 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:19:52.0755 0x12b4 AeLookupSvc - ok
20:19:53.0112 0x12b4 [ 1151FD4FB0216CFED887BFDE29EBD516, 673C2B498744C7EB846F6BD4FDC852B0A9722377D75FD694F7F78E727ADF4563 ] AFD C:\Windows\system32\drivers\afd.sys
20:19:53.0805 0x12b4 AFD - ok
20:19:53.0866 0x12b4 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:19:53.0926 0x12b4 agp440 - ok
20:19:54.0002 0x12b4 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:19:54.0083 0x12b4 aic78xx - ok
20:19:54.0147 0x12b4 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
20:19:54.0561 0x12b4 ALG - ok
20:19:54.0627 0x12b4 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
20:19:54.0701 0x12b4 aliide - ok
20:19:54.0749 0x12b4 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:19:54.0800 0x12b4 amdagp - ok
20:19:54.0828 0x12b4 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
20:19:54.0889 0x12b4 amdide - ok
20:19:54.0938 0x12b4 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:19:55.0121 0x12b4 AmdK8 - ok
20:19:55.0165 0x12b4 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:19:55.0305 0x12b4 AmdPPM - ok
20:19:55.0392 0x12b4 [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:19:55.0447 0x12b4 amdsata - ok
20:19:55.0623 0x12b4 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:19:55.0691 0x12b4 amdsbs - ok
20:19:55.0758 0x12b4 [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:19:55.0819 0x12b4 amdxata - ok
20:19:55.0926 0x12b4 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
20:19:56.0160 0x12b4 AppID - ok
20:19:56.0270 0x12b4 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:19:56.0473 0x12b4 AppIDSvc - ok
20:19:56.0565 0x12b4 [ FB1959012294D6AD43E5304DF65E3C26, CFE906B07FF71A178CF9C254B056C6F5A303DDC511F0E4E1E75808F1D5326495 ] Appinfo C:\Windows\System32\appinfo.dll
20:19:56.0750 0x12b4 Appinfo - ok
20:19:57.0233 0x12b4 [ 2F2BD5EFFA8E91295F4DB493D85534B5, FF6758DC06751028960C9A165767EDAD78B2868599D1A01CAC8108E1699A92DE ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:19:57.0289 0x12b4 Apple Mobile Device - ok
20:19:57.0396 0x12b4 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
20:19:57.0462 0x12b4 arc - ok
20:19:57.0485 0x12b4 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:19:57.0553 0x12b4 arcsas - ok
20:19:57.0810 0x12b4 [ 2FE0D5DB69014980A970D3BF9A85D2B1, 3837F176B0CB7FEA2689D90B50B62F660FE579A5EB1E47C827DFA95596B72D1E ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:19:58.0045 0x12b4 aspnet_state - ok
20:19:58.0105 0x12b4 [ EFDEF61C488A193986D4672658E91532, B2E97542F7C608937005A2ABFA10F7FD8F3E8F1AB3FBE621772E41048BBDDDBE ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
20:19:58.0368 0x12b4 aswHwid - ok
20:19:58.0436 0x12b4 [ 91AAF4792987B43C0653D74516F092C8, DFFB5D0BA6537E2B6A45292B8A2B566F848D54A2FB54017711236E2D3BCBEBBE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
20:19:58.0497 0x12b4 aswMonFlt - ok
20:19:58.0586 0x12b4 [ 8C8FEC9F50898BB814BDFB5F5B2D566C, C72472C413550144E10A995A1CF28EB68519B147BD7AE6DF195512014083F9A8 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
20:19:58.0691 0x12b4 aswRdr - ok
20:19:58.0782 0x12b4 [ 2DB91CE80C367ACDD1331DE9B1E3EAEF, 7AF35FBA1DB6A44928A6DF554E9428C3E21191B376756718832FCD66F9F9D07C ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
20:19:58.0834 0x12b4 aswRvrt - ok
20:19:59.0065 0x12b4 [ 83DF5B3DE1C6527972946CDB328446F7, F4CA80903EE6FCB7E5A7B0E989692B6B5177CE03D3BFFE6A93D53C8B364EE833 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
20:19:59.0209 0x12b4 aswSnx - ok
20:19:59.0416 0x12b4 [ 16D269F0EF94DB61FAB6934DEED19C91, EAFCE70C0816EAEA6BB8F41A935AE5EDE389C6832FBD45413893DFC5458E5D3D ] aswSP C:\Windows\system32\drivers\aswSP.sys
20:19:59.0518 0x12b4 aswSP - ok
20:19:59.0567 0x12b4 [ A5F0A2EB182C8A137E2C43CB4109EC1E, 0A95F497FCB51CC1F36D740833FD4766A42C287A34A8E0FA9078F1533AD9D75E ] aswStm C:\Windows\system32\drivers\aswStm.sys
20:19:59.0627 0x12b4 aswStm - ok
20:19:59.0686 0x12b4 [ D45875D018F9FB9BF19B976AD8791DE9, 9AA70417A9AAFF5515C6B1FFADD563FBDC0BC62AA0B9FDA8A771E67203C12270 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
20:19:59.0795 0x12b4 aswVmm - ok
20:19:59.0833 0x12b4 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:20:00.0463 0x12b4 AsyncMac - ok
20:20:00.0565 0x12b4 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
20:20:00.0619 0x12b4 atapi - ok
20:20:00.0729 0x12b4 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:20:00.0956 0x12b4 AudioEndpointBuilder - ok
20:20:01.0186 0x12b4 [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:20:01.0384 0x12b4 Audiosrv - ok
20:20:01.0837 0x12b4 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:20:02.0000 0x12b4 avast! Antivirus - ok
20:20:02.0065 0x12b4 AvastVBoxSvc - ok
20:20:02.0162 0x12b4 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:20:02.0377 0x12b4 AxInstSV - ok
20:20:02.0534 0x12b4 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
20:20:02.0750 0x12b4 b06bdrv - ok
20:20:02.0920 0x12b4 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:20:03.0037 0x12b4 b57nd60x - ok
20:20:03.0260 0x12b4 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
20:20:03.0583 0x12b4 BDESVC - ok
20:20:03.0674 0x12b4 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
20:20:03.0869 0x12b4 Beep - ok
20:20:04.0010 0x12b4 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
20:20:04.0202 0x12b4 BFE - ok
20:20:04.0387 0x12b4 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
20:20:04.0670 0x12b4 BITS - ok
20:20:04.0704 0x12b4 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:20:04.0831 0x12b4 blbdrive - ok
20:20:05.0010 0x12b4 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:20:05.0095 0x12b4 Bonjour Service - ok
20:20:05.0143 0x12b4 [ FCAFAEF6798D7B51FF029F99A9898961, BFB37686B1386EB883B99DB6AC342C20514939F8B7A5CEC5D63865B3DC2B4D4F ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:20:05.0336 0x12b4 bowser - ok
20:20:05.0373 0x12b4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:20:05.0525 0x12b4 BrFiltLo - ok
20:20:05.0566 0x12b4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:20:05.0705 0x12b4 BrFiltUp - ok
20:20:05.0785 0x12b4 [ 6E11F33D14D020F58D5E02E4D67DFA19, 9563E4E8CE769B7619745F6F6DE618389A1595785023BF1F295AD8301B27F0AF ] Browser C:\Windows\System32\browser.dll
20:20:05.0996 0x12b4 Browser - ok
20:20:06.0127 0x12b4 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:20:06.0306 0x12b4 Brserid - ok
20:20:06.0368 0x12b4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:20:06.0479 0x12b4 BrSerWdm - ok
20:20:06.0544 0x12b4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:20:06.0669 0x12b4 BrUsbMdm - ok
20:20:06.0710 0x12b4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:20:06.0868 0x12b4 BrUsbSer - ok
20:20:06.0890 0x12b4 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:20:07.0031 0x12b4 BTHMODEM - ok
20:20:07.0125 0x12b4 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
20:20:07.0284 0x12b4 bthserv - ok
20:20:07.0348 0x12b4 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:20:07.0549 0x12b4 cdfs - ok
20:20:07.0623 0x12b4 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:20:07.0777 0x12b4 cdrom - ok
20:20:07.0856 0x12b4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
20:20:08.0049 0x12b4 CertPropSvc - ok
20:20:08.0098 0x12b4 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
20:20:08.0238 0x12b4 circlass - ok
20:20:08.0340 0x12b4 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
20:20:08.0420 0x12b4 CLFS - ok
20:20:08.0492 0x12b4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:20:08.0553 0x12b4 clr_optimization_v2.0.50727_32 - ok
20:20:08.0622 0x12b4 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:20:08.0790 0x12b4 clr_optimization_v4.0.30319_32 - ok
20:20:08.0845 0x12b4 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:20:08.0973 0x12b4 CmBatt - ok
20:20:09.0035 0x12b4 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:20:09.0086 0x12b4 cmdide - ok
20:20:09.0406 0x12b4 [ 1B675691ED940766149C93E8F4488D68, A55C41B2B343B1CF53D737ED1752D0510052094FFC60FDB833279A8A52398132 ] CNG C:\Windows\system32\Drivers\cng.sys
20:20:09.0563 0x12b4 CNG - ok
20:20:09.0685 0x12b4 [ 75BD74F332B287B284DA86AC8B6891D0, 91CED848CC45B55FD78FBDBE06E3E9785FBCE49542363A243A48B66B9B71393D ] cnnctfy3 C:\Windows\system32\DRIVERS\cnnctfy3.sys
20:20:09.0756 0x12b4 cnnctfy3 - ok
20:20:09.0814 0x12b4 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:20:09.0873 0x12b4 Compbatt - ok
20:20:09.0973 0x12b4 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:20:10.0101 0x12b4 CompositeBus - ok
20:20:10.0149 0x12b4 COMSysApp - ok
20:20:10.0384 0x12b4 [ 1F579D39EA90F02391818EACE88695FA, 8C2214CDF4DE5ADDCC4B464C3EFF07BD31C16A918E1E9E2067B652CC1847909C ] Connectify C:\Program Files\Connectify\ConnectifyService.exe
20:20:10.0479 0x12b4 Connectify - detected UnsignedFile.Multi.Generic ( 1 )
20:20:13.0464 0x12b4 Detect skipped due to KSN trusted
20:20:13.0464 0x12b4 Connectify - ok
20:20:13.0536 0x12b4 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:20:13.0583 0x12b4 crcdisk - ok
20:20:13.0675 0x12b4 [ A585BEBF7D054BD9618EDA0922D5484A, 340DF730E88F8B6A4EF542F620EBA2A720546AFAB4DFFA00F066B7610A1026C5 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:20:13.0877 0x12b4 CryptSvc - ok
20:20:14.0276 0x12b4 [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:20:14.0470 0x12b4 cvhsvc - ok
20:20:14.0592 0x12b4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
20:20:14.0815 0x12b4 DcomLaunch - ok
20:20:14.0971 0x12b4 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
20:20:15.0164 0x12b4 defragsvc - ok
20:20:15.0320 0x12b4 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:20:15.0514 0x12b4 DfsC - ok
20:20:15.0731 0x12b4 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:20:15.0991 0x12b4 Dhcp - ok
20:20:16.0080 0x12b4 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
20:20:16.0254 0x12b4 discache - ok
20:20:16.0384 0x12b4 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
20:20:16.0474 0x12b4 Disk - ok
20:20:16.0558 0x12b4 [ 2FE30D71919C51131405797620E0A714, 16060DDC32EF95EB6E37B91D50A96AB53CB0DEBB3DFDCB31975D16361092ABA5 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:20:16.0846 0x12b4 Dnscache - ok
20:20:16.0960 0x12b4 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
20:20:17.0188 0x12b4 dot3svc - ok
20:20:17.0277 0x12b4 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
20:20:17.0481 0x12b4 DPS - ok
20:20:17.0565 0x12b4 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:20:17.0745 0x12b4 drmkaud - ok
20:20:17.0873 0x12b4 [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
20:20:17.0998 0x12b4 DsiWMIService - ok
20:20:18.0163 0x12b4 [ 23F5D28378A160352BA8F817BD8C71CB, 11BF7B7E6276C28EFF74B8AF89B493CBB89B394D2A091708EDA15DA5C342FF19 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:20:18.0303 0x12b4 DXGKrnl - ok
20:20:18.0414 0x12b4 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
20:20:18.0596 0x12b4 EapHost - ok
20:20:18.0973 0x12b4 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
20:20:19.0570 0x12b4 ebdrv - ok
20:20:19.0679 0x12b4 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] EFS C:\Windows\System32\lsass.exe
20:20:19.0860 0x12b4 EFS - ok
20:20:19.0944 0x12b4 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:20:20.0061 0x12b4 elxstor - ok
20:20:20.0222 0x12b4 [ 2609A5B13DE9B2EEB38F3A83A406D079, 013C5E179EEB62364A80D1C1EBDA791EE3C59B4C8E78CD6EC9C174512001A48F ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:20:20.0454 0x12b4 ePowerSvc - ok
20:20:20.0513 0x12b4 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:20:20.0648 0x12b4 ErrDev - ok
20:20:20.0779 0x12b4 [ 4FAB8DFAF156E048AD514EABD268AB3A, 60EDE43AAE4F18B4A52A15D24921D829A05AD0C617BA86ACCC4D4E0A6AD29E8A ] EUCR C:\Windows\system32\DRIVERS\EUCR6SK.SYS
20:20:20.0923 0x12b4 EUCR - ok
20:20:21.0019 0x12b4 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
20:20:21.0272 0x12b4 EventSystem - ok
20:20:21.0327 0x12b4 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
20:20:21.0581 0x12b4 exfat - ok
20:20:21.0661 0x12b4 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:20:21.0854 0x12b4 fastfat - ok
20:20:21.0973 0x12b4 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
20:20:22.0355 0x12b4 Fax - ok
20:20:22.0390 0x12b4 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
20:20:22.0522 0x12b4 fdc - ok
20:20:22.0567 0x12b4 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
20:20:22.0765 0x12b4 fdPHost - ok
20:20:22.0795 0x12b4 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
20:20:23.0037 0x12b4 FDResPub - ok
20:20:23.0130 0x12b4 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:20:23.0268 0x12b4 FileInfo - ok
20:20:23.0331 0x12b4 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:20:23.0502 0x12b4 Filetrace - ok
20:20:23.0570 0x12b4 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:20:23.0679 0x12b4 flpydisk - ok
20:20:23.0732 0x12b4 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:20:23.0809 0x12b4 FltMgr - ok
20:20:23.0956 0x12b4 [ FA6C66E4364D7DA57AADE5DCC03BB999, 9C0D0A04D2558CF60B7F7185CC9B369CDDD3B1C625960910CECF07611F288378 ] FontCache C:\Windows\system32\FntCache.dll
20:20:24.0226 0x12b4 FontCache - ok
20:20:24.0337 0x12b4 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:20:24.0387 0x12b4 FontCache3.0.0.0 - ok
20:20:24.0443 0x12b4 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:20:24.0509 0x12b4 FsDepends - ok
20:20:24.0628 0x12b4 [ A574B4360E438977038AAE4BF60D79A2, 7255CCDDDAC4853FA72E6487408C4B7390CBA37549CE952929B2A9CF3327C616 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:20:24.0701 0x12b4 Fs_Rec - ok
20:20:24.0862 0x12b4 [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:20:24.0941 0x12b4 fvevol - ok
20:20:25.0068 0x12b4 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:20:25.0135 0x12b4 gagp30kx - ok
20:20:25.0277 0x12b4 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:20:25.0324 0x12b4 GEARAspiWDM - ok
20:20:25.0507 0x12b4 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
20:20:25.0757 0x12b4 gpsvc - ok
20:20:25.0866 0x12b4 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files\Acer\Registration\GREGsvc.exe
20:20:25.0934 0x12b4 GREGService - ok
20:20:25.0991 0x12b4 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:20:26.0275 0x12b4 hcw85cir - ok
20:20:26.0488 0x12b4 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:20:26.0662 0x12b4 HdAudAddService - ok
20:20:26.0709 0x12b4 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:20:26.0830 0x12b4 HDAudBus - ok
20:20:26.0903 0x12b4 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:20:27.0026 0x12b4 HidBatt - ok
20:20:27.0078 0x12b4 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:20:27.0257 0x12b4 HidBth - ok
20:20:27.0289 0x12b4 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
20:20:27.0435 0x12b4 HidIr - ok
20:20:27.0592 0x12b4 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
20:20:27.0823 0x12b4 hidserv - ok
20:20:27.0961 0x12b4 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:20:28.0185 0x12b4 HidUsb - ok
20:20:28.0236 0x12b4 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
20:20:28.0458 0x12b4 hkmsvc - ok
20:20:28.0498 0x12b4 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:20:28.0856 0x12b4 HomeGroupListener - ok
20:20:28.0975 0x12b4 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:20:29.0107 0x12b4 HomeGroupProvider - ok
20:20:29.0143 0x12b4 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:20:29.0209 0x12b4 HpSAMD - ok
20:20:29.0465 0x12b4 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:20:29.0695 0x12b4 HTTP - ok
20:20:29.0885 0x12b4 [ 19E6885A061011D8DABE8F64498423FA, 62B5680D7E7F26BEE7DDDA8F51434CC3219C840779E37072BA37E55B2EE82E3B ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:20:30.0087 0x12b4 hwdatacard - ok
20:20:30.0189 0x12b4 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:20:30.0255 0x12b4 hwpolicy - ok
20:20:30.0426 0x12b4 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:20:30.0554 0x12b4 i8042prt - ok
20:20:30.0734 0x12b4 [ D80AA0907748D7CC8EFAB3773F32629B, BEE52B4E6099B5B8CA5D6D4DE4A90B124AC7E3EE4A69565BFDD227AF261B6242 ] iaStor C:\Windows\system32\drivers\iaStor.sys
20:20:30.0896 0x12b4 iaStor - ok
20:20:31.0153 0x12b4 [ A9BE186ABF28B3D3D698CB855EDF457E, 03E1851132E1C8669CF9B3CEB1C9E6AE45BBAC2632FEEDD311F3B3FAA9B623DD ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:20:31.0195 0x12b4 IAStorDataMgrSvc - ok
20:20:31.0271 0x12b4 [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:20:31.0349 0x12b4 iaStorV - ok
20:20:31.0716 0x12b4 [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:20:31.0868 0x12b4 idsvc - ok
20:20:33.0400 0x12b4 [ D0074897C6BC132F3980EA4654BF7FB9, 53F4B0286A6CF974135E6F184E05975BD436FA4D45687B6E47E013A8D57D0E05 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:20:35.0358 0x12b4 igfx - ok
20:20:35.0728 0x12b4 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:20:35.0808 0x12b4 iirsp - ok
20:20:36.0385 0x12b4 [ F95622F161474511B8D80D6B093AA610, F2320E25EB9B4AA9A8366BD3AA23EABEBE111A5610D3A62EBA47D90427D5BC26 ] IKEEXT C:\Windows\System32\ikeext.dll
20:20:37.0019 0x12b4 IKEEXT - ok
20:20:38.0723 0x12b4 [ 8C92829CCAE93139B90C46389FBEF4CF, D20BB14D2BA8B823BA12787E081791BEF34267150009D884787A72C7BF50D100 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:20:39.0664 0x12b4 IntcAzAudAddService - ok
20:20:40.0050 0x12b4 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
20:20:40.0214 0x12b4 intelide - ok
20:20:40.0405 0x12b4 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:20:40.0760 0x12b4 intelppm - ok
20:20:40.0858 0x12b4 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:20:41.0452 0x12b4 IPBusEnum - ok
20:20:41.0607 0x12b4 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:20:41.0823 0x12b4 IpFilterDriver - ok
20:20:42.0623 0x12b4 [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:20:43.0489 0x12b4 iphlpsvc - ok
20:20:43.0566 0x12b4 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:20:43.0924 0x12b4 IPMIDRV - ok
20:20:44.0067 0x12b4 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:20:44.0287 0x12b4 IPNAT - ok
20:20:44.0756 0x12b4 [ 1AA479D2A100ACFDE3A7B7B2D6E53DC0, 487714C233A93F2DCE7AD443CEA61B60B35D6131C79DE0A9C1A614BCB3B97391 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:20:44.0887 0x12b4 iPod Service - ok
20:20:44.0936 0x12b4 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:20:45.0359 0x12b4 IRENUM - ok
20:20:45.0422 0x12b4 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:20:45.0508 0x12b4 isapnp - ok
20:20:45.0608 0x12b4 [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:20:45.0699 0x12b4 iScsiPrt - ok
20:20:45.0767 0x12b4 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:20:45.0833 0x12b4 kbdclass - ok
20:20:45.0927 0x12b4 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:20:46.0206 0x12b4 kbdhid - ok
20:20:46.0271 0x12b4 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] KeyIso C:\Windows\system32\lsass.exe
20:20:46.0462 0x12b4 KeyIso - ok
20:20:47.0057 0x12b4 [ 412CEA1AA78CC02A447F5C9E62B32FF1, E06859E2CE2AFA3CE521851F8810778ED1748B812E601A58786605096AACEA81 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:20:47.0251 0x12b4 KSecDD - ok
20:20:48.0488 0x12b4 [ 26C046977E85B95036453D7B88BA1820, 375B284AFB407CAE417D2090B112A0ED1CCD516ABFDDBFCD5D6AADE859F14ACD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:20:48.0584 0x12b4 KSecPkg - ok
20:20:48.0740 0x12b4 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:20:48.0990 0x12b4 KtmRm - ok
20:20:49.0071 0x12b4 [ 1A91EAAD2D73758140B3B7B6AD736573, 5D2B355B01E4A01BEE32E219960ED701AE419581ACC2E792E36E5C53F7ED88CA ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
20:20:49.0141 0x12b4 L1C - ok
20:20:49.0225 0x12b4 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:20:49.0487 0x12b4 LanmanServer - ok
20:20:49.0605 0x12b4 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:20:49.0858 0x12b4 LanmanWorkstation - ok
20:20:50.0116 0x12b4 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:20:50.0374 0x12b4 lltdio - ok
20:20:50.0450 0x12b4 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:20:50.0838 0x12b4 lltdsvc - ok
20:20:50.0920 0x12b4 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:20:51.0183 0x12b4 lmhosts - ok
20:20:51.0266 0x12b4 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:20:51.0348 0x12b4 LSI_FC - ok
20:20:51.0383 0x12b4 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:20:51.0445 0x12b4 LSI_SAS - ok
20:20:51.0485 0x12b4 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:20:51.0566 0x12b4 LSI_SAS2 - ok
20:20:51.0598 0x12b4 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:20:51.0704 0x12b4 LSI_SCSI - ok
20:20:51.0739 0x12b4 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
20:20:51.0996 0x12b4 luafv - ok
20:20:52.0315 0x12b4 [ 3E2734AA7760B06E91F2F30CFD67DB0B, EC937EB0D2B14F44B87660A11952183274725C22DFD0F6AE7D31384AC71FF75B ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
20:20:52.0393 0x12b4 mbamchameleon - ok
20:20:52.0552 0x12b4 [ 40C7F4B63337414F967AC53E0520B06B, 1E42F17F17B8BF748EFB15112EDA2DBD76761A011673B654020084AEC02089F1 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:20:52.0644 0x12b4 MBAMProtector - ok
20:20:53.0468 0x12b4 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
20:20:53.0753 0x12b4 MBAMScheduler - ok
20:20:54.0081 0x12b4 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
20:20:54.0306 0x12b4 MBAMService - ok
20:20:54.0457 0x12b4 [ 5023F594D5448E16F920157174C61358, A8A188CA4E9995BBFCD419680A43EE8AD1E0C7EE529BEC8E0922581386982C4F ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:20:54.0573 0x12b4 MBAMSwissArmy - ok
20:20:54.0709 0x12b4 [ 63254775FE0F974F5316B4EC3F163038, 05C83C2A8C29075C25E506AA4554906096320DF5517EE550724A1DE35A7A5206 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:20:54.0791 0x12b4 MBAMWebAccessControl - ok
20:20:54.0882 0x12b4 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
20:20:54.0946 0x12b4 megasas - ok
20:20:55.0013 0x12b4 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:20:55.0111 0x12b4 MegaSR - ok
20:20:55.0214 0x12b4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
20:20:55.0429 0x12b4 MMCSS - ok
20:20:55.0486 0x12b4 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
20:20:55.0717 0x12b4 Modem - ok
20:20:55.0760 0x12b4 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:20:55.0901 0x12b4 monitor - ok
20:20:55.0989 0x12b4 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:20:56.0060 0x12b4 mouclass - ok
20:20:56.0136 0x12b4 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:20:56.0248 0x12b4 mouhid - ok
20:20:56.0333 0x12b4 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:20:56.0434 0x12b4 mountmgr - ok
20:20:56.0545 0x12b4 [ C34AB4280614658903BE848CE79ACDB5, 9A943D9B3CF941DAE4EA4E2771B5EC5DA37AB16AD43095EF092B4259D62FF810 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:20:56.0615 0x12b4 MozillaMaintenance - ok
20:20:56.0672 0x12b4 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
20:20:56.0789 0x12b4 mpio - ok
20:20:56.0850 0x12b4 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:20:57.0026 0x12b4 mpsdrv - ok
20:20:57.0142 0x12b4 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:20:57.0455 0x12b4 MpsSvc - ok
20:20:57.0588 0x12b4 [ CEB46AB7C01C9F825F8CC6BABC18166A, AA98898204FC58878502C170FE6ED8BA681396DDD8BF3689D0C3642DEA87BEF8 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:20:57.0817 0x12b4 MRxDAV - ok
20:20:57.0949 0x12b4 [ B272B4C3E085EA860C12F2E4FAF2FFA2, DA99D8223D9FB7BFA52E66B73D1E1AA47B76B45A649400F7898E8D65D8672E52 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:20:58.0189 0x12b4 mrxsmb - ok
20:20:58.0292 0x12b4 [ 9AC33EF26C8A3AD0F117D00EB7301D03, 403445B07DC55F9DF98CA11AC87D4231187A2472A4E107786A5845B213355F0A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:20:58.0506 0x12b4 mrxsmb10 - ok
20:20:58.0674 0x12b4 [ E0ABDB5ED7E199E242A7D028E76C1D3A, 4014A1F0720F6D15A2FB0CF4F1F970595BC29929F92F461CDD68E4513F49563E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:20:58.0833 0x12b4 mrxsmb20 - ok
20:20:58.0925 0x12b4 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
20:20:59.0058 0x12b4 msahci - ok
20:20:59.0162 0x12b4 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:20:59.0221 0x12b4 msdsm - ok
20:20:59.0300 0x12b4 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
20:20:59.0463 0x12b4 MSDTC - ok
20:20:59.0629 0x12b4 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:20:59.0808 0x12b4 Msfs - ok
20:20:59.0861 0x12b4 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:21:00.0047 0x12b4 mshidkmdf - ok
20:21:00.0143 0x12b4 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:21:00.0213 0x12b4 msisadrv - ok
20:21:00.0396 0x12b4 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:21:00.0609 0x12b4 MSiSCSI - ok
20:21:00.0633 0x12b4 msiserver - ok
20:21:00.0774 0x12b4 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:21:00.0954 0x12b4 MSKSSRV - ok
20:21:00.0994 0x12b4 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:21:01.0154 0x12b4 MSPCLOCK - ok
20:21:01.0256 0x12b4 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:21:01.0424 0x12b4 MSPQM - ok
20:21:01.0527 0x12b4 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:21:01.0594 0x12b4 MsRPC - ok
20:21:01.0675 0x12b4 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:21:01.0729 0x12b4 mssmbios - ok
20:21:01.0812 0x12b4 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:21:01.0974 0x12b4 MSTEE - ok
20:21:02.0042 0x12b4 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:21:02.0248 0x12b4 MTConfig - ok
20:21:02.0278 0x12b4 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
20:21:02.0337 0x12b4 Mup - ok
20:21:02.0514 0x12b4 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
20:21:02.0752 0x12b4 napagent - ok
20:21:02.0827 0x12b4 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:21:02.0967 0x12b4 NativeWifiP - ok
20:21:03.0192 0x12b4 [ E7C54812A2AAF43316EB6930C1FFA108, C8A6FC1957FA29A3B372132FEA9145538BC767044A11D77316D3D1A3EAA60630 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:21:03.0393 0x12b4 NDIS - ok
20:21:03.0461 0x12b4 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:21:03.0736 0x12b4 NdisCap - ok
20:21:03.0893 0x12b4 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:21:04.0105 0x12b4 NdisTapi - ok
20:21:04.0385 0x12b4 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:21:04.0667 0x12b4 Ndisuio - ok
20:21:04.0738 0x12b4 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:21:05.0022 0x12b4 NdisWan - ok
20:21:05.0051 0x12b4 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:21:05.0353 0x12b4 NDProxy - ok
20:21:05.0402 0x12b4 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:21:05.0609 0x12b4 NetBIOS - ok
20:21:05.0695 0x12b4 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:21:06.0046 0x12b4 NetBT - ok
20:21:06.0081 0x12b4 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] Netlogon C:\Windows\system32\lsass.exe
20:21:06.0221 0x12b4 Netlogon - ok
20:21:06.0295 0x12b4 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
20:21:06.0614 0x12b4 Netman - ok
20:21:06.0659 0x12b4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:21:06.0788 0x12b4 NetMsmqActivator - ok
20:21:06.0832 0x12b4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:21:06.0895 0x12b4 NetPipeActivator - ok
20:21:07.0024 0x12b4 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
20:21:07.0330 0x12b4 netprofm - ok
20:21:07.0380 0x12b4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:21:07.0506 0x12b4 NetTcpActivator - ok
20:21:07.0577 0x12b4 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:21:07.0665 0x12b4 NetTcpPortSharing - ok
20:21:08.0932 0x12b4 [ A520AED8926AD6185031B9B18F55397E, 696C00E42050BC3437519961B22A1D38673E7B3EF73878FC2D5AE5B30453A371 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
20:21:10.0325 0x12b4 NETw5s32 - ok
20:21:10.0481 0x12b4 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:21:10.0547 0x12b4 nfrd960 - ok
20:21:10.0910 0x12b4 [ 912084381D30D8B89EC4E293053F4710, 99B8CD043DF531D4B9725ED167F63CED220608B2FED3EE8250C217D15762DFD7 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:21:11.0122 0x12b4 NlaSvc - ok
20:21:11.0171 0x12b4 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:21:11.0370 0x12b4 Npfs - ok
20:21:11.0448 0x12b4 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
20:21:11.0670 0x12b4 nsi - ok
20:21:11.0726 0x12b4 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:21:11.0912 0x12b4 nsiproxy - ok
20:21:12.0176 0x12b4 [ 33C3093D09017CFE2E219F2472BFF6EB, DE46C7A53C3606F036DED1EE8A81B79CAF3171A7E97DA2F71712E2DA046A262E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:21:12.0420 0x12b4 Ntfs - ok
20:21:12.0480 0x12b4 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
20:21:12.0623 0x12b4 Null - ok
20:21:12.0695 0x12b4 [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:21:12.0761 0x12b4 nvraid - ok
20:21:12.0806 0x12b4 [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:21:12.0871 0x12b4 nvstor - ok
20:21:12.0937 0x12b4 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:21:13.0018 0x12b4 nv_agp - ok
20:21:13.0091 0x12b4 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:21:13.0195 0x12b4 ohci1394 - ok
20:21:13.0320 0x12b4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:21:13.0406 0x12b4 ose - ok
20:21:14.0630 0x12b4 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:21:15.0374 0x12b4 osppsvc - ok
20:21:15.0515 0x12b4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:21:15.0816 0x12b4 p2pimsvc - ok
20:21:15.0922 0x12b4 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
20:21:16.0135 0x12b4 p2psvc - ok
20:21:16.0203 0x12b4 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
20:21:16.0373 0x12b4 Parport - ok
20:21:16.0431 0x12b4 [ BF8F6AF06DA75B336F07E23AEF97D93B, 2F2C4314872732550A112BFF2F803484D4A3D697F0D69D352350CE208FD8A1A4 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:21:16.0501 0x12b4 partmgr - ok
20:21:16.0587 0x12b4 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:21:16.0825 0x12b4 Parvdm - ok
20:21:16.0950 0x12b4 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:21:17.0098 0x12b4 PcaSvc - ok
20:21:17.0158 0x12b4 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
20:21:17.0220 0x12b4 pci - ok
20:21:17.0263 0x12b4 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
20:21:17.0347 0x12b4 pciide - ok
20:21:17.0548 0x12b4 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:21:17.0638 0x12b4 pcmcia - ok
20:21:17.0684 0x12b4 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
20:21:17.0738 0x12b4 pcw - ok
20:21:17.0844 0x12b4 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:21:18.0214 0x12b4 PEAUTH - ok
20:21:18.0610 0x12b4 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
20:21:19.0040 0x12b4 pla - ok
20:21:19.0315 0x12b4 [ 92DC6E68D2C856C5C2F21AE9E22112B8, EFAA27886A05E57E629A9EFC3671D9D64144795EDF55438A676F5B43E59BE3FC ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:21:19.0527 0x12b4 PlugPlay - ok
20:21:19.0617 0x12b4 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:21:19.0720 0x12b4 PNRPAutoReg - ok
20:21:19.0814 0x12b4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:21:19.0946 0x12b4 PNRPsvc - ok
20:21:20.0031 0x12b4 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:21:20.0235 0x12b4 PolicyAgent - ok
20:21:20.0344 0x12b4 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
20:21:20.0559 0x12b4 Power - ok
20:21:20.0611 0x12b4 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:21:20.0762 0x12b4 PptpMiniport - ok
20:21:20.0801 0x12b4 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
20:21:20.0899 0x12b4 Processor - ok
20:21:20.0976 0x12b4 [ 43CA4CCC22D52FB58E8988F0198851D0, DF67BD70D9D82677AE61244B4E54677A5008A7F5EB531DF2A7E7D33F1658EA78 ] ProfSvc C:\Windows\system32\profsvc.dll
20:21:21.0144 0x12b4 ProfSvc - ok
20:21:21.0170 0x12b4 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:21:21.0264 0x12b4 ProtectedStorage - ok
20:21:21.0321 0x12b4 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:21:21.0474 0x12b4 Psched - ok
20:21:22.0015 0x12b4 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:21:22.0326 0x12b4 ql2300 - ok
20:21:22.0423 0x12b4 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:21:22.0500 0x12b4 ql40xx - ok
20:21:22.0714 0x12b4 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
20:21:22.0907 0x12b4 QWAVE - ok
20:21:22.0966 0x12b4 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:21:23.0134 0x12b4 QWAVEdrv - ok
20:21:23.0217 0x12b4 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:21:23.0406 0x12b4 RasAcd - ok
20:21:23.0526 0x12b4 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:21:23.0763 0x12b4 RasAgileVpn - ok
20:21:23.0868 0x12b4 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
20:21:24.0067 0x12b4 RasAuto - ok
20:21:24.0225 0x12b4 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:24.0429 0x12b4 Rasl2tp - ok
20:21:24.0575 0x12b4 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
20:21:24.0801 0x12b4 RasMan - ok
20:21:24.0906 0x12b4 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:25.0086 0x12b4 RasPppoe - ok
20:21:25.0135 0x12b4 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:21:25.0310 0x12b4 RasSstp - ok
20:21:25.0490 0x12b4 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:21:25.0829 0x12b4 rdbss - ok
20:21:26.0045 0x12b4 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:21:26.0193 0x12b4 rdpbus - ok
20:21:26.0272 0x12b4 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:26.0457 0x12b4 RDPCDD - ok
20:21:26.0585 0x12b4 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:21:26.0810 0x12b4 RDPENCDD - ok
20:21:26.0861 0x12b4 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:21:27.0049 0x12b4 RDPREFMP - ok
20:21:27.0229 0x12b4 [ 288B06960D78428FF89E811632684E20, 82FB13C2749637E172381C9C205080921A45453191B6246C5D3FE946A06D17F5 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:21:27.0478 0x12b4 RDPWD - ok
20:21:27.0563 0x12b4 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:21:27.0680 0x12b4 rdyboost - ok
20:21:27.0762 0x12b4 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:21:27.0963 0x12b4 RemoteAccess - ok
20:21:28.0037 0x12b4 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:21:28.0286 0x12b4 RemoteRegistry - ok
20:21:28.0334 0x12b4 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:21:28.0523 0x12b4 RpcEptMapper - ok
20:21:28.0622 0x12b4 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
20:21:28.0735 0x12b4 RpcLocator - ok
20:21:28.0839 0x12b4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
20:21:29.0066 0x12b4 RpcSs - ok
20:21:29.0133 0x12b4 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:21:29.0296 0x12b4 rspndr - ok
20:21:29.0482 0x12b4 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A, A6810A901620119E1809297A568DC903729471F4F4F813F1C60378E122D2358E ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
20:21:29.0640 0x12b4 RS_Service - ok
20:21:29.0681 0x12b4 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] SamSs C:\Windows\system32\lsass.exe
20:21:29.0783 0x12b4 SamSs - ok
20:21:29.0927 0x12b4 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:21:30.0020 0x12b4 sbp2port - ok
20:21:30.0253 0x12b4 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:21:30.0741 0x12b4 SCardSvr - ok
20:21:30.0835 0x12b4 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:21:31.0006 0x12b4 scfilter - ok
20:21:31.0345 0x12b4 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
20:21:31.0857 0x12b4 Schedule - ok
20:21:31.0944 0x12b4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:21:32.0195 0x12b4 SCPolicySvc - ok
20:21:32.0337 0x12b4 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:21:32.0643 0x12b4 SDRSVC - ok
20:21:32.0989 0x12b4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:21:33.0219 0x12b4 secdrv - ok
20:21:33.0281 0x12b4 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
20:21:33.0586 0x12b4 seclogon - ok
20:21:33.0634 0x12b4 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
20:21:33.0854 0x12b4 SENS - ok
20:21:33.0985 0x12b4 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:21:34.0183 0x12b4 Serenum - ok
20:21:34.0336 0x12b4 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\drivers\serial.sys
20:21:34.0592 0x12b4 Serial - ok
20:21:34.0655 0x12b4 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:21:34.0894 0x12b4 sermouse - ok
20:21:35.0050 0x12b4 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
20:21:35.0396 0x12b4 SessionEnv - ok
20:21:35.0501 0x12b4 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:21:35.0809 0x12b4 sffdisk - ok
20:21:35.0840 0x12b4 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:21:36.0050 0x12b4 sffp_mmc - ok
20:21:36.0148 0x12b4 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:21:36.0445 0x12b4 sffp_sd - ok
20:21:36.0534 0x12b4 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:21:36.0707 0x12b4 sfloppy - ok
20:21:36.0884 0x12b4 [ EC5C79BD81F0C55DF53F4818D4F1C2C8, B9650F484CF918781CA3B02278F19E73FA3B619133F75C0C42FEB788A183E0CB ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:21:37.0097 0x12b4 Sftfs - ok
20:21:37.0230 0x12b4 [ 1AEBDC693C74EA55FE05D51FA6573EBC, 92E3A6C8D3B5193BD2831DD47C4C58419F72ABC2C21C71A9A690CCFC2D05CBB0 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
20:21:37.0518 0x12b4 sftlist - ok
20:21:37.0588 0x12b4 [ A224670FB892A205E4D99E06C0B85C7C, 3E2E401FF5E0E9EE4C2BE9F5C3144086F5AB015789C36D7263BBAB59FEEB74C7 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:21:37.0700 0x12b4 Sftplay - ok
20:21:37.0727 0x12b4 [ 9D354D425FB55CDF0EDC7F67FBC5B04E, C3B68F8B5F34B73EF6588DCBB67BE7CB3E59918E7A58D90A83E3D8EBB6ECA291 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:21:37.0812 0x12b4 Sftredir - ok
20:21:37.0854 0x12b4 [ F369D6B89AA610174A4E90C8513B7C7A, 2AEFA10F57C0ED0466611957DED5425363608E88414DD7DCF74E182117B12F5A ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:21:37.0920 0x12b4 Sftvol - ok
20:21:37.0990 0x12b4 [ 19D34534176E62F35DDB7DC7B7FF2A87, DBBB9155B62482E4782E5302193586514880734BD3617FDCB51798EB404758D6 ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
20:21:38.0091 0x12b4 sftvsa - ok
20:21:38.0206 0x12b4 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:21:38.0678 0x12b4 SharedAccess - ok
20:21:39.0302 0x12b4 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:21:39.0926 0x12b4 ShellHWDetection - ok
20:21:40.0458 0x12b4 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:21:40.0534 0x12b4 sisagp - ok
20:21:40.0738 0x12b4 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:21:40.0930 0x12b4 SiSRaid2 - ok
20:21:41.0304 0x12b4 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:21:41.0392 0x12b4 SiSRaid4 - ok
20:21:42.0017 0x12b4 [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:21:42.0543 0x12b4 SkypeUpdate - ok
20:21:42.0599 0x12b4 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:21:42.0864 0x12b4 Smb - ok
20:21:42.0983 0x12b4 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:21:43.0175 0x12b4 SNMPTRAP - ok
20:21:43.0240 0x12b4 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
20:21:43.0337 0x12b4 spldr - ok
20:21:43.0479 0x12b4 [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler C:\Windows\System32\spoolsv.exe
20:21:43.0693 0x12b4 Spooler - ok
20:21:44.0269 0x12b4 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
20:21:45.0023 0x12b4 sppsvc - ok
20:21:45.0113 0x12b4 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:21:45.0312 0x12b4 sppuinotify - ok
20:21:45.0464 0x12b4 [ 112127C3B2E64D7680CC39CD0A39DD7E, ABE8B868CFE0EF4DAF886517047DBFD5A9C964983FAA499AC086CCD45BA46366 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:21:45.0759 0x12b4 srv - ok
20:21:46.0061 0x12b4 [ E5DD784A4EE5EBC72A86C677C988FCDB, 5D54C9AF291F8047DD66C31671F279A5D7EE8BCB5E55640F5F976E16211F59DD ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:21:46.0436 0x12b4 srv2 - ok
20:21:46.0679 0x12b4 [ CDBE627E16CC9E98F343D73F8E81D258, 25A68A6F943FCBA79A0D97ABC5B2EAEEB65C268F1CB2DD445ABF7E2758DF2802 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:21:47.0068 0x12b4 srvnet - ok
20:21:47.0422 0x12b4 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:21:47.0781 0x12b4 SSDPSRV - ok
20:21:47.0955 0x12b4 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:21:48.0229 0x12b4 SstpSvc - ok
20:21:48.0542 0x12b4 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:21:48.0693 0x12b4 stexstor - ok
20:21:49.0006 0x12b4 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
20:21:49.0252 0x12b4 StiSvc - ok
20:21:49.0362 0x12b4 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
20:21:49.0468 0x12b4 swenum - ok
20:21:49.0599 0x12b4 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
20:21:49.0824 0x12b4 swprv - ok
20:21:50.0318 0x12b4 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
20:21:50.0650 0x12b4 SysMain - ok
20:21:50.0823 0x12b4 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:21:51.0187 0x12b4 TabletInputService - ok
20:21:51.0350 0x12b4 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
20:21:51.0577 0x12b4 TapiSrv - ok
20:21:51.0678 0x12b4 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
20:21:52.0033 0x12b4 TBS - ok
20:21:52.0315 0x12b4 [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:21:52.0691 0x12b4 Tcpip - ok
20:21:52.0881 0x12b4 [ 37E8FA3779668837CA9E2C36D2415949, FDDA99B7501CDBC3032AA12FD8E929F5E3B47DA112D0F8A05E2D833E5609EDEA ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:21:53.0137 0x12b4 TCPIP6 - ok
20:21:53.0280 0x12b4 [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:21:53.0562 0x12b4 tcpipreg - ok
20:21:53.0625 0x12b4 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:21:53.0814 0x12b4 TDPIPE - ok
20:21:53.0911 0x12b4 [ 2C10395BAA4847F83042813C515CC289, CBC058AE2EB6AA5905F9D2EF52573E1C06330462952E6D6E7083F8DB2C441E3E ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:21:54.0165 0x12b4 TDTCP - ok
20:21:54.0241 0x12b4 [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:21:54.0509 0x12b4 tdx - ok
20:21:54.0556 0x12b4 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:21:54.0634 0x12b4 TermDD - ok
20:21:54.0829 0x12b4 [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService C:\Windows\System32\termsrv.dll
20:21:55.0186 0x12b4 TermService - ok
20:21:55.0355 0x12b4 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
20:21:55.0512 0x12b4 Themes - ok
20:21:55.0573 0x12b4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
20:21:55.0932 0x12b4 THREADORDER - ok
20:21:56.0066 0x12b4 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
20:21:56.0320 0x12b4 TrkWks - ok
20:21:56.0599 0x12b4 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:21:56.0786 0x12b4 TrustedInstaller - ok
20:21:56.0897 0x12b4 [ 254BB140EEE3C59D6114C1A86B636877, EE09D62E90407A40278F2136F640DAB16A4E2BF57D4FB6E05F92CA9CC9CF57C0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:57.0114 0x12b4 tssecsrv - ok
20:21:57.0199 0x12b4 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:21:57.0341 0x12b4 TsUsbFlt - ok
20:21:57.0424 0x12b4 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:21:57.0635 0x12b4 tunnel - ok
20:21:57.0705 0x12b4 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:21:57.0792 0x12b4 uagp35 - ok
20:21:57.0933 0x12b4 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:21:58.0126 0x12b4 udfs - ok
20:21:58.0210 0x12b4 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:21:58.0441 0x12b4 UI0Detect - ok
20:21:58.0569 0x12b4 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:21:58.0654 0x12b4 uliagpkx - ok
20:21:58.0716 0x12b4 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
20:21:58.0886 0x12b4 umbus - ok
20:21:58.0938 0x12b4 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:21:59.0183 0x12b4 UmPass - ok
20:21:59.0428 0x12b4 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:21:59.0524 0x12b4 Updater Service - ok
20:21:59.0742 0x12b4 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
20:22:00.0001 0x12b4 upnphost - ok
20:22:00.0101 0x12b4 [ A176718F0DF45F60F545CF3E14F4D108, 5E767CB0B51B3BA05B6F99A7E46BEC275489DCFE874343C9B992843AA1F2334E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:22:00.0254 0x12b4 USBAAPL - ok
20:22:00.0344 0x12b4 [ 7E72E7D7E0757D59481D530FD2B0BFAE, 288CAC9F4AC09DEB2B30C6E3A6ACF8D62A75576F62F0EC159D5E1B257419E9DC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:22:00.0492 0x12b4 usbccgp - ok
20:22:00.0560 0x12b4 [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:22:00.0709 0x12b4 usbcir - ok
20:22:00.0863 0x12b4 [ CFBCE999C057D78979A181C9C60F208E, D60698EAA8A085214D5945818B0863976CF116EBE523046C344AF4E9392FDF80 ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:22:01.0005 0x12b4 usbehci - ok
20:22:01.0067 0x12b4 [ 9D22AAD9AC6A07C691A1113E5F860868, AC34D36DBB5649650FCD873A792CA1387AE841D4C46781C63C0D29834F9B58E9 ] usbhub C:\Windows\system32\drivers\usbhub.sys
20:22:01.0219 0x12b4 usbhub - ok
20:22:01.0349 0x12b4 [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:22:01.0672 0x12b4 usbohci - ok
20:22:01.0817 0x12b4 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:22:01.0998 0x12b4 usbprint - ok
20:22:02.0129 0x12b4 [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:22:02.0345 0x12b4 usbscan - ok
20:22:02.0437 0x12b4 [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:22:02.0597 0x12b4 USBSTOR - ok
20:22:02.0688 0x12b4 [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:22:02.0786 0x12b4 usbuhci - ok
20:22:02.0874 0x12b4 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2, F9B72DE82078FDB5551D48988190F46EECA9B99655C591B7865FEA1AFB31F637 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:22:03.0084 0x12b4 usbvideo - ok
20:22:03.0179 0x12b4 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
20:22:03.0384 0x12b4 UxSms - ok
20:22:03.0437 0x12b4 [ F42309C4191C506B71DB5D1126D26318, 29B0A8889857CEBFA6CBD795D5EECDDFFA04E794BD3C73FC488725B2A160F326 ] VaultSvc C:\Windows\system32\lsass.exe
20:22:03.0547 0x12b4 VaultSvc - ok
20:22:03.0753 0x12b4 VBoxAswDrv - ok
20:22:03.0794 0x12b4 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:22:03.0847 0x12b4 vdrvroot - ok
20:22:03.0976 0x12b4 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
20:22:04.0225 0x12b4 vds - ok
20:22:04.0283 0x12b4 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:22:04.0410 0x12b4 vga - ok
20:22:04.0469 0x12b4 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:22:04.0639 0x12b4 VgaSave - ok
20:22:04.0757 0x12b4 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:22:04.0827 0x12b4 vhdmp - ok
20:22:04.0912 0x12b4 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:22:04.0979 0x12b4 viaagp - ok
20:22:05.0070 0x12b4 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:22:05.0159 0x12b4 ViaC7 - ok
20:22:05.0240 0x12b4 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
20:22:05.0298 0x12b4 viaide - ok
20:22:05.0338 0x12b4 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:22:05.0400 0x12b4 volmgr - ok
20:22:05.0499 0x12b4 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:22:05.0583 0x12b4 volmgrx - ok
20:22:05.0676 0x12b4 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:22:05.0769 0x12b4 volsnap - ok
20:22:05.0877 0x12b4 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:22:05.0954 0x12b4 vsmraid - ok
20:22:06.0180 0x12b4 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
20:22:06.0535 0x12b4 VSS - ok
20:22:06.0668 0x12b4 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:22:06.0848 0x12b4 vwifibus - ok
20:22:06.0944 0x12b4 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:22:07.0070 0x12b4 vwififlt - ok
20:22:07.0173 0x12b4 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:22:07.0292 0x12b4 vwifimp - ok
20:22:07.0405 0x12b4 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
20:22:07.0638 0x12b4 W32Time - ok
20:22:07.0714 0x12b4 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:22:07.0883 0x12b4 WacomPen - ok
20:22:07.0945 0x12b4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:22:08.0217 0x12b4 WANARP - ok
20:22:08.0350 0x12b4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:22:08.0505 0x12b4 Wanarpv6 - ok
20:22:08.0757 0x12b4 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
20:22:09.0366 0x12b4 wbengine - ok
20:22:09.0486 0x12b4 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:22:10.0180 0x12b4 WbioSrvc - ok
20:22:10.0677 0x12b4 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:22:11.0710 0x12b4 wcncsvc - ok
20:22:11.0773 0x12b4 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:22:11.0956 0x12b4 WcsPlugInService - ok
20:22:12.0006 0x12b4 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
20:22:12.0078 0x12b4 Wd - ok
20:22:12.0202 0x12b4 [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:22:12.0309 0x12b4 Wdf01000 - ok
20:22:12.0374 0x12b4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:22:12.0634 0x12b4 WdiServiceHost - ok
20:22:12.0686 0x12b4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:22:12.0794 0x12b4 WdiSystemHost - ok
20:22:12.0929 0x12b4 [ A9D880F97530D5B8FEE278923349929D, 6A293E2DB9B7C434EA8B4CD4861E11905D46BD60E014AE27B74DC8C4B2DDF834 ] WebClient C:\Windows\System32\webclnt.dll
20:22:13.0117 0x12b4 WebClient - ok
20:22:13.0222 0x12b4 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:22:13.0392 0x12b4 Wecsvc - ok
20:22:13.0437 0x12b4 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:22:13.0597 0x12b4 wercplsupport - ok
20:22:13.0653 0x12b4 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
20:22:13.0888 0x12b4 WerSvc - ok
20:22:13.0946 0x12b4 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:22:14.0097 0x12b4 WfpLwf - ok
20:22:14.0138 0x12b4 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:22:14.0202 0x12b4 WIMMount - ok
20:22:14.0413 0x12b4 [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:22:14.0626 0x12b4 WinDefend - ok
20:22:14.0697 0x12b4 WinHttpAutoProxySvc - ok
20:22:15.0001 0x12b4 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:22:15.0186 0x12b4 Winmgmt - ok
20:22:15.0453 0x12b4 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
20:22:15.0853 0x12b4 WinRM - ok
20:22:15.0980 0x12b4 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:22:16.0086 0x12b4 WinUsb - ok
20:22:16.0265 0x12b4 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:22:16.0524 0x12b4 Wlansvc - ok
20:22:16.0591 0x12b4 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:22:16.0684 0x12b4 WmiAcpi - ok
20:22:16.0795 0x12b4 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:22:16.0924 0x12b4 wmiApSrv - ok
20:22:17.0123 0x12b4 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:22:17.0450 0x12b4 WMPNetworkSvc - ok
20:22:17.0541 0x12b4 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:22:17.0684 0x12b4 WPCSvc - ok
20:22:17.0741 0x12b4 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:22:17.0886 0x12b4 WPDBusEnum - ok
20:22:17.0938 0x12b4 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:22:18.0088 0x12b4 ws2ifsl - ok
20:22:18.0210 0x12b4 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
20:22:18.0338 0x12b4 wscsvc - ok
20:22:18.0358 0x12b4 WSearch - ok
20:22:18.0912 0x12b4 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
20:22:19.0222 0x12b4 wuauserv - ok
20:22:19.0282 0x12b4 [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:22:19.0443 0x12b4 WudfPf - ok
20:22:19.0549 0x12b4 [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:19.0714 0x12b4 WUDFRd - ok
20:22:19.0787 0x12b4 [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:22:19.0959 0x12b4 wudfsvc - ok
20:22:20.0119 0x12b4 [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:22:20.0288 0x12b4 WwanSvc - ok
20:22:20.0424 0x12b4 ================ Scan global ===============================
20:22:20.0507 0x12b4 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
20:22:20.0645 0x12b4 [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
20:22:20.0706 0x12b4 [ A9F564F254E9DDDE120A7135767EC24B, F255DCB4C7F4F941BA27700D66684AD0BA3DF114D6F298E2A909095B71B11D94 ] C:\Windows\system32\winsrv.dll
20:22:20.0828 0x12b4 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:22:20.0916 0x12b4 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
20:22:20.0954 0x12b4 [ Global ] - ok
20:22:20.0956 0x12b4 ================ Scan MBR ==================================
20:22:20.0989 0x12b4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:22:21.0927 0x12b4 \Device\Harddisk0\DR0 - ok
20:22:21.0928 0x12b4 ================ Scan VBR ==================================
20:22:21.0977 0x12b4 [ F277EA2798E4EF1D2CA7B4D62DE7E9D9 ] \Device\Harddisk0\DR0\Partition1
20:22:21.0981 0x12b4 \Device\Harddisk0\DR0\Partition1 - ok
20:22:22.0027 0x12b4 [ C22ECD137A917C9F3A33331240555638 ] \Device\Harddisk0\DR0\Partition2
20:22:22.0109 0x12b4 \Device\Harddisk0\DR0\Partition2 - ok
20:22:22.0151 0x12b4 [ 0661B75E7E82F24FBDE530FF613C97B1 ] \Device\Harddisk0\DR0\Partition3
20:22:22.0186 0x12b4 \Device\Harddisk0\DR0\Partition3 - ok
20:22:22.0188 0x12b4 ================ Scan generic autorun ======================
20:22:22.0369 0x12b4 [ 38218E47372B77DDB3C9DDD4390CB960, C665FCFE08A4C1F9C3FBA73A220AAB7344C2BF203B62FAB76EF1F659A78F007C ] C:\Program Files\Launch Manager\LManager.exe
20:22:22.0547 0x12b4 LManager - ok
20:22:22.0672 0x12b4 [ CBEBF85763814AD2CA23491050B08D76, E67ECEB3B9921DF8EB4236FC811E4C40AE7EE3272ED5D1E6CBF1ACB1E205963B ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
20:22:22.0783 0x12b4 IAStorIcon - ok
20:22:24.0915 0x12b4 [ 60458F5BC459644C1EC1E345E13F69A1, E3B104B4175D46F80AE68A284969AB9BDF30C3885DD7384C3DE82C3B69D2A2B8 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
20:22:26.0156 0x12b4 RtHDVCpl - ok
20:22:26.0267 0x12b4 [ D0D2289B1F2B4697A33179E5E1DFF5B4, BB0362BC2DD76530B1B44201B5BECE1A8866CBD6BE28E3505B4F2402FA7EC52D ] C:\Windows\system32\igfxtray.exe
20:22:26.0355 0x12b4 IgfxTray - ok
20:22:26.0422 0x12b4 [ BE2A9AB3C18AF1A712AAF8E86A5F959D, B22FBB3CD77AD7178F6C8328AC7C614BBC439C056F57168CA9F29AB934E7775F ] C:\Windows\system32\hkcmd.exe
20:22:26.0528 0x12b4 HotKeysCmds - ok
20:22:26.0634 0x12b4 [ 62660ADA5E4C8418E71E7AB1992B3AE4, EBC0AC63211075DEBA09121D900678F1EE55C5972022B10C469992171EDD5028 ] C:\Windows\system32\igfxpers.exe
20:22:27.0295 0x12b4 Persistence - ok
20:22:27.0551 0x12b4 [ 8FD0A2FC099FFEEB3DA0691D1E3F0DA8, 8F84B6AEE123D694139B419E5FD43D7B5FC0100EBB4DEB6ECF3E50011A03E41B ] C:\Program Files\Acer\Android Manager\iSync.exe
20:22:27.0655 0x12b4 iSyncData - ok
20:22:27.0777 0x12b4 [ 10B1EE598E46B57E5F75CDC63333EB77, 3D188808C5147C0872DD6BAD47A5A853A1EEB659EABA76FFBCC2BBAA343A4DA0 ] C:\Program Files\Acer\Android Manager\AML.exe
20:22:27.0869 0x12b4 AndroidManager - ok
20:22:28.0011 0x12b4 [ E7D7CFBB241398E4B6899FE8F7BC3E99, D622994BDB3F48EA1306DC1EEB2EBE41CBFFE73CBCA5BABB1AADD99B187B3F10 ] C:\Program Files\Acer\Updater\iUpdate.exe
20:22:28.0101 0x12b4 iPatchData - ok
20:22:28.0625 0x12b4 [ 78E4A4A955FB995BD41730A9CA99B9FA, DBC23C6666ACDAA352F7EEFCA83F71CAEBE5FD5696DE049FBF869865CDFBEE9E ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
20:22:29.0084 0x12b4 Acer ePower Management - ok
20:22:29.0844 0x12b4 [ 9167841B12F45FA84FD2A52A8A3DBFAB, 6BBB77908BFB4D09F2ACA7E8999DC3D9BB9EFD587972B13D72666BF3FD1B6BB3 ] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
20:22:30.0033 0x12b4 DataCardMonitor - detected UnsignedFile.Multi.Generic ( 1 )
20:22:40.0819 0x12b4 DataCardMonitor ( UnsignedFile.Multi.Generic ) - warning
20:22:47.0807 0x12b4 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
20:22:48.0728 0x12b4 AvastUI.exe - ok
20:22:49.0030 0x12b4 [ 2B282A4050FE3B4B70EF9E3070BBFF78, 019B667781F5CE411AEB569EAA4095FA2B9942E43A6A1DFC6EEBB2DA214131FE ] C:\Program Files\FreePDF_XP\fpassist.exe
20:22:49.0324 0x12b4 FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
20:22:52.0242 0x12b4 Detect skipped due to KSN trusted
20:22:52.0242 0x12b4 FreePDF Assistant - ok
20:22:52.0400 0x12b4 [ 2199723879C9F75A709680E2935C052F, DDD5B5CC86463284D9137372CB8541D1258AC020EA811F1AD3735809F314B086 ] C:\Program Files\PDF24\pdf24.exe
20:22:52.0521 0x12b4 PDFPrint - ok
20:22:54.0478 0x12b4 [ BE0481F3AC3BCA5479ACE97586922FEA, E1C30AA1277CB7013B429B3767A5951BEFA46457F145A34AD3564BDA57442439 ] C:\Program Files\Connectify\Connectify.exe
20:22:55.0088 0x12b4 Connectify Hotspot - ok
20:22:55.0369 0x12b4 [ D1B2FADBF98C2B7A53893B939802004B, 0E4B97F24C4204B2905AE5AF489C0144CD6997330135C48C487EE27CD395452E ] C:\Program Files\iTunes\iTunesHelper.exe
20:22:55.0446 0x12b4 iTunesHelper - ok
20:22:55.0798 0x12b4 [ F655E4A1AED366E96E5D5AA397E0F255, F8573CCA72FA25079B8CE2FC5D30379487E2905B109C73C741FAB31589FA49E1 ] C:\Program Files\QuickTime\QTTask.exe
20:22:55.0972 0x12b4 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
20:22:58.0906 0x12b4 Detect skipped due to KSN trusted
20:22:58.0906 0x12b4 QuickTime Task - ok
20:22:59.0308 0x12b4 [ 699BC4FBA233778551018322D0338D94, 16BB5CFEB4A8A4A6F1C1877C133DE2256EBDAC3B760FE8DCA3F5E818330B5A12 ] C:\Program Files\Syncios\SynciosDeviceService.exe
20:22:59.0577 0x12b4 Syncios device service - detected UnsignedFile.Multi.Generic ( 1 )
20:23:02.0468 0x12b4 Detect skipped due to KSN trusted
20:23:02.0469 0x12b4 Syncios device service - ok
20:23:04.0697 0x12b4 [ FB87766854F1846071BDDFA987A4D5BE, F6B07AA33D200E0D3C95E6EA9E88722AB8110695A57158471764076CEE1DA89F ] C:\Program Files\Trojan Remover\Trjscan.exe
20:23:05.0873 0x12b4 TrojanScanner - ok
20:23:06.0111 0x12b4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:23:06.0408 0x12b4 Sidebar - ok
20:23:06.0453 0x12b4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:23:06.0621 0x12b4 mctadmin - ok
20:23:06.0826 0x12b4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:23:07.0084 0x12b4 Sidebar - ok
20:23:07.0142 0x12b4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:23:07.0264 0x12b4 mctadmin - ok
20:23:07.0400 0x12b4 [ A5F12A4B9CA96B22508D0F75CA5108E1, B8E0EFC66327E3D969D11BFDAA9A2D66DADB08153B3428F3226AD0E0CB6AD723 ] C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
20:23:07.0525 0x12b4 Updater shortcut - ok
20:23:07.0684 0x12b4 [ F341DD6145F779CE5B732BC6BC6A3370, 67CE7E6DD5969C8DE34473E01D60D52FABC740B056287C2E261A36F97993ED0D ] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
20:23:07.0786 0x12b4 iCloudServices - ok
20:23:07.0856 0x12b4 [ 944E77A49DBAF8F6BB473118C116E59E, 0DA67736F1841A270AB24C13BA8FF4021A8950EB58B4985774F4B224B832B0DA ] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
20:23:07.0924 0x12b4 ApplePhotoStreams - ok
20:23:08.0130 0x12b4 [ 33FDCA8C293E0EFE3A280DD645E64D42, 86ED26D2CE374AF6F555A6BE2FD199DF2DA33878B2E3C417E47B1712975F6D06 ] C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\idioma\idioma Connect.appref-ms
20:23:09.0540 0x12b4 idiomaConnect - detected UnsignedFile.Multi.Generic ( 1 )
20:23:14.0245 0x12b4 idiomaConnect ( UnsignedFile.Multi.Generic ) - warning
20:23:17.0377 0x12b4 [ 4016CE43255F0BE4FBE4A54F4500B021, 125A4BA4F0EF844F8320829ECED5D5CB1503A066E0D1A9D17702220F4C32F1E3 ] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
20:23:17.0433 0x12b4 iCloudDrive - ok
20:23:17.0988 0x12b4 [ D9629C040E1C4CBE6D4AB608447D59DD, 7E5DA845A4B508F40A7FBBDADED7D837A501B6EA5C8DD358F6B6A22468752C30 ] C:\Users\Susanne\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe
20:23:18.0402 0x12b4 OXUpdater - ok
20:23:19.0607 0x12b4 [ 1F014EA12ECB13C909DA9395E9CD3D18, FA4E7090E3778A954AB82B304B9E3711F35E30E5DE7B9020F4E820B6E3B1CF85 ] C:\Program Files\CCleaner\CCleaner.exe
20:23:20.0472 0x12b4 CCleaner Monitoring - ok
20:23:20.0515 0x12b4 CrashService - ok
20:23:20.0524 0x12b4 Waiting for KSN requests completion. In queue: 3
20:23:21.0524 0x12b4 Waiting for KSN requests completion. In queue: 3
20:23:22.0524 0x12b4 Waiting for KSN requests completion. In queue: 3
20:23:23.0688 0x12b4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
20:23:23.0719 0x12b4 FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x40010 ( disabled )
20:23:23.0733 0x12b4 Win FW state via NFP2: enabled ( trusted )
20:23:26.0675 0x12b4 ============================================================
20:23:26.0675 0x12b4 Scan finished
20:23:26.0675 0x12b4 ============================================================
20:23:26.0800 0x1404 Detected object count: 2
20:23:26.0800 0x1404 Actual detected object count: 2
20:25:01.0258 0x1404 DataCardMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:01.0258 0x1404 DataCardMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:01.0266 0x1404 idiomaConnect ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:01.0266 0x1404 idiomaConnect ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von susanne.la (28.11.2015 um 20:33 Uhr) |
|
28.11.2015, 20:29
| #4 |
| | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Das ist FRST FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:28-11-2015 durchgeführt von Susanne (Administrator) auf SUSANNE-NETBOOK (28-11-2015 20:03:32) Gestartet von C:\Users\Susanne\Desktop Geladene Profile: Susanne (Verfügbare Profile: Susanne) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Connectify) C:\Program Files\Connectify\ConnectifyService.exe (Connectify) C:\Program Files\Connectify\Connectifyd.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Oceanis) C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe (Open-Xchange) C:\Users\Susanne\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-08-03] (Realtek Semiconductor) HKLM\...\Run: [iSyncData] => C:\Program Files\Acer\Android Manager\iSync.exe [407416 2010-01-08] (Insyde Software Corp.) HKLM\...\Run: [AndroidManager] => C:\Program Files\Acer\Android Manager\AML.exe [508280 2010-01-08] () HKLM\...\Run: [iPatchData] => C:\Program Files\Acer\Updater\iUpdate.exe [492096 2010-07-21] (Insyde Software Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-06-11] (Acer Incorporated) HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe [253952 2014-08-29] (Huawei Technologies Co., Ltd.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [4188408 2015-07-21] (Connectify) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM\...\Run: [Syncios device service] => C:\Program Files\Syncios\SynciosDeviceService.exe [861184 2015-08-04] () HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [3721744 2015-11-28] (Simply Super Software) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [Updater shortcut] => C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe [857544 2008-06-19] () HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [idiomaConnect] => C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\idioma\idioma Connect.appref-ms HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [OXUpdater] => C:\Users\Susanne\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe [2483168 2014-10-17] (Open-Xchange) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [CrashService] => "C:\Users\Susanne\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: {6b94d33a-4e27-11e4-9f9d-1c7508331d97} - E:\AutoRun.exe HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: {6b94d33d-4e27-11e4-9f9d-1c7508331d97} - E:\AutoRun.exe HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: {94c83e39-2f8b-11e4-a470-1c7508331d97} - E:\autorun.exe HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: {a3b94d7d-2f9b-11e4-af69-0026c7c4f764} - E:\AutoRun.exe HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: {a3b94d85-2f9b-11e4-af69-0026c7c4f764} - E:\AutoRun.exe HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: {a3c633dd-2f9d-11e4-8a1b-0026c7c4f764} - E:\LaunchU3.exe -a HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: {b051efa0-55db-11e4-9972-0026c7c4f764} - E:\AutoRun.exe HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\MountPoints2: {f6ddd0fe-2f98-11e4-aeba-0026c7c4f764} - E:\AutoRun.exe HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-10] (Oceanis) <==== ACHTUNG HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GECKO.SCR [1795072 1994-12-30] () HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-01-23] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-06] (Avast Software s.r.o.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2010-09-17] ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0EE3FE4A-6878-4C92-8247-2AA74DA3738A}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3547935472-4146078513-3747807169-1000 -> {E508C46F-43EF-434F-86CF-C65ACB1AEAAF} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-24] (Avast Software s.r.o.) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Windows 7 Starter Helper -> {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} -> C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll [2009-12-09] (Oceanis) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-08-26] (Apple Inc.) FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\searchplugins\google-images.xml [2014-09-18] FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\searchplugins\google-maps.xml [2014-09-18] FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-06] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-09] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\extensions\cliqz@cliqz.com => nicht gefunden FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-07-31] Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24] CHR HKLM\...\Chrome\Extension: [olghjjajidfdflkafeekiojnfmiolccp] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.) R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-07-21] (Connectify) [Datei ist nicht signiert] R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-11] (Acer Incorporated) R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-06] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-06] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-06] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-06] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-06] () R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2015-05-13] (Connectify) S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-17] (ENE Technology Inc.) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-28] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-28 20:07 - 2015-11-28 20:08 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Susanne\Downloads\tdsskiller.exe 2015-11-28 20:07 - 2015-11-28 20:07 - 00000000 _____ C:\Users\Susanne\Desktop\tdsskiller.exe 2015-11-28 20:03 - 2015-11-28 20:06 - 00017418 _____ C:\Users\Susanne\Desktop\FRST.txt 2015-11-28 20:03 - 2015-11-28 20:03 - 00380416 _____ C:\Users\Susanne\Desktop\Gmer-19357.exe 2015-11-28 20:02 - 2015-11-28 20:03 - 00000000 ____D C:\FRST 2015-11-28 20:00 - 2015-11-28 20:01 - 01720320 _____ (Farbar) C:\Users\Susanne\Desktop\FRST.exe 2015-11-28 19:59 - 2015-11-28 19:59 - 00000000 _____ C:\Users\Susanne\defogger_reenable 2015-11-28 19:57 - 2015-11-28 19:57 - 00050477 _____ C:\Users\Susanne\Desktop\Defogger.exe 2015-11-28 17:38 - 2015-11-28 17:39 - 00285400 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-28 17:38 - 2015-11-28 17:39 - 00145400 _____ C:\Windows\Minidump\112815-46722-01.dmp 2015-11-28 17:38 - 2015-11-28 17:38 - 219435003 _____ C:\Windows\MEMORY.DMP 2015-11-28 16:50 - 2015-11-28 17:36 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.Z.ZZZZZ.ZZ 2015-11-28 14:15 - 2015-11-28 14:15 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Simply Super Software 2015-11-28 13:46 - 2015-11-28 13:47 - 02042328 _____ (iS3, Inc.) C:\Users\Susanne\Downloads\STOPzillaPRO_Downloader.exe 2015-11-28 13:41 - 2015-11-28 13:41 - 03662448 _____ C:\Users\Susanne\Downloads\Malwarebytes_Anti-Malware_2_2_0.exe 2015-11-28 13:00 - 2015-11-28 13:00 - 00000000 ____D C:\Users\Susanne\Documents\Simply Super Software 2015-11-28 12:59 - 2015-11-28 14:23 - 00000000 ____D C:\ProgramData\TEMP 2015-11-28 12:52 - 2015-11-28 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-11-28 12:51 - 2015-11-28 14:21 - 00000000 ____D C:\Program Files\Trojan Remover 2015-11-28 12:51 - 2015-11-28 12:51 - 00000000 ____D C:\ProgramData\Simply Super Software 2015-11-28 12:43 - 2015-11-28 12:45 - 23852776 _____ (Simply Super Software ) C:\Users\Susanne\Downloads\trjsetup_6.9.3.exe 2015-11-27 15:11 - 2015-11-28 19:24 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-27 15:04 - 2015-11-27 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-27 15:03 - 2015-11-27 15:04 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-11-27 15:03 - 2015-11-27 15:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-27 15:03 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-27 15:03 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-27 15:03 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-27 15:01 - 2015-11-27 15:02 - 22908888 _____ (Malwarebytes ) C:\Users\Susanne\Downloads\mbam-setup-2.2.0.1024(1).exe 2015-11-27 11:14 - 2015-11-27 11:24 - 22908888 _____ (Malwarebytes ) C:\Users\Susanne\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-26 20:53 - 2015-11-26 20:53 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Free Ringtone Studio 2015-11-26 20:51 - 2015-11-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor 2015-11-26 20:50 - 2015-11-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Ringtone Studio 2015-11-26 20:50 - 2015-11-26 21:05 - 00000000 ____D C:\Program Files\Free Ringtone Studio 2015-11-26 20:20 - 2015-11-26 20:24 - 09232152 _____ (ManiacTools.com ) C:\Users\Susanne\Downloads\ringtone-studio.exe 2015-11-26 20:20 - 2015-11-26 20:24 - 09232152 _____ (ManiacTools.com ) C:\Users\Susanne\Downloads\ringtone-studio(1).exe 2015-11-24 18:21 - 2015-11-24 18:21 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Susanne\Downloads\SpyHunter-installer(1).exe 2015-11-24 18:19 - 2015-11-24 18:20 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Susanne\Downloads\SpyHunter-Installer.exe 2015-11-23 23:41 - 2015-11-23 23:41 - 00011652 _____ C:\Users\Susanne\Documents\cc_20151123_234107.reg 2015-11-23 14:18 - 2015-11-23 14:18 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172(1).zip 2015-11-23 14:17 - 2015-11-23 14:18 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172(2).zip 2015-11-22 21:57 - 2015-11-22 21:57 - 00083197 _____ C:\Users\Susanne\Downloads\anfahrtsplan_2010_dt.pdf 2015-11-22 21:44 - 2015-11-22 21:45 - 00244740 _____ C:\Users\Susanne\Downloads\Infoblatt_3D-bavarikon 1.0 bavFormat.pdf 2015-11-22 17:56 - 2015-11-22 17:56 - 00000862 _____ C:\Users\Susanne\AppData\Local\recently-used.xbel 2015-11-22 13:27 - 2015-11-22 13:27 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172.zip 2015-11-22 13:27 - 2015-11-22 13:27 - 00239740 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010457880.zip 2015-11-21 01:41 - 2015-11-21 01:42 - 09959187 _____ C:\Users\Susanne\Downloads\Catalog_LB_SS15.pdf 2015-11-20 12:11 - 2015-11-20 12:11 - 00461454 _____ C:\Users\Susanne\Downloads\20131021_Intern_S_M_UK_01.pdf 2015-11-20 10:28 - 2015-11-20 10:29 - 00258136 _____ C:\Users\Susanne\Downloads\bavarikon_3D_Merkblatt_Version_1.1(1).pdf 2015-11-20 02:02 - 2015-11-20 02:02 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\shortCutStore 2015-11-19 15:40 - 2015-11-19 15:40 - 00158169 _____ C:\Users\Susanne\Downloads\lit509.pdf 2015-11-19 15:28 - 2015-11-19 15:28 - 00258136 _____ C:\Users\Susanne\Downloads\bavarikon_3D_Merkblatt_Version_1.1.pdf 2015-11-19 10:51 - 2015-11-19 10:51 - 00024122 _____ C:\Users\Susanne\Downloads\Ausschr_ForschungsstelleKaiserpfalzIngelheim.pdf 2015-11-19 01:02 - 2015-11-19 01:03 - 00005544 _____ C:\Users\Susanne\Documents\cc_20151119_010247.reg 2015-11-18 22:59 - 2015-11-18 22:59 - 01224649 _____ C:\Users\Susanne\Downloads\Ich(1).zip 2015-11-16 13:43 - 2015-11-16 13:43 - 00186875 _____ C:\Users\Susanne\Downloads\E-POSTZAHLU__NG-AGB.pdf 2015-11-16 12:40 - 2015-11-16 12:41 - 00000000 ____D C:\Users\Susanne\Documents\Büro 2015-11-14 15:29 - 2015-11-14 15:30 - 00055153 _____ C:\Users\Susanne\Downloads\ausschreibung_151130_ilmenau_de.pdf 2015-11-13 17:02 - 2015-11-13 17:02 - 00039827 _____ C:\Users\Susanne\Downloads\15188-fachangesteller-medien-informationsdienste-bibliothek.pdf 2015-11-13 14:30 - 2015-11-13 14:34 - 66199552 _____ C:\Users\Susanne\Downloads\calibre-2.44.0.msi 2015-11-13 14:06 - 2015-11-13 14:06 - 00028112 _____ C:\Users\Susanne\Documents\Aries Horoscope for November 2015.odt 2015-11-13 12:35 - 2015-11-13 12:35 - 18832886 _____ C:\Users\Susanne\Downloads\BAX III - WELTGERICHT - LESEPROBE FARBE.pdf 2015-11-12 20:26 - 2015-11-12 20:27 - 03432758 _____ C:\Users\Susanne\Downloads\Wolford+Unternehmensprofil.pdf 2015-11-10 22:02 - 2015-11-10 22:02 - 00014628 _____ C:\Users\Susanne\Downloads\MGBl_Verzeichnis_1961ff.pdf 2015-11-10 17:43 - 2015-11-10 17:43 - 00000000 ____D C:\Users\Susanne\Documents\Syncios 2015-11-10 17:42 - 2015-11-10 19:11 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Syncios 2015-11-10 17:42 - 2015-11-10 17:42 - 00000000 ____D C:\Users\Susanne\AppData\Local\CrashRpt 2015-11-10 17:40 - 2015-11-24 18:17 - 00000000 ____D C:\Program Files\Syncios 2015-11-10 17:34 - 2015-11-10 17:37 - 43101288 _____ (Anvsoft, Inc. ) C:\Users\Susanne\Downloads\setup_syncios.exe 2015-11-10 16:18 - 2015-11-10 16:18 - 01917189 _____ C:\Users\Susanne\Downloads\GoT-Ringtone-iPhone-Ring.zip 2015-11-10 14:58 - 2015-11-10 14:58 - 00923654 _____ C:\Users\Susanne\Downloads\kulturstellensites.pdf 2015-11-10 14:56 - 2015-11-10 14:56 - 00071782 _____ C:\Users\Susanne\Downloads\t1.pdf 2015-11-07 22:04 - 2015-11-07 22:04 - 00277540 _____ C:\Users\Susanne\Downloads\2015 Nov-Vortrag Hausdorf(1).pdf 2015-11-07 15:24 - 2015-11-22 21:51 - 00000000 ___RD C:\Users\Susanne\Documents\November 2015-11-07 14:48 - 2015-11-07 14:48 - 00156423 _____ C:\Users\Susanne\Downloads\gnm_2_museumszeitung_ausgabe_41.pdf 2015-11-03 21:42 - 2015-11-03 21:42 - 00026024 _____ C:\Users\Susanne\Documents\cc_20151103_214200.reg 2015-11-03 10:02 - 2015-11-27 18:52 - 00000000 ____D C:\Program Files\Iminent 2015-11-02 16:03 - 2015-11-02 16:26 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Bitcoin 2015-11-02 16:00 - 2015-11-02 16:01 - 12585656 _____ (Bitcoin Core project) C:\Users\Susanne\Downloads\bitcoin-0.11.1-win32-setup.exe 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Program Files\WinRAR 2015-11-02 11:56 - 2015-11-02 11:56 - 01766784 _____ C:\Users\Susanne\Downloads\wrar500.exe 2015-11-02 10:09 - 2015-11-02 10:09 - 00000400 _____ C:\Users\Susanne\Downloads\g4d72e01o2138z8.ccf 2015-11-01 22:11 - 2015-11-01 22:11 - 00047959 _____ C:\Users\Susanne\Downloads\SBB-GD-5-2015(1).pdf 2015-11-01 20:00 - 2015-11-01 20:00 - 00023013 _____ C:\Users\Susanne\Downloads\Stellenbeschreibung - MI, Verwaltungssekretariat, 100%.pdf 2015-11-01 19:53 - 2015-11-01 19:53 - 00873573 _____ C:\Users\Susanne\Downloads\Flyer Ausbildung Verwaltungsfachangestellte - 2015.pdf 2015-10-30 20:42 - 2015-10-30 20:44 - 00000000 ____D C:\Users\Susanne\Documents\Kindle 2015-10-30 18:36 - 2015-10-30 18:36 - 02186398 _____ C:\Users\Susanne\Downloads\Blood on Snow. Der Auftrag(1).epub ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-28 20:03 - 2007-07-12 02:48 - 00000000 ____D C:\Windows 2015-11-28 19:59 - 2014-08-29 15:53 - 00000000 ____D C:\Users\Susanne 2015-11-28 19:50 - 2014-08-30 18:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-28 18:50 - 2015-07-08 08:04 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\FileAdvisor 2015-11-28 18:44 - 2009-07-14 05:34 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-28 18:44 - 2009-07-14 05:34 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-28 17:44 - 2014-10-26 11:16 - 00000000 ____D C:\Users\Susanne\AppData\Local\Deployment 2015-11-28 17:43 - 2015-01-24 07:49 - 00000000 ___RD C:\Users\Susanne\iCloudDrive 2015-11-28 17:43 - 2014-08-29 18:05 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\HCM Updater 2015-11-28 17:42 - 2014-10-08 12:20 - 00000000 ____D C:\Users\Susanne\AppData\Local\FreePDF_XP 2015-11-28 17:39 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-28 17:38 - 2015-08-15 15:12 - 00000000 ____D C:\Windows\Minidump 2015-11-28 17:37 - 2015-05-10 17:21 - 00000515 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-11-28 14:30 - 2015-07-15 12:05 - 00000000 ____D C:\Users\Susanne\Documents\Bücher und Texte 2015-11-28 12:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat 2015-11-27 14:41 - 2015-06-15 13:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-26 21:05 - 2015-07-07 19:16 - 00000000 ____D C:\Program Files\File Type Advisor 2015-11-26 20:54 - 2015-07-07 19:17 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\AdvertismentImages 2015-11-24 14:51 - 2014-08-29 04:55 - 00700118 _____ C:\Windows\system32\perfh007.dat 2015-11-24 14:51 - 2014-08-29 04:55 - 00149968 _____ C:\Windows\system32\perfc007.dat 2015-11-24 14:51 - 2010-09-17 07:37 - 01622164 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-24 14:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2015-11-22 23:16 - 2015-02-26 13:06 - 00000000 ___RD C:\Users\Susanne\Documents\aktuell 2015-11-22 18:02 - 2014-10-26 22:01 - 00000000 ____D C:\Users\Susanne\.gimp-2.8 2015-11-22 17:46 - 2014-10-27 09:57 - 00000000 ____D C:\Users\Susanne\AppData\Local\gtk-2.0 2015-11-20 02:02 - 2014-08-29 18:27 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-20 02:02 - 2014-08-29 15:57 - 00001174 _____ C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-11-19 23:52 - 2014-08-29 20:03 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\SoftGrid Client 2015-11-19 11:42 - 2015-07-28 09:56 - 00000000 ___SD C:\Users\Susanne\AppData\LocalLow\Temp 2015-11-18 22:31 - 2014-09-01 10:27 - 00000000 ____D C:\Users\Susanne\Documents\Sonstiges 2015-11-13 17:47 - 2014-09-08 13:17 - 00000000 ____D C:\Users\Susanne\Documents\Calibre-Bibliothek 2015-11-11 15:25 - 2014-09-02 18:15 - 00000000 ____D C:\Users\Susanne\Documents\Audible 2015-11-11 14:34 - 2014-08-30 12:20 - 00000000 ____D C:\Users\Susanne\AppData\Local\Audible 2015-11-10 21:50 - 2014-08-30 18:37 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-11-10 21:50 - 2014-08-30 18:37 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-10-30 18:35 - 2015-08-23 08:26 - 00000000 ____D C:\Users\Susanne\Documents\My Digital Editions ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-11-22 17:56 - 2015-11-22 17:56 - 0000862 _____ () C:\Users\Susanne\AppData\Local\recently-used.xbel 2010-09-17 08:19 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Einige Dateien in TEMP: ==================== C:\Users\Susanne\AppData\Local\Temp\kmrlwtkj.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-20 19:30 ==================== Ende vom FRST.txt ============================ Das ist Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:28-11-2015
durchgeführt von Susanne (2015-11-28 20:10:22)
Gestartet von C:\Users\Susanne\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2014-08-29 14:52:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3547935472-4146078513-3747807169-500 - Administrator - Disabled)
Gast (S-1-5-21-3547935472-4146078513-3747807169-501 - Limited - Disabled)
Susanne (S-1-5-21-3547935472-4146078513-3747807169-1000 - Administrator - Enabled) => C:\Users\Susanne
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Crystal Eye webcam (HKLM\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 4.0.2.9 - Liteon)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0624.2010 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
AndroidInstaller (Version: 1.00.022 - Ihr Firmenname) Hidden
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2010264890.48.56.25169266 - Audible, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
calibre (HKLM\...\{4ED40090-5A38-415F-B222-26DD6D3C1AEF}) (Version: 2.2.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.1.0.35473 - Connectify)
ENE USB Card Reader Driver (HKLM\...\3B29FD3CCF1F5B855DA0C521597413EBABE97DFB) (Version: 5.89.0.70 - ENE)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
File Type Advisor 1.6 (HKLM\...\File Type Advisor_is1) (Version: - )
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Ringtone Studio 9.0 (HKLM\...\Free Ringtone Studio_is1) (Version: - ManiacTools.com)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
idioma Connect (HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\5b7825971d9c1087) (Version: 1.0.0.39 - idioma)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iQube 4.2.14 (HKLM\...\{30F40BE4-A45D-4933-A692-504966A0A8F9}_is1) (Version: 4.2.14 - )
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Launch Manager (HKLM\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Oceanis Change Background Windows 7 (HKLM\...\Oceanis Change Background Windows 7_is1) (Version: 1.0 - Oceanis)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Open-Xchange Updater (HKLM\...\{D00487C5-A3A1-4637-B1FE-64E2691560E6}) (Version: 6.18.27 - Open-Xchange Inc.)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Tome 2.2.0 (HKLM\...\{5B33A926-8AA1-4B6A-A489-5333BF9DDA1B}_is1) (Version: 2.2.0 - )
Transcription iSS (HKLM\...\{8AC20255-BE16-4100-9866-FED1D0EC5CAB}) (Version: 2.0.29 - ISS)
Trojan Remover 6.9.3.2940 (HKLM\...\Trojan Remover_is1) (Version: 6.9.3.2940 - Simply Super Software)
web'n'walk Manager (HKLM\...\web'n'walk Manager) (Version: 11.002.07.22.55 - Huawei Technologies Co.,Ltd)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
20-03-2015 15:57:21 Geplanter Prüfpunkt
24-03-2015 08:22:17 avast! antivirus system restore point
22-04-2015 08:39:51 Open-Xchange Updater wird installiert
04-05-2015 16:10:19 Geplanter Prüfpunkt
06-05-2015 18:43:23 avast! antivirus system restore point
08-05-2015 20:06:53 Windows Update
10-05-2015 06:36:09 Gerätetreiber-Paketinstallation: Connectify Netzwerkdienst
12-05-2015 03:59:54 Installed BEETmobile
12-05-2015 04:43:56 Gerätetreiber-Paketinstallation: Khalil Azzouzi Netzwerkdienst
12-05-2015 05:00:51 Removed BEETmobile
12-05-2015 06:44:31 Installed WiFi HotSpot Creator
12-05-2015 08:17:27 Removed Bonjour
12-05-2015 19:57:06 Windows Update
13-05-2015 09:21:58 Installed Bonjour Print Services
13-05-2015 14:58:38 Removed WiFi HotSpot Creator
13-05-2015 15:20:29 Gerätetreiber-Paketinstallation: Connectify Netzwerkdienst
21-05-2015 15:40:51 Geplanter Prüfpunkt
01-06-2015 07:56:00 Geplanter Prüfpunkt
13-06-2015 13:29:19 Installed Windows Media Player Firefox Plugin
24-06-2015 10:35:48 Geplanter Prüfpunkt
02-07-2015 13:01:57 Geplanter Prüfpunkt
14-07-2015 11:09:34 Geplanter Prüfpunkt
21-08-2015 21:11:36 Geplanter Prüfpunkt
30-08-2015 14:14:23 Geplanter Prüfpunkt
19-10-2015 11:59:13 Geplanter Prüfpunkt
05-11-2015 23:40:08 Geplanter Prüfpunkt
13-11-2015 20:44:06 Geplanter Prüfpunkt
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {044BDBE3-50DF-4B00-8D76-5D12C3D7D261} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {061DD729-C0A4-4FCC-AEB8-D66F4546975E} - System32\Tasks\CGN => C:\Program Files\Common Files\ClaraUpdater\ClaraUpdater.exe
Task: {11E70841-C184-43EB-B935-90879C79F504} - System32\Tasks\{1BD18429-EDC1-46ED-BA4E-3BD5C27502CE} => pcalua.exe -a C:\Users\Susanne\AppData\Local\Temp\Temp1_Audio_Realtek_6.0.1.6141_W7x86_A.zip\Audio_Realtek_6.0.1.6141_Win7x86\Setup.exe
Task: {121E38B0-9894-4C8B-94C4-C34A555F21E8} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor)
Task: {13BD6176-6EBE-4A2D-AEF5-6E7153C782D7} - System32\Tasks\{E7C4902C-7A0A-4BD2-90AD-64BEB19AB6FD} => pcalua.exe -a C:\Users\Susanne\Documents\Sonstiges\gecko_installer\Gecko-Installer.exe -d C:\Users\Susanne\Documents\Sonstiges\gecko_installer
Task: {3E3D1279-4897-4005-94AA-FDA3C9709B26} - System32\Tasks\{42BBADB5-A613-4722-ACBE-9A1F9919B708} => pcalua.exe -a C:\Users\Susanne\Pictures\Gecko-Installer.exe -d C:\Users\Susanne\Pictures
Task: {4E74CEB8-E81A-452B-B7DC-B95C5FE89147} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {507E841B-636D-434C-9D0E-A16BBFF21738} - System32\Tasks\Sunrise => C:\Windows\TEMP\CUpdater\s1rc..exe
Task: {55870CAE-F2C9-4C0B-8194-D0A7E8CC236E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7338F5FC-D931-420A-83FF-DD8F52A6D6B9} - \crash_service -> Keine Datei <==== ACHTUNG
Task: {ACF46E51-BBDB-4FBA-9F51-E25BCD3648AF} - System32\Tasks\{5B730130-515B-4652-AF42-3DA4CA5D0DF2} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
Task: {B66DBCF5-FAD2-49C2-892C-237C4DDD7812} - System32\Tasks\{94B5FA6C-D094-4180-8F4D-48F968FA8004} => pcalua.exe -a C:\Users\Susanne\Pictures\gecko_installer\Gecko-Installer.exe -d C:\Users\Susanne\Pictures\gecko_installer
Task: {BDB77AEB-A1C3-4308-B055-3207E76616C4} - System32\Tasks\{6AB294B2-BA41-4C4F-9B5B-A9E89E374491} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {CC801994-86CB-47A3-ABF0-F59810F63736} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {E6A7C751-3DD7-4E31-97BD-97DEFA66B520} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\Susanne\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ACHTUNG
Task: {F4EB71A4-0752-49CE-A2F0-0BB368B1491E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 <==== ACHTUNG
ShortcutWithArgument: C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 <==== ACHTUNG
ShortcutWithArgument: C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 <==== ACHTUNG
ShortcutWithArgument: C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 <==== ACHTUNG
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 <==== ACHTUNG
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-05-06 18:49 - 2015-05-06 18:49 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-06 18:49 - 2015-05-06 18:49 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-28 16:18 - 2015-11-28 16:18 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112800\algo.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:27 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-31 07:57 - 2015-07-21 17:13 - 00715000 _____ () C:\Program Files\Connectify\log4cplus.dll
2014-10-17 09:02 - 2014-10-17 09:02 - 00015416 _____ () C:\Users\Susanne\AppData\Local\Open-Xchange\OXUpdater\OXNet.dll
2015-04-08 20:53 - 2015-04-08 20:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-23 18:19 - 2015-01-23 18:19 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1266bf4bc00412e0e654ff040fff59af\IsdiInterop.ni.dll
2010-09-17 08:04 - 2010-06-08 18:44 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-29 17:47 - 2008-06-19 10:42 - 00857544 _____ () C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe
2014-08-29 17:47 - 2008-06-19 13:15 - 00741376 _____ () C:\Program Files\T-Mobile\web'n'walk Manager\UpgraderGer.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.Z.ZZZZZ.ZZ:1
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{F97692D2-3096-4D66-A91C-5580303F9270}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{517880C9-A4F2-4DED-A056-61AAA0275E7C}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{71BC790B-0D17-4055-B04A-F611B489A015}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{2C470230-58DE-4299-9EA6-983A0C095EE3}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9BEBDBC7-4246-4A6F-BCDB-3004F8DF7484}] => (Allow) svchost.exe
FirewallRules: [{EF504298-9C52-4B30-8DC5-D16AA4C28F0F}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{FD599803-DA53-40AB-98DF-9A3335FCDF7A}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9207A7FD-AEA1-4B41-B244-59E3A69764FC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F216393C-7C37-4FBF-AD91-B2D3418F9786}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0C26A89B-5BC5-4DD2-B202-3841407B0CAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A91047C8-3D39-4371-92D2-C27AEDCBDBC4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DE132D74-A054-496B-9437-40F87C5F1402}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4B60A822-05E2-4359-9A89-2CD7922A6EBA}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{8A25A8FF-15E3-4E6D-9EF1-AF3658074F70}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [{4061AA88-A721-4DBE-B133-21357EE8098E}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [{92ABEECD-18C0-4AD3-9386-BE6E669E551A}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [{F8424B4A-8487-4175-9FF5-38D7FCB2A43F}] => (Allow) C:\Program Files\Connectify\Connectify.exe
FirewallRules: [{DAEF5931-A320-4D3B-AEC1-9AC0A9C77C0C}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{5A38E522-7C1B-4831-8111-83A97EB73352}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{BFAB225A-BF71-429F-98C7-58C6D578807E}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{D394DFB9-2CF3-441A-A93A-336689AE4A2A}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{481C4A1D-E68D-43CD-9F84-FF076801C1DE}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{3F7DF551-CEC5-4DB0-A1B4-F432C541E969}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C3E6820-C814-4B0F-8A72-C06AD3F78971}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C7CD7DAA-7EF0-4EA3-9461-FC3E04019711}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FB7D4095-E6A2-454B-933E-0965930C6152}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: 1.3M WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (11/28/2015 05:45:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (11/28/2015 05:45:46 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:46 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:46 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (11/28/2015 05:45:46 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (5884) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS000A4.log.
Systemfehler:
=============
Error: (11/28/2015 05:46:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/28/2015 05:46:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (11/28/2015 05:45:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/28/2015 05:45:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (11/28/2015 05:42:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (11/28/2015 05:39:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (11/28/2015 05:39:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (11/28/2015 05:39:08 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x00000020, 0x838b5b10, 0x838b5b20, 0x08020007)C:\Windows\MEMORY.DMP112815-46722-01
Error: (11/28/2015 05:38:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.11.2015 um 17:36:54 unerwartet heruntergefahren.
Error: (11/28/2015 00:33:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Prozentuale Nutzung des RAM: 94%
Installierter physikalischer RAM: 1013.09 MB
Verfügbarer physikalischer RAM: 51.12 MB
Summe virtueller Speicher: 2693.09 MB
Verfügbarer virtueller Speicher: 358.02 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:215.79 GB) (Free:96.25 GB) NTFS
Drive d: () (Fixed) (Total:4 GB) (Free:2.66 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 496895C4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=0C)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=215.8 GB) - (Type=OF Extended)
==================== Ende vom Addition.txt ============================
|
|
29.11.2015, 13:01
| #5 |
| /// TB-Ausbilder | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Servus, Scan mit Combofix
|
|
29.11.2015, 18:06
| #6 |
| | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Hallo Matthias, vielen Dank! Momentan habe ich das Gefühl, dass das Problem immer schlimmer wird. ich muss bei welcher Aktion auch immer minutenlang warten dass sich etwas tut. Hier ist die Combofix-Logdatei: Code:
ATTFilter Combofix Logfile: Verändert Combofix Programme oder Einstellungen? |
|
29.11.2015, 21:39
| #7 |
| /// TB-Ausbilder | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Servus, ComboFix stellt einige Einstellungen auf Standard zurück. Wir machen mal so weiter bitte: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
30.11.2015, 11:39
| #8 |
| | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Hallo und vielen Dank! Also hier ist die Logdatei von ADWCleaner ( es gibt mehrere, ich habe jetzt mal alle geschickt): AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.022 - Bericht erstellt am 29/11/2015 um 22:37:12
# Aktualisiert am 22/11/2015 von Xplode
# Datenbank : 2015-11-29.2 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Susanne - SUSANNE-NETBOOK
# Gestartet von : C:\Users\Susanne\Desktop\AdwCleaner_5.022.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files\Iminent
[-] Ordner Gelöscht : C:\Users\Susanne\AppData\Local\364EE69C-1431417470-9CB1-2111-1C7508331D97
[-] Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\AdvertismentImages
[-] Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\shortCutStore
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Verknüpfung Desinfiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Aufgabenplanung ] *****
[-] Aufgabenplanung Gelöscht : CGN
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\jg.exe
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Appscion
[-] Schlüssel Gelöscht : HKCU\Software\Chromatic
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SAKURA
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\NetTcpHandler
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\NtSvcHandler
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
***** [ Internetbrowser ] *****
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.LayoutId", "1");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"office.mailbox.org\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"14[...]
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.cifs", "0");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.best-deals-products.com/ws/sf_main.jsp\",\[...]
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1446545675662");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "9.38.3.2");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"9.38.3.2\",\"InstallEventCTime\":1446579881177}");
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4382 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 12/05/2015 um 10:43:26
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Susanne - SUSANNE-NETBOOK
# Gestarted von : C:\Users\Susanne\Downloads\adwcleaner_4.203(1).exe
# Option : Suchlauf
***** [ Dienste ] *****
Dienst Gefunden : IHProtect Service
Dienst Gefunden : WindowsMangerProtect
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
Datei Gefunden : C:\Users\Susanne\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\user.js
Ordner Gefunden : C:\Program Files\XTab
Ordner Gefunden : C:\ProgramData\IHProtectUpDate
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\Susanne\AppData\Roaming\ASPackage
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86GTX
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\HomeTab
Schlüssel Gefunden : HKCU\Software\Linkey
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\SearchProtectWS
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : HKCU\Software\TNT2
Schlüssel Gefunden : HKCU\Software\WajIntEnhance
Schlüssel Gefunden : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gefunden : HKLM\SOFTWARE\IHProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Schlüssel Gefunden : HKLM\SOFTWARE\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\SpeedBit
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7601.17514
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86GTX&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86GTX&q={searchTerms}
-\\ Mozilla Firefox v37.0.2 (x86 de)
[dm1go5xs.default] - Zeile Gefunden : user_pref("browser.search.searchengine.alias", "istartsurf");
[dm1go5xs.default] - Zeile Gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[dm1go5xs.default] - Zeile Gefunden : user_pref("browser.search.searchengine.name", "istartsurf");
[dm1go5xs.default] - Zeile Gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86G[...]
*************************
AdwCleaner[R0].txt - [5138 Bytes] - [12/05/2015 10:43:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5197 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 12/05/2015 um 10:55:46
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Susanne - SUSANNE-NETBOOK
# Gestarted von : C:\Users\Susanne\Downloads\adwcleaner_4.203(1).exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : IHProtect Service
[#] Dienst Gelöscht : WindowsMangerProtect
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files\XTab
[!] Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\ASPackage
Datei Gelöscht : C:\Users\Susanne\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7601.17514
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v37.0.2 (x86 de)
[dm1go5xs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[dm1go5xs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[dm1go5xs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[dm1go5xs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86G[...]
*************************
AdwCleaner[R0].txt - [5276 Bytes] - [12/05/2015 10:43:26]
AdwCleaner[S0].txt - [4706 Bytes] - [12/05/2015 10:55:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4765 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.022 - Bericht erstellt am 29/11/2015 um 22:26:02
# Aktualisiert am 22/11/2015 von Xplode
# Datenbank : 2015-11-29.2 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Susanne - SUSANNE-NETBOOK
# Gestartet von : C:\Users\Susanne\Desktop\AdwCleaner_5.022.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
Ordner Gefunden : C:\Program Files\Iminent
Ordner Gefunden : C:\Users\Susanne\AppData\Local\364EE69C-1431417470-9CB1-2111-1C7508331D97
Ordner Gefunden : C:\Users\Susanne\AppData\Roaming\AdvertismentImages
Ordner Gefunden : C:\Users\Susanne\AppData\Roaming\shortCutStore
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
Verknüpfung Infiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
Verknüpfung Infiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
Verknüpfung Infiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
Verknüpfung Infiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
***** [ Aufgabenplanung ] *****
Aufgabenplanung Gefunden : CGN
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\jg.exe
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Appscion
Schlüssel Gefunden : HKCU\Software\Chromatic
Schlüssel Gefunden : HKLM\SOFTWARE\Clara
Schlüssel Gefunden : HKLM\SOFTWARE\SAKURA
Schlüssel Gefunden : HKLM\SOFTWARE\NetTcpHandler
Schlüssel Gefunden : HKLM\SOFTWARE\NtSvcHandler
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
***** [ Internetbrowser ] *****
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.LayoutId", "1");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.adapters", "{\"office.mailbox.org\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"14[...]
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.cifs", "0");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.best-deals-products.com/ws/sf_main.jsp\",\[...]
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.registerToolbarEvent102", "1446545675662");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.version", "9.38.3.2");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.versioning", "{\"CurrentVersion\":\"9.38.3.2\",\"InstallEventCTime\":1446579881177}");
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4438 Bytes] ##########
Code:
ATTFilter C:\Program Files\Iminent\inst\Bootstrapper\IminentUninstall.exe->C:\AdwCleaner\Quarantine\C\Program Files\Iminent\inst\Bootstrapper\IminentUninstall.exe.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\13.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\13.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\15.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\15.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\19.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\19.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\22.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\22.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\25.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\25.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\27.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\27.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\30.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\30.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\33.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\33.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\6.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\6.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\close.bmp->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\close.bmp.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\html\366CC9B.html->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\html\366CC9B.html.vir
C:\Users\Susanne\AppData\Roaming\shortCutStore\Internet Explore.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\shortCutStore\Internet Explore.lnk.vir
C:\Users\Susanne\AppData\Roaming\shortCutStore\Mozilla Firefox.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\shortCutStore\Mozilla Firefox.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk.vir
C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.vir
C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk.vir
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk.vir
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk.vir
Also hier ist die Logdatei von ADWCleaner ( es gibt mehrere, ich habe jetzt mal alle geschickt): AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.022 - Bericht erstellt am 29/11/2015 um 22:37:12
# Aktualisiert am 22/11/2015 von Xplode
# Datenbank : 2015-11-29.2 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Susanne - SUSANNE-NETBOOK
# Gestartet von : C:\Users\Susanne\Desktop\AdwCleaner_5.022.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\Program Files\Iminent
[-] Ordner Gelöscht : C:\Users\Susanne\AppData\Local\364EE69C-1431417470-9CB1-2111-1C7508331D97
[-] Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\AdvertismentImages
[-] Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\shortCutStore
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Verknüpfung Desinfiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Aufgabenplanung ] *****
[-] Aufgabenplanung Gelöscht : CGN
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\jg.exe
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\Appscion
[-] Schlüssel Gelöscht : HKCU\Software\Chromatic
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SAKURA
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\NetTcpHandler
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\NtSvcHandler
[-] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
***** [ Internetbrowser ] *****
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.LayoutId", "1");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.adapters", "{\"office.mailbox.org\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"14[...]
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.cifs", "0");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.best-deals-products.com/ws/sf_main.jsp\",\[...]
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.registerToolbarEvent102", "1446545675662");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.version", "9.38.3.2");
[-] [C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"9.38.3.2\",\"InstallEventCTime\":1446579881177}");
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4382 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 12/05/2015 um 10:43:26
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Susanne - SUSANNE-NETBOOK
# Gestarted von : C:\Users\Susanne\Downloads\adwcleaner_4.203(1).exe
# Option : Suchlauf
***** [ Dienste ] *****
Dienst Gefunden : IHProtect Service
Dienst Gefunden : WindowsMangerProtect
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
Datei Gefunden : C:\Users\Susanne\AppData\Local\Temp\Uninstall.exe
Datei Gefunden : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\user.js
Ordner Gefunden : C:\Program Files\XTab
Ordner Gefunden : C:\ProgramData\IHProtectUpDate
Ordner Gefunden : C:\ProgramData\WindowsMangerProtect
Ordner Gefunden : C:\Users\Susanne\AppData\Roaming\ASPackage
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86GTX
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\HomeTab
Schlüssel Gefunden : HKCU\Software\Linkey
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\SearchProtectWS
Schlüssel Gefunden : HKCU\Software\simplytech
Schlüssel Gefunden : HKCU\Software\TNT2
Schlüssel Gefunden : HKCU\Software\WajIntEnhance
Schlüssel Gefunden : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gefunden : HKLM\SOFTWARE\IHProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Schlüssel Gefunden : HKLM\SOFTWARE\SearchProtect
Schlüssel Gefunden : HKLM\SOFTWARE\SpeedBit
Schlüssel Gefunden : HKLM\SOFTWARE\SupDp
Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gefunden : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7601.17514
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86GTX&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86GTX&q={searchTerms}
-\\ Mozilla Firefox v37.0.2 (x86 de)
[dm1go5xs.default] - Zeile Gefunden : user_pref("browser.search.searchengine.alias", "istartsurf");
[dm1go5xs.default] - Zeile Gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[dm1go5xs.default] - Zeile Gefunden : user_pref("browser.search.searchengine.name", "istartsurf");
[dm1go5xs.default] - Zeile Gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86G[...]
*************************
AdwCleaner[R0].txt - [5138 Bytes] - [12/05/2015 10:43:26]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5197 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 12/05/2015 um 10:55:46
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Susanne - SUSANNE-NETBOOK
# Gestarted von : C:\Users\Susanne\Downloads\adwcleaner_4.203(1).exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : IHProtect Service
[#] Dienst Gelöscht : WindowsMangerProtect
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\IHProtectUpDate
Ordner Gelöscht : C:\Program Files\XTab
[!] Ordner Gelöscht : C:\Users\Susanne\AppData\Roaming\ASPackage
Datei Gelöscht : C:\Users\Susanne\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\HomeTab
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\TNT2
Schlüssel Gelöscht : HKCU\Software\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\SearchProtectWS
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\istartsurfSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKLM\SOFTWARE\AIM Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\FFPluginHp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7601.17514
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v37.0.2 (x86 de)
[dm1go5xs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[dm1go5xs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[dm1go5xs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[dm1go5xs.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1431409450&z=64841151850d234099bd4e1g1z2ccgdzce0t5z2z1q&from=smt&uid=HitachiXHTS545025B9A300_101017PBN204CSDH86G[...]
*************************
AdwCleaner[R0].txt - [5276 Bytes] - [12/05/2015 10:43:26]
AdwCleaner[S0].txt - [4706 Bytes] - [12/05/2015 10:55:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4765 Bytes] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.022 - Bericht erstellt am 29/11/2015 um 22:26:02
# Aktualisiert am 22/11/2015 von Xplode
# Datenbank : 2015-11-29.2 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Susanne - SUSANNE-NETBOOK
# Gestartet von : C:\Users\Susanne\Desktop\AdwCleaner_5.022.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
Ordner Gefunden : C:\Program Files\Iminent
Ordner Gefunden : C:\Users\Susanne\AppData\Local\364EE69C-1431417470-9CB1-2111-1C7508331D97
Ordner Gefunden : C:\Users\Susanne\AppData\Roaming\AdvertismentImages
Ordner Gefunden : C:\Users\Susanne\AppData\Roaming\shortCutStore
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Infiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
Verknüpfung Infiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
Verknüpfung Infiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
Verknüpfung Infiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
Verknüpfung Infiziert : C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( www.tohotweb.com?oem=sunadusv4&uid=101017PBN204CSDH86GT_HTS545025B9A&tm=1447981347 )
***** [ Aufgabenplanung ] *****
Aufgabenplanung Gefunden : CGN
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\NetTcpHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\jg.exe
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Appscion
Schlüssel Gefunden : HKCU\Software\Chromatic
Schlüssel Gefunden : HKLM\SOFTWARE\Clara
Schlüssel Gefunden : HKLM\SOFTWARE\SAKURA
Schlüssel Gefunden : HKLM\SOFTWARE\NetTcpHandler
Schlüssel Gefunden : HKLM\SOFTWARE\NtSvcHandler
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
***** [ Internetbrowser ] *****
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.LayoutId", "1");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.adapters", "{\"office.mailbox.org\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"expireTime\":\"14[...]
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.cifs", "0");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.best-deals-products.com/ws/sf_main.jsp\",\[...]
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.registerToolbarEvent102", "1446545675662");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.version", "9.38.3.2");
[C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js] [Preference] Gefunden : user_pref("iminent.versioning", "{\"CurrentVersion\":\"9.38.3.2\",\"InstallEventCTime\":1446579881177}");
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4438 Bytes] ##########
Code:
ATTFilter C:\Program Files\Iminent\inst\Bootstrapper\IminentUninstall.exe->C:\AdwCleaner\Quarantine\C\Program Files\Iminent\inst\Bootstrapper\IminentUninstall.exe.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\13.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\13.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\15.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\15.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\19.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\19.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\22.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\22.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\25.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\25.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\27.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\27.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\30.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\30.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\33.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\33.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\6.gif->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\6.gif.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\close.bmp->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\close.bmp.vir
C:\Users\Susanne\AppData\Roaming\AdvertismentImages\html\366CC9B.html->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\AdvertismentImages\html\366CC9B.html.vir
C:\Users\Susanne\AppData\Roaming\shortCutStore\Internet Explore.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\shortCutStore\Internet Explore.lnk.vir
C:\Users\Susanne\AppData\Roaming\shortCutStore\Mozilla Firefox.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\shortCutStore\Mozilla Firefox.lnk.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk.vir
C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.vir
C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk.vir
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk.vir
C:\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk->C:\AdwCleaner\Quarantine\C\Users\Susanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk.vir
JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Starter x86
Ran by Susanne (Administrator) on 30.11.2015 at 1:44:24,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Susanne\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Deleted the following from C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, smt);
user_pref(browser.search.searchengine.uid, HitachiXHTS545025B9A300_101017PBN204CSDH86GTX);
Registry: 1
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.11.2015 at 1:59:55,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:29-11-2015 durchgeführt von Susanne (Administrator) auf SUSANNE-NETBOOK (30-11-2015 02:01:16) Gestartet von C:\Users\Susanne\Desktop Geladene Profile: Susanne (Verfügbare Profile: Susanne) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Connectify) C:\Program Files\Connectify\ConnectifyService.exe (Connectify) C:\Program Files\Connectify\Connectifyd.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-08-03] (Realtek Semiconductor) HKLM\...\Run: [iSyncData] => C:\Program Files\Acer\Android Manager\iSync.exe [407416 2010-01-08] (Insyde Software Corp.) HKLM\...\Run: [AndroidManager] => C:\Program Files\Acer\Android Manager\AML.exe [508280 2010-01-08] () HKLM\...\Run: [iPatchData] => C:\Program Files\Acer\Updater\iUpdate.exe [492096 2010-07-21] (Insyde Software Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-06-11] (Acer Incorporated) HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe [253952 2014-08-29] (Huawei Technologies Co., Ltd.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [4188408 2015-07-21] (Connectify) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM\...\Run: [Syncios device service] => C:\Program Files\Syncios\SynciosDeviceService.exe [861184 2015-08-04] () HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [3721744 2015-11-28] (Simply Super Software) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [Updater shortcut] => C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe [857544 2008-06-19] () HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [OXUpdater] => C:\Users\Susanne\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe [2483168 2014-10-17] (Open-Xchange) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GECKO.SCR [1795072 1994-12-30] () HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-01-23] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-06] (Avast Software s.r.o.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2010-09-17] ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0EE3FE4A-6878-4C92-8247-2AA74DA3738A}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3547935472-4146078513-3747807169-1000 -> {E508C46F-43EF-434F-86CF-C65ACB1AEAAF} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-24] (Avast Software s.r.o.) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Windows 7 Starter Helper -> {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} -> C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll [2009-12-09] (Oceanis) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-08-26] (Apple Inc.) FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\searchplugins\google-images.xml [2014-09-18] FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\searchplugins\google-maps.xml [2014-09-18] FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-06] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-09] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24] CHR HKLM\...\Chrome\Extension: [olghjjajidfdflkafeekiojnfmiolccp] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.) R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-07-21] (Connectify) [Datei ist nicht signiert] R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-11] (Acer Incorporated) R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-06] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-06] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-06] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-06] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-06] () R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2015-05-13] (Connectify) S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-17] (ENE Technology Inc.) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-29] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Susanne\AppData\Local\Temp\catchme.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-30 02:01 - 2015-11-30 02:02 - 00015449 _____ C:\Users\Susanne\Desktop\FRST.txt 2015-11-30 02:00 - 2015-11-30 02:00 - 00000000 ____D C:\Users\Susanne\Desktop\FRST-OlderVersion 2015-11-30 01:59 - 2015-11-30 01:59 - 00001213 _____ C:\Users\Susanne\Desktop\JRT.txt 2015-11-30 01:35 - 2015-11-30 01:35 - 00003407 _____ C:\Users\Susanne\Desktop\mbam-protection-log-2015-11-30.txt 2015-11-29 23:45 - 2015-11-29 23:45 - 00001028 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-29 22:02 - 2015-11-29 22:04 - 22908888 _____ (Malwarebytes ) C:\Users\Susanne\Desktop\mbam-setup-2.2.0.1024(2).exe 2015-11-29 22:02 - 2015-11-29 22:02 - 01599336 _____ (Malwarebytes) C:\Users\Susanne\Desktop\JRT.exe 2015-11-29 21:52 - 2015-11-29 21:52 - 01733632 _____ C:\Users\Susanne\Desktop\AdwCleaner_5.022.exe 2015-11-29 17:03 - 2015-11-29 17:03 - 00013582 _____ C:\ComboFix.txt 2015-11-29 15:35 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-29 15:35 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-29 15:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-29 15:31 - 2015-11-29 17:03 - 00000000 ____D C:\Qoobox 2015-11-29 15:28 - 2015-11-29 16:51 - 00000000 ____D C:\Windows\erdnt 2015-11-29 15:20 - 2015-11-29 22:07 - 00000000 ____D C:\Users\Susanne\Desktop\Trojaner Suchprogramme 2015-11-29 15:17 - 2015-11-29 15:26 - 05639804 ____R (Swearware) C:\Users\Susanne\Desktop\ComboFix.exe 2015-11-28 22:51 - 2015-11-28 22:51 - 00079097 _____ C:\Users\Susanne\Downloads\Leben_und_Arbeiten_in_Island_NOV2015.pdf 2015-11-28 20:17 - 2015-11-28 20:27 - 00211592 _____ C:\TDSSKiller.3.1.0.6_28.11.2015_20.17.56_log.txt 2015-11-28 20:07 - 2015-11-28 20:08 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Susanne\Downloads\tdsskiller.exe 2015-11-28 20:02 - 2015-11-30 02:01 - 00000000 ____D C:\FRST 2015-11-28 20:00 - 2015-11-30 02:00 - 01721344 _____ (Farbar) C:\Users\Susanne\Desktop\FRST.exe 2015-11-28 19:59 - 2015-11-28 19:59 - 00000000 _____ C:\Users\Susanne\defogger_reenable 2015-11-28 17:38 - 2015-11-28 17:39 - 00285400 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-28 17:38 - 2015-11-28 17:39 - 00145400 _____ C:\Windows\Minidump\112815-46722-01.dmp 2015-11-28 17:38 - 2015-11-28 17:38 - 219435003 _____ C:\Windows\MEMORY.DMP 2015-11-28 16:50 - 2015-11-28 17:36 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.Z.ZZZZZ.ZZ 2015-11-28 14:15 - 2015-11-28 14:15 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Simply Super Software 2015-11-28 13:46 - 2015-11-28 13:47 - 02042328 _____ (iS3, Inc.) C:\Users\Susanne\Downloads\STOPzillaPRO_Downloader.exe 2015-11-28 13:41 - 2015-11-28 13:41 - 03662448 _____ C:\Users\Susanne\Downloads\Malwarebytes_Anti-Malware_2_2_0.exe 2015-11-28 13:00 - 2015-11-28 13:00 - 00000000 ____D C:\Users\Susanne\Documents\Simply Super Software 2015-11-28 12:59 - 2015-11-29 16:20 - 00000000 ____D C:\ProgramData\TEMP 2015-11-28 12:52 - 2015-11-28 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-11-28 12:51 - 2015-11-28 14:21 - 00000000 ____D C:\Program Files\Trojan Remover 2015-11-28 12:51 - 2015-11-28 12:51 - 00000000 ____D C:\ProgramData\Simply Super Software 2015-11-28 12:43 - 2015-11-28 12:45 - 23852776 _____ (Simply Super Software ) C:\Users\Susanne\Downloads\trjsetup_6.9.3.exe 2015-11-27 15:11 - 2015-11-29 23:58 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-27 15:04 - 2015-11-29 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-27 15:03 - 2015-11-29 23:45 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-11-27 15:03 - 2015-11-27 15:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-27 15:03 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-27 15:03 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-27 15:03 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-27 15:01 - 2015-11-27 15:02 - 22908888 _____ (Malwarebytes ) C:\Users\Susanne\Downloads\mbam-setup-2.2.0.1024(1).exe 2015-11-27 11:14 - 2015-11-27 11:24 - 22908888 _____ (Malwarebytes ) C:\Users\Susanne\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-26 20:53 - 2015-11-26 20:53 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Free Ringtone Studio 2015-11-26 20:51 - 2015-11-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor 2015-11-26 20:50 - 2015-11-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Ringtone Studio 2015-11-26 20:50 - 2015-11-26 21:05 - 00000000 ____D C:\Program Files\Free Ringtone Studio 2015-11-26 20:20 - 2015-11-26 20:24 - 09232152 _____ (ManiacTools.com ) C:\Users\Susanne\Downloads\ringtone-studio.exe 2015-11-26 20:20 - 2015-11-26 20:24 - 09232152 _____ (ManiacTools.com ) C:\Users\Susanne\Downloads\ringtone-studio(1).exe 2015-11-24 18:21 - 2015-11-24 18:21 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Susanne\Downloads\SpyHunter-installer(1).exe 2015-11-24 18:19 - 2015-11-24 18:20 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Susanne\Downloads\SpyHunter-Installer.exe 2015-11-23 23:41 - 2015-11-23 23:41 - 00011652 _____ C:\Users\Susanne\Documents\cc_20151123_234107.reg 2015-11-23 14:18 - 2015-11-23 14:18 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172(1).zip 2015-11-23 14:17 - 2015-11-23 14:18 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172(2).zip 2015-11-22 21:57 - 2015-11-22 21:57 - 00083197 _____ C:\Users\Susanne\Downloads\anfahrtsplan_2010_dt.pdf 2015-11-22 21:44 - 2015-11-22 21:45 - 00244740 _____ C:\Users\Susanne\Downloads\Infoblatt_3D-bavarikon 1.0 bavFormat.pdf 2015-11-22 17:56 - 2015-11-22 17:56 - 00000862 _____ C:\Users\Susanne\AppData\Local\recently-used.xbel 2015-11-22 13:27 - 2015-11-22 13:27 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172.zip 2015-11-22 13:27 - 2015-11-22 13:27 - 00239740 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010457880.zip 2015-11-21 01:41 - 2015-11-21 01:42 - 09959187 _____ C:\Users\Susanne\Downloads\Catalog_LB_SS15.pdf 2015-11-20 12:11 - 2015-11-20 12:11 - 00461454 _____ C:\Users\Susanne\Downloads\20131021_Intern_S_M_UK_01.pdf 2015-11-20 10:28 - 2015-11-20 10:29 - 00258136 _____ C:\Users\Susanne\Downloads\bavarikon_3D_Merkblatt_Version_1.1(1).pdf 2015-11-19 15:40 - 2015-11-19 15:40 - 00158169 _____ C:\Users\Susanne\Downloads\lit509.pdf 2015-11-19 15:28 - 2015-11-19 15:28 - 00258136 _____ C:\Users\Susanne\Downloads\bavarikon_3D_Merkblatt_Version_1.1.pdf 2015-11-19 10:51 - 2015-11-19 10:51 - 00024122 _____ C:\Users\Susanne\Downloads\Ausschr_ForschungsstelleKaiserpfalzIngelheim.pdf 2015-11-19 01:02 - 2015-11-19 01:03 - 00005544 _____ C:\Users\Susanne\Documents\cc_20151119_010247.reg 2015-11-18 22:59 - 2015-11-18 22:59 - 01224649 _____ C:\Users\Susanne\Downloads\Ich(1).zip 2015-11-16 13:43 - 2015-11-16 13:43 - 00186875 _____ C:\Users\Susanne\Downloads\E-POSTZAHLU__NG-AGB.pdf 2015-11-16 12:40 - 2015-11-16 12:41 - 00000000 ____D C:\Users\Susanne\Documents\Büro 2015-11-14 15:29 - 2015-11-14 15:30 - 00055153 _____ C:\Users\Susanne\Downloads\ausschreibung_151130_ilmenau_de.pdf 2015-11-13 17:02 - 2015-11-13 17:02 - 00039827 _____ C:\Users\Susanne\Downloads\15188-fachangesteller-medien-informationsdienste-bibliothek.pdf 2015-11-13 14:30 - 2015-11-13 14:34 - 66199552 _____ C:\Users\Susanne\Downloads\calibre-2.44.0.msi 2015-11-13 14:06 - 2015-11-13 14:06 - 00028112 _____ C:\Users\Susanne\Documents\Aries Horoscope for November 2015.odt 2015-11-13 12:35 - 2015-11-13 12:35 - 18832886 _____ C:\Users\Susanne\Downloads\BAX III - WELTGERICHT - LESEPROBE FARBE.pdf 2015-11-12 20:26 - 2015-11-12 20:27 - 03432758 _____ C:\Users\Susanne\Downloads\Wolford+Unternehmensprofil.pdf 2015-11-10 22:02 - 2015-11-10 22:02 - 00014628 _____ C:\Users\Susanne\Downloads\MGBl_Verzeichnis_1961ff.pdf 2015-11-10 17:43 - 2015-11-10 17:43 - 00000000 ____D C:\Users\Susanne\Documents\Syncios 2015-11-10 17:42 - 2015-11-10 19:11 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Syncios 2015-11-10 17:40 - 2015-11-24 18:17 - 00000000 ____D C:\Program Files\Syncios 2015-11-10 17:34 - 2015-11-10 17:37 - 43101288 _____ (Anvsoft, Inc. ) C:\Users\Susanne\Downloads\setup_syncios.exe 2015-11-10 16:18 - 2015-11-10 16:18 - 01917189 _____ C:\Users\Susanne\Downloads\GoT-Ringtone-iPhone-Ring.zip 2015-11-10 14:58 - 2015-11-10 14:58 - 00923654 _____ C:\Users\Susanne\Downloads\kulturstellensites.pdf 2015-11-10 14:56 - 2015-11-10 14:56 - 00071782 _____ C:\Users\Susanne\Downloads\t1.pdf 2015-11-07 22:04 - 2015-11-07 22:04 - 00277540 _____ C:\Users\Susanne\Downloads\2015 Nov-Vortrag Hausdorf(1).pdf 2015-11-07 15:24 - 2015-11-22 21:51 - 00000000 ___RD C:\Users\Susanne\Documents\November 2015-11-07 14:48 - 2015-11-07 14:48 - 00156423 _____ C:\Users\Susanne\Downloads\gnm_2_museumszeitung_ausgabe_41.pdf 2015-11-03 21:42 - 2015-11-03 21:42 - 00026024 _____ C:\Users\Susanne\Documents\cc_20151103_214200.reg 2015-11-02 16:03 - 2015-11-02 16:26 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Bitcoin 2015-11-02 16:00 - 2015-11-02 16:01 - 12585656 _____ (Bitcoin Core project) C:\Users\Susanne\Downloads\bitcoin-0.11.1-win32-setup.exe 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Program Files\WinRAR 2015-11-02 11:56 - 2015-11-02 11:56 - 01766784 _____ C:\Users\Susanne\Downloads\wrar500.exe 2015-11-02 10:09 - 2015-11-02 10:09 - 00000400 _____ C:\Users\Susanne\Downloads\g4d72e01o2138z8.ccf 2015-11-01 22:11 - 2015-11-01 22:11 - 00047959 _____ C:\Users\Susanne\Downloads\SBB-GD-5-2015(1).pdf 2015-11-01 20:00 - 2015-11-01 20:00 - 00023013 _____ C:\Users\Susanne\Downloads\Stellenbeschreibung - MI, Verwaltungssekretariat, 100%.pdf 2015-11-01 19:53 - 2015-11-01 19:53 - 00873573 _____ C:\Users\Susanne\Downloads\Flyer Ausbildung Verwaltungsfachangestellte - 2015.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-30 01:50 - 2014-08-30 18:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-30 01:47 - 2007-07-12 02:48 - 00000000 ____D C:\Windows 2015-11-30 00:49 - 2009-07-14 05:34 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-30 00:49 - 2009-07-14 05:34 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-30 00:37 - 2015-07-08 08:04 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\FileAdvisor 2015-11-29 23:53 - 2015-01-24 07:49 - 00000000 ___RD C:\Users\Susanne\iCloudDrive 2015-11-29 23:51 - 2014-10-08 12:20 - 00000000 ____D C:\Users\Susanne\AppData\Local\FreePDF_XP 2015-11-29 23:50 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-29 23:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2015-11-29 23:43 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-29 22:37 - 2015-05-12 09:43 - 00000000 ____D C:\Users\Susanne\Desktop\AdwCleaner 2015-11-29 22:37 - 2014-08-29 18:27 - 00000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-29 22:37 - 2014-08-29 15:57 - 00001026 _____ C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-11-29 21:42 - 2015-05-10 17:21 - 00000515 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-11-29 16:47 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini 2015-11-28 19:59 - 2014-08-29 15:53 - 00000000 ____D C:\Users\Susanne 2015-11-28 17:44 - 2014-10-26 11:16 - 00000000 ____D C:\Users\Susanne\AppData\Local\Deployment 2015-11-28 17:43 - 2014-08-29 18:05 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\HCM Updater 2015-11-28 17:38 - 2015-08-15 15:12 - 00000000 ____D C:\Windows\Minidump 2015-11-28 14:30 - 2015-07-15 12:05 - 00000000 ____D C:\Users\Susanne\Documents\Bücher und Texte 2015-11-28 12:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat 2015-11-27 14:41 - 2015-06-15 13:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-26 21:05 - 2015-07-07 19:16 - 00000000 ____D C:\Program Files\File Type Advisor 2015-11-24 14:51 - 2014-08-29 04:55 - 00700118 _____ C:\Windows\system32\perfh007.dat 2015-11-24 14:51 - 2014-08-29 04:55 - 00149968 _____ C:\Windows\system32\perfc007.dat 2015-11-24 14:51 - 2010-09-17 07:37 - 01622164 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-22 23:16 - 2015-02-26 13:06 - 00000000 ___RD C:\Users\Susanne\Documents\aktuell 2015-11-22 18:02 - 2014-10-26 22:01 - 00000000 ____D C:\Users\Susanne\.gimp-2.8 2015-11-22 17:46 - 2014-10-27 09:57 - 00000000 ____D C:\Users\Susanne\AppData\Local\gtk-2.0 2015-11-19 23:52 - 2014-08-29 20:03 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\SoftGrid Client 2015-11-19 11:42 - 2015-07-28 09:56 - 00000000 ___SD C:\Users\Susanne\AppData\LocalLow\Temp 2015-11-18 22:31 - 2014-09-01 10:27 - 00000000 ____D C:\Users\Susanne\Documents\Sonstiges 2015-11-13 17:47 - 2014-09-08 13:17 - 00000000 ____D C:\Users\Susanne\Documents\Calibre-Bibliothek 2015-11-11 15:25 - 2014-09-02 18:15 - 00000000 ____D C:\Users\Susanne\Documents\Audible 2015-11-11 14:34 - 2014-08-30 12:20 - 00000000 ____D C:\Users\Susanne\AppData\Local\Audible 2015-11-10 21:50 - 2014-08-30 18:37 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-11-10 21:50 - 2014-08-30 18:37 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-11-22 17:56 - 2015-11-22 17:56 - 0000862 _____ () C:\Users\Susanne\AppData\Local\recently-used.xbel 2010-09-17 08:19 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Einige Dateien in TEMP: ==================== C:\Users\Susanne\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-20 19:30 ==================== Ende vom FRST.txt ============================ ADDITION: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:29-11-2015
durchgeführt von Susanne (2015-11-30 02:03:57)
Gestartet von C:\Users\Susanne\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2014-08-29 14:52:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3547935472-4146078513-3747807169-500 - Administrator - Disabled)
Gast (S-1-5-21-3547935472-4146078513-3747807169-501 - Limited - Disabled)
Susanne (S-1-5-21-3547935472-4146078513-3747807169-1000 - Administrator - Enabled) => C:\Users\Susanne
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Crystal Eye webcam (HKLM\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 4.0.2.9 - Liteon)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0624.2010 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
AndroidInstaller (Version: 1.00.022 - Ihr Firmenname) Hidden
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2010264890.48.56.25169266 - Audible, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
calibre (HKLM\...\{4ED40090-5A38-415F-B222-26DD6D3C1AEF}) (Version: 2.2.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.1.0.35473 - Connectify)
ENE USB Card Reader Driver (HKLM\...\3B29FD3CCF1F5B855DA0C521597413EBABE97DFB) (Version: 5.89.0.70 - ENE)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
File Type Advisor 1.6 (HKLM\...\File Type Advisor_is1) (Version: - )
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Ringtone Studio 9.0 (HKLM\...\Free Ringtone Studio_is1) (Version: - ManiacTools.com)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
idioma Connect (HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\5b7825971d9c1087) (Version: 1.0.0.39 - idioma)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iQube 4.2.14 (HKLM\...\{30F40BE4-A45D-4933-A692-504966A0A8F9}_is1) (Version: 4.2.14 - )
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Launch Manager (HKLM\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Oceanis Change Background Windows 7 (HKLM\...\Oceanis Change Background Windows 7_is1) (Version: 1.0 - Oceanis)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Open-Xchange Updater (HKLM\...\{D00487C5-A3A1-4637-B1FE-64E2691560E6}) (Version: 6.18.27 - Open-Xchange Inc.)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Tome 2.2.0 (HKLM\...\{5B33A926-8AA1-4B6A-A489-5333BF9DDA1B}_is1) (Version: 2.2.0 - )
Transcription iSS (HKLM\...\{8AC20255-BE16-4100-9866-FED1D0EC5CAB}) (Version: 2.0.29 - ISS)
Trojan Remover 6.9.3.2940 (HKLM\...\Trojan Remover_is1) (Version: 6.9.3.2940 - Simply Super Software)
web'n'walk Manager (HKLM\...\web'n'walk Manager) (Version: 11.002.07.22.55 - Huawei Technologies Co.,Ltd)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
04-05-2015 16:10:19 Geplanter Prüfpunkt
06-05-2015 18:43:23 avast! antivirus system restore point
08-05-2015 20:06:53 Windows Update
10-05-2015 06:36:09 Gerätetreiber-Paketinstallation: Connectify Netzwerkdienst
12-05-2015 03:59:54 Installed BEETmobile
12-05-2015 04:43:56 Gerätetreiber-Paketinstallation: Khalil Azzouzi Netzwerkdienst
12-05-2015 05:00:51 Removed BEETmobile
12-05-2015 06:44:31 Installed WiFi HotSpot Creator
12-05-2015 08:17:27 Removed Bonjour
12-05-2015 19:57:06 Windows Update
13-05-2015 09:21:58 Installed Bonjour Print Services
13-05-2015 14:58:38 Removed WiFi HotSpot Creator
13-05-2015 15:20:29 Gerätetreiber-Paketinstallation: Connectify Netzwerkdienst
21-05-2015 15:40:51 Geplanter Prüfpunkt
01-06-2015 07:56:00 Geplanter Prüfpunkt
13-06-2015 13:29:19 Installed Windows Media Player Firefox Plugin
24-06-2015 10:35:48 Geplanter Prüfpunkt
02-07-2015 13:01:57 Geplanter Prüfpunkt
14-07-2015 11:09:34 Geplanter Prüfpunkt
21-08-2015 21:11:36 Geplanter Prüfpunkt
30-08-2015 14:14:23 Geplanter Prüfpunkt
19-10-2015 11:59:13 Geplanter Prüfpunkt
05-11-2015 23:40:08 Geplanter Prüfpunkt
13-11-2015 20:44:06 Geplanter Prüfpunkt
29-11-2015 15:37:42 ComboFix created restore point
30-11-2015 01:44:56 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {044BDBE3-50DF-4B00-8D76-5D12C3D7D261} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {11E70841-C184-43EB-B935-90879C79F504} - System32\Tasks\{1BD18429-EDC1-46ED-BA4E-3BD5C27502CE} => pcalua.exe -a C:\Users\Susanne\AppData\Local\Temp\Temp1_Audio_Realtek_6.0.1.6141_W7x86_A.zip\Audio_Realtek_6.0.1.6141_Win7x86\Setup.exe
Task: {121E38B0-9894-4C8B-94C4-C34A555F21E8} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor)
Task: {13BD6176-6EBE-4A2D-AEF5-6E7153C782D7} - System32\Tasks\{E7C4902C-7A0A-4BD2-90AD-64BEB19AB6FD} => pcalua.exe -a C:\Users\Susanne\Documents\Sonstiges\gecko_installer\Gecko-Installer.exe -d C:\Users\Susanne\Documents\Sonstiges\gecko_installer
Task: {3E3D1279-4897-4005-94AA-FDA3C9709B26} - System32\Tasks\{42BBADB5-A613-4722-ACBE-9A1F9919B708} => pcalua.exe -a C:\Users\Susanne\Pictures\Gecko-Installer.exe -d C:\Users\Susanne\Pictures
Task: {4E74CEB8-E81A-452B-B7DC-B95C5FE89147} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {507E841B-636D-434C-9D0E-A16BBFF21738} - System32\Tasks\Sunrise => C:\Windows\TEMP\CUpdater\s1rc..exe
Task: {55870CAE-F2C9-4C0B-8194-D0A7E8CC236E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7338F5FC-D931-420A-83FF-DD8F52A6D6B9} - \crash_service -> Keine Datei <==== ACHTUNG
Task: {ACF46E51-BBDB-4FBA-9F51-E25BCD3648AF} - System32\Tasks\{5B730130-515B-4652-AF42-3DA4CA5D0DF2} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
Task: {B66DBCF5-FAD2-49C2-892C-237C4DDD7812} - System32\Tasks\{94B5FA6C-D094-4180-8F4D-48F968FA8004} => pcalua.exe -a C:\Users\Susanne\Pictures\gecko_installer\Gecko-Installer.exe -d C:\Users\Susanne\Pictures\gecko_installer
Task: {BDB77AEB-A1C3-4308-B055-3207E76616C4} - System32\Tasks\{6AB294B2-BA41-4C4F-9B5B-A9E89E374491} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {CC801994-86CB-47A3-ABF0-F59810F63736} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {E6A7C751-3DD7-4E31-97BD-97DEFA66B520} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\Susanne\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ACHTUNG
Task: {F4EB71A4-0752-49CE-A2F0-0BB368B1491E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-05-06 18:49 - 2015-05-06 18:49 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-06 18:49 - 2015-05-06 18:49 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-29 21:34 - 2015-11-29 21:34 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112901\algo.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:27 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-24 08:33 - 2015-03-24 08:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-31 07:57 - 2015-07-21 17:13 - 00715000 _____ () C:\Program Files\Connectify\log4cplus.dll
2015-04-08 20:53 - 2015-04-08 20:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-23 18:19 - 2015-01-23 18:19 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1266bf4bc00412e0e654ff040fff59af\IsdiInterop.ni.dll
2010-09-17 08:04 - 2010-06-08 18:44 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.Z.ZZZZZ.ZZ:1
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{F97692D2-3096-4D66-A91C-5580303F9270}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{517880C9-A4F2-4DED-A056-61AAA0275E7C}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{71BC790B-0D17-4055-B04A-F611B489A015}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{2C470230-58DE-4299-9EA6-983A0C095EE3}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9BEBDBC7-4246-4A6F-BCDB-3004F8DF7484}] => (Allow) svchost.exe
FirewallRules: [{EF504298-9C52-4B30-8DC5-D16AA4C28F0F}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{FD599803-DA53-40AB-98DF-9A3335FCDF7A}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9207A7FD-AEA1-4B41-B244-59E3A69764FC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F216393C-7C37-4FBF-AD91-B2D3418F9786}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0C26A89B-5BC5-4DD2-B202-3841407B0CAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A91047C8-3D39-4371-92D2-C27AEDCBDBC4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DE132D74-A054-496B-9437-40F87C5F1402}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4B60A822-05E2-4359-9A89-2CD7922A6EBA}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{8A25A8FF-15E3-4E6D-9EF1-AF3658074F70}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [{4061AA88-A721-4DBE-B133-21357EE8098E}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [{92ABEECD-18C0-4AD3-9386-BE6E669E551A}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [{F8424B4A-8487-4175-9FF5-38D7FCB2A43F}] => (Allow) C:\Program Files\Connectify\Connectify.exe
FirewallRules: [{DAEF5931-A320-4D3B-AEC1-9AC0A9C77C0C}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{5A38E522-7C1B-4831-8111-83A97EB73352}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{BFAB225A-BF71-429F-98C7-58C6D578807E}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{D394DFB9-2CF3-441A-A93A-336689AE4A2A}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{481C4A1D-E68D-43CD-9F84-FF076801C1DE}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{3F7DF551-CEC5-4DB0-A1B4-F432C541E969}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C3E6820-C814-4B0F-8A72-C06AD3F78971}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C7CD7DAA-7EF0-4EA3-9461-FC3E04019711}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: 1.3M WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/29/2015 11:02:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 784
Startzeit: 01d12aeeafd8305f
Endzeit: 14613
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: a3c7ae2f-96e4-11e5-852e-0026c7c4f764
Error: (11/29/2015 04:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pev.3XE, Version: 0.0.0.0, Zeitstempel: 0x4e06cfe8
Name des fehlerhaften Moduls: pev.3XE, Version: 0.0.0.0, Zeitstempel: 0x4e06cfe8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00081dc9
ID des fehlerhaften Prozesses: 0x1368
Startzeit der fehlerhaften Anwendung: 0xpev.3XE0
Pfad der fehlerhaften Anwendung: pev.3XE1
Pfad des fehlerhaften Moduls: pev.3XE2
Berichtskennung: pev.3XE3
Error: (11/29/2015 04:03:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33244
Error: (11/29/2015 04:03:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33244
Error: (11/29/2015 04:03:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (11/28/2015 05:45:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Systemfehler:
=============
Error: (11/30/2015 00:00:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (11/29/2015 11:51:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (11/29/2015 11:51:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (11/29/2015 11:47:59 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/29/2015 11:45:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (11/29/2015 11:45:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062
Error: (11/29/2015 11:45:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (11/29/2015 11:43:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/29/2015 11:43:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/29/2015 11:43:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Prozentuale Nutzung des RAM: 82%
Installierter physikalischer RAM: 1013.09 MB
Verfügbarer physikalischer RAM: 173.5 MB
Summe virtueller Speicher: 2541.41 MB
Verfügbarer virtueller Speicher: 888.92 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:215.79 GB) (Free:99.28 GB) NTFS
Drive d: () (Fixed) (Total:4 GB) (Free:2.66 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 496895C4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=0C)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=215.8 GB) - (Type=OF Extended)
==================== Ende vom Addition.txt ============================
|
|
30.11.2015, 11:45
| #9 |
| | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Leider hat sich zwischendurch mein Netbook wieder aufgehängt.. ich mache mal mit dem Trojan Remover weiter: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Starter x86
Ran by Susanne (Administrator) on 30.11.2015 at 1:44:24,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 3
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Susanne\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Deleted the following from C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\prefs.js
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, smt);
user_pref(browser.search.searchengine.uid, HitachiXHTS545025B9A300_101017PBN204CSDH86GTX);
Registry: 1
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.11.2015 at 1:59:55,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:29-11-2015 durchgeführt von Susanne (Administrator) auf SUSANNE-NETBOOK (30-11-2015 02:01:16) Gestartet von C:\Users\Susanne\Desktop Geladene Profile: Susanne (Verfügbare Profile: Susanne) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Malwarebytes) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe (Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Connectify) C:\Program Files\Connectify\ConnectifyService.exe (Connectify) C:\Program Files\Connectify\Connectifyd.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9398888 2010-08-03] (Realtek Semiconductor) HKLM\...\Run: [iSyncData] => C:\Program Files\Acer\Android Manager\iSync.exe [407416 2010-01-08] (Insyde Software Corp.) HKLM\...\Run: [AndroidManager] => C:\Program Files\Acer\Android Manager\AML.exe [508280 2010-01-08] () HKLM\...\Run: [iPatchData] => C:\Program Files\Acer\Updater\iUpdate.exe [492096 2010-07-21] (Insyde Software Corp.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715296 2010-06-11] (Acer Incorporated) HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe [253952 2014-08-29] (Huawei Technologies Co., Ltd.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.) HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [4188408 2015-07-21] (Connectify) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157968 2015-08-13] (Apple Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.) HKLM\...\Run: [Syncios device service] => C:\Program Files\Syncios\SynciosDeviceService.exe [861184 2015-08-04] () HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe [3721744 2015-11-28] (Simply Super Software) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [Updater shortcut] => C:\Program Files\T-Mobile\web'n'walk Manager\WTGU.exe [857544 2008-06-19] () HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [OXUpdater] => C:\Users\Susanne\AppData\Local\Open-Xchange\OXUpdater\OXUpdater.exe [2483168 2014-10-17] (Open-Xchange) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd) HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GECKO.SCR [1795072 1994-12-30] () HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-01-23] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-06] (Avast Software s.r.o.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2010-09-17] ShortcutTarget: Acer VCM.lnk -> C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0EE3FE4A-6878-4C92-8247-2AA74DA3738A}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3547935472-4146078513-3747807169-1000 -> {E508C46F-43EF-434F-86CF-C65ACB1AEAAF} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-24] (Avast Software s.r.o.) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Windows 7 Starter Helper -> {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} -> C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll [2009-12-09] (Oceanis) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default FF Homepage: hxxp://www.google.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-08-26] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-08-26] (Apple Inc.) FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\searchplugins\google-images.xml [2014-09-18] FF SearchPlugin: C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\searchplugins\google-maps.xml [2014-09-18] FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-06] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-09] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Susanne\AppData\Roaming\Mozilla\Firefox\Profiles\dm1go5xs.default\extensions\cliqz@cliqz.com => nicht gefunden Chrome: ======= CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24] CHR HKLM\...\Chrome\Extension: [olghjjajidfdflkafeekiojnfmiolccp] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.) R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-07-21] (Connectify) [Datei ist nicht signiert] R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [735776 2010-06-11] (Acer Incorporated) R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-06] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-06] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-06] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-06] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-06] () R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2015-05-13] (Connectify) S3 EUCR; C:\Windows\System32\DRIVERS\EUCR6SK.SYS [82768 2010-06-17] (ENE Technology Inc.) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-10-05] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-29] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Susanne\AppData\Local\Temp\catchme.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-30 02:01 - 2015-11-30 02:02 - 00015449 _____ C:\Users\Susanne\Desktop\FRST.txt 2015-11-30 02:00 - 2015-11-30 02:00 - 00000000 ____D C:\Users\Susanne\Desktop\FRST-OlderVersion 2015-11-30 01:59 - 2015-11-30 01:59 - 00001213 _____ C:\Users\Susanne\Desktop\JRT.txt 2015-11-30 01:35 - 2015-11-30 01:35 - 00003407 _____ C:\Users\Susanne\Desktop\mbam-protection-log-2015-11-30.txt 2015-11-29 23:45 - 2015-11-29 23:45 - 00001028 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-11-29 22:02 - 2015-11-29 22:04 - 22908888 _____ (Malwarebytes ) C:\Users\Susanne\Desktop\mbam-setup-2.2.0.1024(2).exe 2015-11-29 22:02 - 2015-11-29 22:02 - 01599336 _____ (Malwarebytes) C:\Users\Susanne\Desktop\JRT.exe 2015-11-29 21:52 - 2015-11-29 21:52 - 01733632 _____ C:\Users\Susanne\Desktop\AdwCleaner_5.022.exe 2015-11-29 17:03 - 2015-11-29 17:03 - 00013582 _____ C:\ComboFix.txt 2015-11-29 15:35 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2015-11-29 15:35 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2015-11-29 15:35 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2015-11-29 15:35 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2015-11-29 15:31 - 2015-11-29 17:03 - 00000000 ____D C:\Qoobox 2015-11-29 15:28 - 2015-11-29 16:51 - 00000000 ____D C:\Windows\erdnt 2015-11-29 15:20 - 2015-11-29 22:07 - 00000000 ____D C:\Users\Susanne\Desktop\Trojaner Suchprogramme 2015-11-29 15:17 - 2015-11-29 15:26 - 05639804 ____R (Swearware) C:\Users\Susanne\Desktop\ComboFix.exe 2015-11-28 22:51 - 2015-11-28 22:51 - 00079097 _____ C:\Users\Susanne\Downloads\Leben_und_Arbeiten_in_Island_NOV2015.pdf 2015-11-28 20:17 - 2015-11-28 20:27 - 00211592 _____ C:\TDSSKiller.3.1.0.6_28.11.2015_20.17.56_log.txt 2015-11-28 20:07 - 2015-11-28 20:08 - 04397752 _____ (Kaspersky Lab ZAO) C:\Users\Susanne\Downloads\tdsskiller.exe 2015-11-28 20:02 - 2015-11-30 02:01 - 00000000 ____D C:\FRST 2015-11-28 20:00 - 2015-11-30 02:00 - 01721344 _____ (Farbar) C:\Users\Susanne\Desktop\FRST.exe 2015-11-28 19:59 - 2015-11-28 19:59 - 00000000 _____ C:\Users\Susanne\defogger_reenable 2015-11-28 17:38 - 2015-11-28 17:39 - 00285400 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-28 17:38 - 2015-11-28 17:39 - 00145400 _____ C:\Windows\Minidump\112815-46722-01.dmp 2015-11-28 17:38 - 2015-11-28 17:38 - 219435003 _____ C:\Windows\MEMORY.DMP 2015-11-28 16:50 - 2015-11-28 17:36 - 00000000 ____D C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.Z.ZZZZZ.ZZ 2015-11-28 14:15 - 2015-11-28 14:15 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Simply Super Software 2015-11-28 13:46 - 2015-11-28 13:47 - 02042328 _____ (iS3, Inc.) C:\Users\Susanne\Downloads\STOPzillaPRO_Downloader.exe 2015-11-28 13:41 - 2015-11-28 13:41 - 03662448 _____ C:\Users\Susanne\Downloads\Malwarebytes_Anti-Malware_2_2_0.exe 2015-11-28 13:00 - 2015-11-28 13:00 - 00000000 ____D C:\Users\Susanne\Documents\Simply Super Software 2015-11-28 12:59 - 2015-11-29 16:20 - 00000000 ____D C:\ProgramData\TEMP 2015-11-28 12:52 - 2015-11-28 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover 2015-11-28 12:51 - 2015-11-28 14:21 - 00000000 ____D C:\Program Files\Trojan Remover 2015-11-28 12:51 - 2015-11-28 12:51 - 00000000 ____D C:\ProgramData\Simply Super Software 2015-11-28 12:43 - 2015-11-28 12:45 - 23852776 _____ (Simply Super Software ) C:\Users\Susanne\Downloads\trjsetup_6.9.3.exe 2015-11-27 15:11 - 2015-11-29 23:58 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-27 15:04 - 2015-11-29 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-27 15:03 - 2015-11-29 23:45 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 2015-11-27 15:03 - 2015-11-27 15:03 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-27 15:03 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-27 15:03 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-27 15:03 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-27 15:01 - 2015-11-27 15:02 - 22908888 _____ (Malwarebytes ) C:\Users\Susanne\Downloads\mbam-setup-2.2.0.1024(1).exe 2015-11-27 11:14 - 2015-11-27 11:24 - 22908888 _____ (Malwarebytes ) C:\Users\Susanne\Downloads\mbam-setup-2.2.0.1024.exe 2015-11-26 20:53 - 2015-11-26 20:53 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Free Ringtone Studio 2015-11-26 20:51 - 2015-11-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor 2015-11-26 20:50 - 2015-11-26 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Ringtone Studio 2015-11-26 20:50 - 2015-11-26 21:05 - 00000000 ____D C:\Program Files\Free Ringtone Studio 2015-11-26 20:20 - 2015-11-26 20:24 - 09232152 _____ (ManiacTools.com ) C:\Users\Susanne\Downloads\ringtone-studio.exe 2015-11-26 20:20 - 2015-11-26 20:24 - 09232152 _____ (ManiacTools.com ) C:\Users\Susanne\Downloads\ringtone-studio(1).exe 2015-11-24 18:21 - 2015-11-24 18:21 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Susanne\Downloads\SpyHunter-installer(1).exe 2015-11-24 18:19 - 2015-11-24 18:20 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Susanne\Downloads\SpyHunter-Installer.exe 2015-11-23 23:41 - 2015-11-23 23:41 - 00011652 _____ C:\Users\Susanne\Documents\cc_20151123_234107.reg 2015-11-23 14:18 - 2015-11-23 14:18 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172(1).zip 2015-11-23 14:17 - 2015-11-23 14:18 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172(2).zip 2015-11-22 21:57 - 2015-11-22 21:57 - 00083197 _____ C:\Users\Susanne\Downloads\anfahrtsplan_2010_dt.pdf 2015-11-22 21:44 - 2015-11-22 21:45 - 00244740 _____ C:\Users\Susanne\Downloads\Infoblatt_3D-bavarikon 1.0 bavFormat.pdf 2015-11-22 17:56 - 2015-11-22 17:56 - 00000862 _____ C:\Users\Susanne\AppData\Local\recently-used.xbel 2015-11-22 13:27 - 2015-11-22 13:27 - 00247649 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010458172.zip 2015-11-22 13:27 - 2015-11-22 13:27 - 00239740 _____ C:\Users\Susanne\Downloads\MeinFernbus FlixBus Buchungsbestätigung #8010457880.zip 2015-11-21 01:41 - 2015-11-21 01:42 - 09959187 _____ C:\Users\Susanne\Downloads\Catalog_LB_SS15.pdf 2015-11-20 12:11 - 2015-11-20 12:11 - 00461454 _____ C:\Users\Susanne\Downloads\20131021_Intern_S_M_UK_01.pdf 2015-11-20 10:28 - 2015-11-20 10:29 - 00258136 _____ C:\Users\Susanne\Downloads\bavarikon_3D_Merkblatt_Version_1.1(1).pdf 2015-11-19 15:40 - 2015-11-19 15:40 - 00158169 _____ C:\Users\Susanne\Downloads\lit509.pdf 2015-11-19 15:28 - 2015-11-19 15:28 - 00258136 _____ C:\Users\Susanne\Downloads\bavarikon_3D_Merkblatt_Version_1.1.pdf 2015-11-19 10:51 - 2015-11-19 10:51 - 00024122 _____ C:\Users\Susanne\Downloads\Ausschr_ForschungsstelleKaiserpfalzIngelheim.pdf 2015-11-19 01:02 - 2015-11-19 01:03 - 00005544 _____ C:\Users\Susanne\Documents\cc_20151119_010247.reg 2015-11-18 22:59 - 2015-11-18 22:59 - 01224649 _____ C:\Users\Susanne\Downloads\Ich(1).zip 2015-11-16 13:43 - 2015-11-16 13:43 - 00186875 _____ C:\Users\Susanne\Downloads\E-POSTZAHLU__NG-AGB.pdf 2015-11-16 12:40 - 2015-11-16 12:41 - 00000000 ____D C:\Users\Susanne\Documents\Büro 2015-11-14 15:29 - 2015-11-14 15:30 - 00055153 _____ C:\Users\Susanne\Downloads\ausschreibung_151130_ilmenau_de.pdf 2015-11-13 17:02 - 2015-11-13 17:02 - 00039827 _____ C:\Users\Susanne\Downloads\15188-fachangesteller-medien-informationsdienste-bibliothek.pdf 2015-11-13 14:30 - 2015-11-13 14:34 - 66199552 _____ C:\Users\Susanne\Downloads\calibre-2.44.0.msi 2015-11-13 14:06 - 2015-11-13 14:06 - 00028112 _____ C:\Users\Susanne\Documents\Aries Horoscope for November 2015.odt 2015-11-13 12:35 - 2015-11-13 12:35 - 18832886 _____ C:\Users\Susanne\Downloads\BAX III - WELTGERICHT - LESEPROBE FARBE.pdf 2015-11-12 20:26 - 2015-11-12 20:27 - 03432758 _____ C:\Users\Susanne\Downloads\Wolford+Unternehmensprofil.pdf 2015-11-10 22:02 - 2015-11-10 22:02 - 00014628 _____ C:\Users\Susanne\Downloads\MGBl_Verzeichnis_1961ff.pdf 2015-11-10 17:43 - 2015-11-10 17:43 - 00000000 ____D C:\Users\Susanne\Documents\Syncios 2015-11-10 17:42 - 2015-11-10 19:11 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Syncios 2015-11-10 17:40 - 2015-11-24 18:17 - 00000000 ____D C:\Program Files\Syncios 2015-11-10 17:34 - 2015-11-10 17:37 - 43101288 _____ (Anvsoft, Inc. ) C:\Users\Susanne\Downloads\setup_syncios.exe 2015-11-10 16:18 - 2015-11-10 16:18 - 01917189 _____ C:\Users\Susanne\Downloads\GoT-Ringtone-iPhone-Ring.zip 2015-11-10 14:58 - 2015-11-10 14:58 - 00923654 _____ C:\Users\Susanne\Downloads\kulturstellensites.pdf 2015-11-10 14:56 - 2015-11-10 14:56 - 00071782 _____ C:\Users\Susanne\Downloads\t1.pdf 2015-11-07 22:04 - 2015-11-07 22:04 - 00277540 _____ C:\Users\Susanne\Downloads\2015 Nov-Vortrag Hausdorf(1).pdf 2015-11-07 15:24 - 2015-11-22 21:51 - 00000000 ___RD C:\Users\Susanne\Documents\November 2015-11-07 14:48 - 2015-11-07 14:48 - 00156423 _____ C:\Users\Susanne\Downloads\gnm_2_museumszeitung_ausgabe_41.pdf 2015-11-03 21:42 - 2015-11-03 21:42 - 00026024 _____ C:\Users\Susanne\Documents\cc_20151103_214200.reg 2015-11-02 16:03 - 2015-11-02 16:26 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Bitcoin 2015-11-02 16:00 - 2015-11-02 16:01 - 12585656 _____ (Bitcoin Core project) C:\Users\Susanne\Downloads\bitcoin-0.11.1-win32-setup.exe 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-11-02 11:57 - 2015-11-02 11:57 - 00000000 ____D C:\Program Files\WinRAR 2015-11-02 11:56 - 2015-11-02 11:56 - 01766784 _____ C:\Users\Susanne\Downloads\wrar500.exe 2015-11-02 10:09 - 2015-11-02 10:09 - 00000400 _____ C:\Users\Susanne\Downloads\g4d72e01o2138z8.ccf 2015-11-01 22:11 - 2015-11-01 22:11 - 00047959 _____ C:\Users\Susanne\Downloads\SBB-GD-5-2015(1).pdf 2015-11-01 20:00 - 2015-11-01 20:00 - 00023013 _____ C:\Users\Susanne\Downloads\Stellenbeschreibung - MI, Verwaltungssekretariat, 100%.pdf 2015-11-01 19:53 - 2015-11-01 19:53 - 00873573 _____ C:\Users\Susanne\Downloads\Flyer Ausbildung Verwaltungsfachangestellte - 2015.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-30 01:50 - 2014-08-30 18:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-30 01:47 - 2007-07-12 02:48 - 00000000 ____D C:\Windows 2015-11-30 00:49 - 2009-07-14 05:34 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-30 00:49 - 2009-07-14 05:34 - 00013808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-30 00:37 - 2015-07-08 08:04 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\FileAdvisor 2015-11-29 23:53 - 2015-01-24 07:49 - 00000000 ___RD C:\Users\Susanne\iCloudDrive 2015-11-29 23:51 - 2014-10-08 12:20 - 00000000 ____D C:\Users\Susanne\AppData\Local\FreePDF_XP 2015-11-29 23:50 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-29 23:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 2015-11-29 23:43 - 2009-07-14 05:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-11-29 22:37 - 2015-05-12 09:43 - 00000000 ____D C:\Users\Susanne\Desktop\AdwCleaner 2015-11-29 22:37 - 2014-08-29 18:27 - 00000987 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-29 22:37 - 2014-08-29 15:57 - 00001026 _____ C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-11-29 21:42 - 2015-05-10 17:21 - 00000515 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-11-29 16:47 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini 2015-11-28 19:59 - 2014-08-29 15:53 - 00000000 ____D C:\Users\Susanne 2015-11-28 17:44 - 2014-10-26 11:16 - 00000000 ____D C:\Users\Susanne\AppData\Local\Deployment 2015-11-28 17:43 - 2014-08-29 18:05 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\HCM Updater 2015-11-28 17:38 - 2015-08-15 15:12 - 00000000 ____D C:\Windows\Minidump 2015-11-28 14:30 - 2015-07-15 12:05 - 00000000 ____D C:\Users\Susanne\Documents\Bücher und Texte 2015-11-28 12:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat 2015-11-27 14:41 - 2015-06-15 13:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-11-26 21:05 - 2015-07-07 19:16 - 00000000 ____D C:\Program Files\File Type Advisor 2015-11-24 14:51 - 2014-08-29 04:55 - 00700118 _____ C:\Windows\system32\perfh007.dat 2015-11-24 14:51 - 2014-08-29 04:55 - 00149968 _____ C:\Windows\system32\perfc007.dat 2015-11-24 14:51 - 2010-09-17 07:37 - 01622164 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-22 23:16 - 2015-02-26 13:06 - 00000000 ___RD C:\Users\Susanne\Documents\aktuell 2015-11-22 18:02 - 2014-10-26 22:01 - 00000000 ____D C:\Users\Susanne\.gimp-2.8 2015-11-22 17:46 - 2014-10-27 09:57 - 00000000 ____D C:\Users\Susanne\AppData\Local\gtk-2.0 2015-11-19 23:52 - 2014-08-29 20:03 - 00000000 ____D C:\Users\Susanne\AppData\Roaming\SoftGrid Client 2015-11-19 11:42 - 2015-07-28 09:56 - 00000000 ___SD C:\Users\Susanne\AppData\LocalLow\Temp 2015-11-18 22:31 - 2014-09-01 10:27 - 00000000 ____D C:\Users\Susanne\Documents\Sonstiges 2015-11-13 17:47 - 2014-09-08 13:17 - 00000000 ____D C:\Users\Susanne\Documents\Calibre-Bibliothek 2015-11-11 15:25 - 2014-09-02 18:15 - 00000000 ____D C:\Users\Susanne\Documents\Audible 2015-11-11 14:34 - 2014-08-30 12:20 - 00000000 ____D C:\Users\Susanne\AppData\Local\Audible 2015-11-10 21:50 - 2014-08-30 18:37 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-11-10 21:50 - 2014-08-30 18:37 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-11-22 17:56 - 2015-11-22 17:56 - 0000862 _____ () C:\Users\Susanne\AppData\Local\recently-used.xbel 2010-09-17 08:19 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe Einige Dateien in TEMP: ==================== C:\Users\Susanne\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-20 19:30 ==================== Ende vom FRST.txt ============================ ADDITION: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:29-11-2015
durchgeführt von Susanne (2015-11-30 02:03:57)
Gestartet von C:\Users\Susanne\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) (2014-08-29 14:52:57)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3547935472-4146078513-3747807169-500 - Administrator - Disabled)
Gast (S-1-5-21-3547935472-4146078513-3747807169-501 - Limited - Disabled)
Susanne (S-1-5-21-3547935472-4146078513-3747807169-1000 - Administrator - Enabled) => C:\Users\Susanne
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Crystal Eye webcam (HKLM\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 4.0.2.9 - Liteon)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0624.2010 - Acer Incorporated)
Acer VCM (HKLM\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
AndroidInstaller (Version: 1.00.022 - Ihr Firmenname) Hidden
Apple Application Support (32-Bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Audacity 2.1.1 (HKLM\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AudibleManager (HKLM\...\AudibleManager) (Version: 2010264890.48.56.25169266 - Audible, Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
calibre (HKLM\...\{4ED40090-5A38-415F-B222-26DD6D3C1AEF}) (Version: 2.2.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.1.0.35473 - Connectify)
ENE USB Card Reader Driver (HKLM\...\3B29FD3CCF1F5B855DA0C521597413EBABE97DFB) (Version: 5.89.0.70 - ENE)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
File Type Advisor 1.6 (HKLM\...\File Type Advisor_is1) (Version: - )
Free M4a to MP3 Converter 8.4 (HKLM\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Ringtone Studio 9.0 (HKLM\...\Free Ringtone Studio_is1) (Version: - ManiacTools.com)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.14) (Version: 9.14 - Artifex Software Inc.)
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
idioma Connect (HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\...\5b7825971d9c1087) (Version: 1.0.0.39 - idioma)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iQube 4.2.14 (HKLM\...\{30F40BE4-A45D-4933-A692-504966A0A8F9}_is1) (Version: 4.2.14 - )
iTunes (HKLM\...\{025E78AC-BD91-4E9E-B165-3C09D4084BA4}) (Version: 12.2.2.25 - Apple Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Launch Manager (HKLM\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Oceanis Change Background Windows 7 (HKLM\...\Oceanis Change Background Windows 7_is1) (Version: 1.0 - Oceanis)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Open-Xchange Updater (HKLM\...\{D00487C5-A3A1-4637-B1FE-64E2691560E6}) (Version: 6.18.27 - Open-Xchange Inc.)
PDF24 Creator 6.9.2 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6171 - Realtek Semiconductor Corp.)
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Tome 2.2.0 (HKLM\...\{5B33A926-8AA1-4B6A-A489-5333BF9DDA1B}_is1) (Version: 2.2.0 - )
Transcription iSS (HKLM\...\{8AC20255-BE16-4100-9866-FED1D0EC5CAB}) (Version: 2.0.29 - ISS)
Trojan Remover 6.9.3.2940 (HKLM\...\Trojan Remover_is1) (Version: 6.9.3.2940 - Simply Super Software)
web'n'walk Manager (HKLM\...\web'n'walk Manager) (Version: 11.002.07.22.55 - Huawei Technologies Co.,Ltd)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
04-05-2015 16:10:19 Geplanter Prüfpunkt
06-05-2015 18:43:23 avast! antivirus system restore point
08-05-2015 20:06:53 Windows Update
10-05-2015 06:36:09 Gerätetreiber-Paketinstallation: Connectify Netzwerkdienst
12-05-2015 03:59:54 Installed BEETmobile
12-05-2015 04:43:56 Gerätetreiber-Paketinstallation: Khalil Azzouzi Netzwerkdienst
12-05-2015 05:00:51 Removed BEETmobile
12-05-2015 06:44:31 Installed WiFi HotSpot Creator
12-05-2015 08:17:27 Removed Bonjour
12-05-2015 19:57:06 Windows Update
13-05-2015 09:21:58 Installed Bonjour Print Services
13-05-2015 14:58:38 Removed WiFi HotSpot Creator
13-05-2015 15:20:29 Gerätetreiber-Paketinstallation: Connectify Netzwerkdienst
21-05-2015 15:40:51 Geplanter Prüfpunkt
01-06-2015 07:56:00 Geplanter Prüfpunkt
13-06-2015 13:29:19 Installed Windows Media Player Firefox Plugin
24-06-2015 10:35:48 Geplanter Prüfpunkt
02-07-2015 13:01:57 Geplanter Prüfpunkt
14-07-2015 11:09:34 Geplanter Prüfpunkt
21-08-2015 21:11:36 Geplanter Prüfpunkt
30-08-2015 14:14:23 Geplanter Prüfpunkt
19-10-2015 11:59:13 Geplanter Prüfpunkt
05-11-2015 23:40:08 Geplanter Prüfpunkt
13-11-2015 20:44:06 Geplanter Prüfpunkt
29-11-2015 15:37:42 ComboFix created restore point
30-11-2015 01:44:56 JRT Pre-Junkware Removal
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {044BDBE3-50DF-4B00-8D76-5D12C3D7D261} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {11E70841-C184-43EB-B935-90879C79F504} - System32\Tasks\{1BD18429-EDC1-46ED-BA4E-3BD5C27502CE} => pcalua.exe -a C:\Users\Susanne\AppData\Local\Temp\Temp1_Audio_Realtek_6.0.1.6141_W7x86_A.zip\Audio_Realtek_6.0.1.6141_Win7x86\Setup.exe
Task: {121E38B0-9894-4C8B-94C4-C34A555F21E8} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2015-07-15] (File Type Advisor)
Task: {13BD6176-6EBE-4A2D-AEF5-6E7153C782D7} - System32\Tasks\{E7C4902C-7A0A-4BD2-90AD-64BEB19AB6FD} => pcalua.exe -a C:\Users\Susanne\Documents\Sonstiges\gecko_installer\Gecko-Installer.exe -d C:\Users\Susanne\Documents\Sonstiges\gecko_installer
Task: {3E3D1279-4897-4005-94AA-FDA3C9709B26} - System32\Tasks\{42BBADB5-A613-4722-ACBE-9A1F9919B708} => pcalua.exe -a C:\Users\Susanne\Pictures\Gecko-Installer.exe -d C:\Users\Susanne\Pictures
Task: {4E74CEB8-E81A-452B-B7DC-B95C5FE89147} - \Run_Bobby_Browser -> Keine Datei <==== ACHTUNG
Task: {507E841B-636D-434C-9D0E-A16BBFF21738} - System32\Tasks\Sunrise => C:\Windows\TEMP\CUpdater\s1rc..exe
Task: {55870CAE-F2C9-4C0B-8194-D0A7E8CC236E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {7338F5FC-D931-420A-83FF-DD8F52A6D6B9} - \crash_service -> Keine Datei <==== ACHTUNG
Task: {ACF46E51-BBDB-4FBA-9F51-E25BCD3648AF} - System32\Tasks\{5B730130-515B-4652-AF42-3DA4CA5D0DF2} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179.367&LastError=404
Task: {B66DBCF5-FAD2-49C2-892C-237C4DDD7812} - System32\Tasks\{94B5FA6C-D094-4180-8F4D-48F968FA8004} => pcalua.exe -a C:\Users\Susanne\Pictures\gecko_installer\Gecko-Installer.exe -d C:\Users\Susanne\Pictures\gecko_installer
Task: {BDB77AEB-A1C3-4308-B055-3207E76616C4} - System32\Tasks\{6AB294B2-BA41-4C4F-9B5B-A9E89E374491} => Firefox.exe hxxp://ui.skype.com/ui/0/4.1.0.179.367/de/abandoninstall?source=lightinstaller&page=tsProblems&LastError=404&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {CC801994-86CB-47A3-ABF0-F59810F63736} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {E6A7C751-3DD7-4E31-97BD-97DEFA66B520} - System32\Tasks\3c91fcc2-ce59-42b3-b901-f68079520898 => C:\Users\Susanne\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ACHTUNG
Task: {F4EB71A4-0752-49CE-A2F0-0BB368B1491E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-05-06 18:49 - 2015-05-06 18:49 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-06 18:49 - 2015-05-06 18:49 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-29 21:34 - 2015-11-29 21:34 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112901\algo.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:27 - 2015-05-15 15:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-24 08:33 - 2015-03-24 08:35 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-31 07:57 - 2015-07-21 17:13 - 00715000 _____ () C:\Program Files\Connectify\log4cplus.dll
2015-04-08 20:53 - 2015-04-08 20:53 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-23 18:19 - 2015-01-23 18:19 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1266bf4bc00412e0e654ff040fff59af\IsdiInterop.ni.dll
2010-09-17 08:04 - 2010-06-08 18:44 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZ.Z.ZZZZZ.ZZ:1
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3547935472-4146078513-3747807169-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{F97692D2-3096-4D66-A91C-5580303F9270}] => (Allow) C:\Program Files\Acer\Acer VCM\VC.exe
FirewallRules: [{517880C9-A4F2-4DED-A056-61AAA0275E7C}] => (Allow) C:\Program Files\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{71BC790B-0D17-4055-B04A-F611B489A015}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{2C470230-58DE-4299-9EA6-983A0C095EE3}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9BEBDBC7-4246-4A6F-BCDB-3004F8DF7484}] => (Allow) svchost.exe
FirewallRules: [{EF504298-9C52-4B30-8DC5-D16AA4C28F0F}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{FD599803-DA53-40AB-98DF-9A3335FCDF7A}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9207A7FD-AEA1-4B41-B244-59E3A69764FC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F216393C-7C37-4FBF-AD91-B2D3418F9786}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0C26A89B-5BC5-4DD2-B202-3841407B0CAD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A91047C8-3D39-4371-92D2-C27AEDCBDBC4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DE132D74-A054-496B-9437-40F87C5F1402}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{4B60A822-05E2-4359-9A89-2CD7922A6EBA}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{8A25A8FF-15E3-4E6D-9EF1-AF3658074F70}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [{4061AA88-A721-4DBE-B133-21357EE8098E}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [{92ABEECD-18C0-4AD3-9386-BE6E669E551A}] => (Block) C:\program files\connectify\connectify.exe
FirewallRules: [{F8424B4A-8487-4175-9FF5-38D7FCB2A43F}] => (Allow) C:\Program Files\Connectify\Connectify.exe
FirewallRules: [{DAEF5931-A320-4D3B-AEC1-9AC0A9C77C0C}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{5A38E522-7C1B-4831-8111-83A97EB73352}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{BFAB225A-BF71-429F-98C7-58C6D578807E}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{D394DFB9-2CF3-441A-A93A-336689AE4A2A}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{481C4A1D-E68D-43CD-9F84-FF076801C1DE}] => (Allow) C:\Program Files\Connectify\ConnectifyNetServices.exe
FirewallRules: [{3F7DF551-CEC5-4DB0-A1B4-F432C541E969}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C3E6820-C814-4B0F-8A72-C06AD3F78971}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C7CD7DAA-7EF0-4EA3-9461-FC3E04019711}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: 1.3M WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/29/2015 11:02:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 784
Startzeit: 01d12aeeafd8305f
Endzeit: 14613
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: a3c7ae2f-96e4-11e5-852e-0026c7c4f764
Error: (11/29/2015 04:23:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pev.3XE, Version: 0.0.0.0, Zeitstempel: 0x4e06cfe8
Name des fehlerhaften Moduls: pev.3XE, Version: 0.0.0.0, Zeitstempel: 0x4e06cfe8
Ausnahmecode: 0xc0000417
Fehleroffset: 0x00081dc9
ID des fehlerhaften Prozesses: 0x1368
Startzeit der fehlerhaften Anwendung: 0xpev.3XE0
Pfad der fehlerhaften Anwendung: pev.3XE1
Pfad des fehlerhaften Moduls: pev.3XE2
Berichtskennung: pev.3XE3
Error: (11/29/2015 04:03:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 33244
Error: (11/29/2015 04:03:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 33244
Error: (11/29/2015 04:03:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (11/28/2015 05:45:48 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (11/28/2015 05:45:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Systemfehler:
=============
Error: (11/30/2015 00:00:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (11/29/2015 11:51:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (11/29/2015 11:51:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "VBoxAsw Support Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (11/29/2015 11:47:59 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (11/29/2015 11:45:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (11/29/2015 11:45:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1062
Error: (11/29/2015 11:45:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Benutzerprofildienst" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (11/29/2015 11:43:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/29/2015 11:43:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/29/2015 11:43:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Memory info ===========================
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz
Prozentuale Nutzung des RAM: 82%
Installierter physikalischer RAM: 1013.09 MB
Verfügbarer physikalischer RAM: 173.5 MB
Summe virtueller Speicher: 2541.41 MB
Verfügbarer virtueller Speicher: 888.92 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:215.79 GB) (Free:99.28 GB) NTFS
Drive d: () (Fixed) (Total:4 GB) (Free:2.66 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 496895C4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=0C)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=215.8 GB) - (Type=OF Extended)
==================== Ende vom Addition.txt ============================
|
|
30.11.2015, 20:42
| #10 |
| /// TB-Ausbilder | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Servus, wo ist die Logdatei von MBAM? (Schritt 2) . Bitte nachreichen. Hast du MBAM überhaupt vor Schritte 4 (FRST Scan) ausgeführt? |
|
30.11.2015, 21:11
| #11 |
| | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Hallo, ja habe ich, hier ist die Logdatei (ist wohl irgendwie untergegangen): Code:
ATTFilter <?xml version="1.0" encoding="UTF-8" ?>
<logs>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T00:00:18.167602+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="744ee194-6316-405e-82eb-1cdbd60f8029" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T00:00:22.545853+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="684aa7fc-f0b9-4cc9-b810-9b89abfef1f7" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T00:00:37.845728+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="7446a100-b45f-4715-ad8e-8cfa2553fcab" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="1" datetime="2015-11-30T01:21:01.874667+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="SUSANNE-NETBOOK" fromVersion="2015.11.29.2" last_modified_tag="6e1467d9-cc47-415f-b3a2-bb5d1dbbe425" name="IP Database" toVersion="2015.11.30.1"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T01:21:05.259872+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="fc158914-8a5f-4bf4-8c5e-1168d7760c9a" result="Starting" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T01:21:05.384673+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="83765fc9-0686-4072-86b7-f91ad0dd728b" result="Stopping" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T01:21:30.438317+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="dadc8784-0171-4401-aa21-cbeee50b1505" result="Stopped" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T01:23:33.804333+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="521166f5-3e38-461f-ae21-44ff4a811ed0" result="Success" subtype="Refresh"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T01:23:36.300338+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="969550c3-4ed8-4d2b-b814-a9726d9e5427" result="Starting" subtype="Malicious Website Protection"></record>
<record severity="debug" LoggingEventType="2" datetime="2015-11-30T01:24:33.993239+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="6966704d-3cc8-44f9-883d-f60bc9b8d290" result="Started" subtype="Malicious Website Protection"></record>
<record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-11-29T23:58:45+01:00" datetime="2015-11-30T01:27:53.837992+01:00" source="Manual" type="Scan" username="SYSTEM" systemname="SUSANNE-NETBOOK" last_modified_tag="92549ca5-5807-4264-ae50-742a71d4494f" duration="5346" malwaredetections="0" nonmalwaredetections="0" scanresult="completed"></record>
</logs>
|
|
01.12.2015, 13:50
| #12 |
| /// TB-Ausbilder | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Servus, das ist nicht die Logdatei des Suchlaufs. Lesestoff  MBAM-Funde posten: So gehts...Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden. Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.
 |
|
01.12.2015, 14:13
| #13 |
| | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Hallo, ich finde hier eins vom 30.11. und eins vom 1.12... ich poste mal beide, das vom 30.11. zuerst: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 30.11.2015 00:00, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 00:00, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 00:00, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 30.11.2015 01:21, SYSTEM, SUSANNE-NETBOOK, Scheduler, IP Database, 2015.11.29.2, 2015.11.30.1, Protection, 30.11.2015 01:21, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 01:21, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 01:21, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 30.11.2015 01:23, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 01:23, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 01:24, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Scan, 30.11.2015 01:27, SYSTEM, SUSANNE-NETBOOK, Manual, Start: 29.11.2015 23:58, Dauer: 1 Std. 29 Min. 6 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, Protection, 30.11.2015 10:23, SYSTEM, SUSANNE-NETBOOK, Protection, Malware Protection, Starting, Protection, 30.11.2015 10:23, SYSTEM, SUSANNE-NETBOOK, Protection, Malware Protection, Started, Protection, 30.11.2015 10:23, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 10:29, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 30.11.2015 11:18, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.11.29.4, 2015.11.30.1, Protection, 30.11.2015 11:19, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 11:19, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 11:20, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 30.11.2015 11:46, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 11:46, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 11:48, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 30.11.2015 12:20, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.11.30.1, 2015.11.30.2, Protection, 30.11.2015 12:20, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 12:20, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 12:21, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 30.11.2015 12:22, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 12:22, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 12:23, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Protection, 30.11.2015 15:46, SYSTEM, SUSANNE-NETBOOK, Protection, Malware Protection, Starting, Protection, 30.11.2015 15:46, SYSTEM, SUSANNE-NETBOOK, Protection, Malware Protection, Started, Protection, 30.11.2015 15:46, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 15:48, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 30.11.2015 16:18, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.11.30.2, 2015.11.30.3, Protection, 30.11.2015 16:19, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 16:19, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 16:20, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 30.11.2015 16:30, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 16:31, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 16:34, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Detection, 30.11.2015 16:57, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50366, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 16:57, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50366, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 16:57, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50367, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 16:57, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50386, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 16:57, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50387, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 16:57, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50390, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 16:57, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50391, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 16:58, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50422, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 16:58, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50423, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 17:00, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50455, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 17:01, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50493, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 17:02, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50507, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Detection, 30.11.2015 17:02, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, IP, 185.62.188.75, www.iceland.is, 50507, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe, Update, 30.11.2015 19:17, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.11.30.3, 2015.11.30.4, Protection, 30.11.2015 19:17, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 19:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 19:18, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 30.11.2015 19:24, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 19:24, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 19:26, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 30.11.2015 20:22, SYSTEM, SUSANNE-NETBOOK, Scheduler, Domain Database, 2015.11.29.1, 2015.11.30.1, Protection, 30.11.2015 20:22, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 20:22, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 20:24, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 30.11.2015 20:32, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 20:32, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 20:34, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 30.11.2015 21:20, SYSTEM, SUSANNE-NETBOOK, Scheduler, Domain Database, 2015.11.30.1, 2015.11.30.2, Protection, 30.11.2015 21:20, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 21:20, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 21:21, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 30.11.2015 21:24, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 21:25, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 21:26, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 30.11.2015 22:21, SYSTEM, SUSANNE-NETBOOK, Scheduler, Domain Database, 2015.11.30.2, 2015.11.30.3, Update, 30.11.2015 22:23, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.11.30.4, 2015.11.30.5, Protection, 30.11.2015 22:23, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 22:23, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 22:24, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Update, 30.11.2015 23:09, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.11.30.5, 2015.11.30.6, Protection, 30.11.2015 23:10, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 23:10, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 23:10, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 30.11.2015 23:11, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Protection, 30.11.2015 23:11, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 30.11.2015 23:11, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 30.11.2015 23:17, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 30.11.2015 23:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 30.11.2015 23:19, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, (end) hier das vom 1.12.: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 01.12.2015 10:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malware Protection, Starting, Protection, 01.12.2015 10:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malware Protection, Started, Protection, 01.12.2015 10:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 01.12.2015 10:21, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 01.12.2015 11:15, SYSTEM, SUSANNE-NETBOOK, Scheduler, IP Database, 2015.11.30.1, 2015.11.30.2, Update, 01.12.2015 11:16, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.11.30.6, 2015.12.1.2, Protection, 01.12.2015 11:16, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 01.12.2015 11:16, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 01.12.2015 11:16, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 01.12.2015 11:17, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 01.12.2015 11:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 01.12.2015 11:18, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 01.12.2015 13:07, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.12.1.2, 2015.12.1.3, Protection, 01.12.2015 13:07, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 01.12.2015 13:07, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 01.12.2015 13:08, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 01.12.2015 13:13, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 01.12.2015 13:13, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 01.12.2015 13:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, (end) |
|
01.12.2015, 14:18
| #14 |
| /// TB-Ausbilder | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Servus, beides nicht das, das ich sehen will. MBAM nochmal starten. Datenbank aktualisieren. Scannen > Bedrohungssuchlauf > Suchlauf starten Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen. Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen. Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle. Wähle das neueste Suchlaufprotokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu. |
|
01.12.2015, 17:10
| #15 |
| | extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. Hallo, ich habe es nochmal laufen lassen und das hier bekommen: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 01.12.2015 10:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malware Protection, Starting, Protection, 01.12.2015 10:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malware Protection, Started, Protection, 01.12.2015 10:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 01.12.2015 10:21, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 01.12.2015 11:15, SYSTEM, SUSANNE-NETBOOK, Scheduler, IP Database, 2015.11.30.1, 2015.11.30.2, Update, 01.12.2015 11:16, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.11.30.6, 2015.12.1.2, Protection, 01.12.2015 11:16, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 01.12.2015 11:16, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 01.12.2015 11:16, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 01.12.2015 11:17, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 01.12.2015 11:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 01.12.2015 11:18, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 01.12.2015 13:07, SYSTEM, SUSANNE-NETBOOK, Scheduler, Malware Database, 2015.12.1.2, 2015.12.1.3, Protection, 01.12.2015 13:07, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 01.12.2015 13:07, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 01.12.2015 13:08, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Protection, 01.12.2015 13:13, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Success, Protection, 01.12.2015 13:13, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Starting, Protection, 01.12.2015 13:17, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Started, Update, 01.12.2015 16:14, SYSTEM, SUSANNE-NETBOOK, Scheduler, Remediation Database, 2015.11.22.2, 2015.12.1.1, Protection, 01.12.2015 16:14, SYSTEM, SUSANNE-NETBOOK, Protection, Refresh, Starting, Protection, 01.12.2015 16:14, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopping, Protection, 01.12.2015 16:18, SYSTEM, SUSANNE-NETBOOK, Protection, Malicious Website Protection, Stopped, Update, 01.12.2015 16:25, SYSTEM, SUSANNE-NETBOOK, Scheduler, Failed, Unable to access update server, Update, 01.12.2015 16:28, SYSTEM, SUSANNE-NETBOOK, Scheduler, Failed, Unable to access update server, (end) |
|
| Themen zu extrem langsamer Rechner und zusätzlich auch noch Tohotweb.. |
| avast, ccleaner, einfach, firefox, herzlichen, installiert, langsam, langsamer, langsamer rechner, laufen, malwarebytes, meldung, nervige, neustart, nicht mehr, nichts, rechner, scan, scanne, scannen, tohotweb, trojan, windows, windows 7, wirklich, zusätzlich |
Linear-Darstellung
