| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Update funktioniert nicht+FundeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.01.2016, 14:50
| #1 |
 |  Windows 7 Update funktioniert nicht+Funde Hallo! ich hatte gestern bemerkt das mein System nicht mehr so gut läuft und hab einen neuen Virenscanner installiert.....Avast dann deinstalliert......und der brachte 4 Infektionen die der Virenscanner (CMC) auch desinfiziert hat.Habe dann versucht Windows Update zu machen aber er downloaded nicht.Habe dann wieder den CMC Anti Virus entfernt weil ich dachte das vllt die Firewall das Problem ist aber es hat sich nichts geändert. Code:
ATTFilter OTL logfile created on: 16.01.2016 02:35:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\wolverine\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18097) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.50 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 74.42% Memory free 7.00 Gb Paging File | 6.13 Gb Available in Paging File | 87.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.66 Gb Total Space | 279.62 Gb Free Space | 60.05% Space Free | Partition Type: NTFS Computer Name: X2 | User Name: wolverine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2016.01.16 02:30:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\wolverine\Desktop\OTL.exe PRC - [2015.09.30 18:46:27 | 000,445,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe PRC - [2015.07.29 03:25:58 | 000,543,744 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2015.07.29 03:25:52 | 000,214,528 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2015.07.28 22:20:22 | 000,307,400 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\AMD\ATI.ACE\Core-Static\MOM.exe PRC - [2015.07.28 22:20:18 | 000,307,912 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\AMD\ATI.ACE\Core-Static\CCC.exe PRC - [2013.10.23 23:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\wolverine\AppData\Local\FluxSoftware\Flux\flux.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2015.11.11 15:58:33 | 013,584,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\0fd068c090eb7b5bb537c7bef23ef1b2\System.Web.ni.dll MOD - [2015.11.11 15:45:58 | 018,753,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2d4e39155c2bb981dec00b0fe2dc8667\PresentationFramework.ni.dll MOD - [2015.11.11 15:45:47 | 011,014,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\28b853c62fe0ee15d56b99afeceacc5e\PresentationCore.ni.dll MOD - [2015.11.11 15:45:44 | 012,897,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ac49b0362a9648df9d2f437d27ff54ff\System.Windows.Forms.ni.dll MOD - [2015.11.11 15:44:46 | 000,797,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\fc0cb289aaf886978a3406099b59ac42\System.Runtime.Remoting.ni.dll MOD - [2015.09.22 18:20:10 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ResourceMan446ca0e5#\44eceff872e0520cca718902aaf98d93\ResourceManagement.Foundation.Implementation.ni.dll MOD - [2015.09.22 18:19:56 | 000,222,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundat03490438#\0ac0c50cd8497880e83e6dcb2d27af54\LOG.Foundation.Implementation.ni.dll MOD - [2015.09.22 18:19:52 | 000,780,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone26c9c557#\5917c39d2c295c6085e62ffda76537fd\CLI.Component.Systemtray.ni.dll MOD - [2015.09.22 18:19:51 | 000,181,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone6692ca50#\45e08f7b70553d5669f7dfb6b65faddd\CLI.Component.Runtime.ni.dll MOD - [2015.09.22 18:19:48 | 000,140,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone29e547cc#\1dce9d7350fd8c2e42511a2762e61034\CLI.Component.Dashboard.ProfileManager2.ni.dll MOD - [2015.09.22 18:19:47 | 000,755,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone6bf88b08#\fa4b1eb63b069faa77fe47874b6eb25d\CLI.Component.Dashboard.ni.dll MOD - [2015.09.22 18:19:45 | 007,732,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine0616f305#\1fcadf565a463f78689c9229bf7e46d7\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll MOD - [2015.09.22 18:19:42 | 002,536,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G962aa464#\e6ce0ae2f2b4154bd821074b6d0b7e9e\CLI.Caste.Graphics.Runtime.ni.dll MOD - [2015.09.22 18:19:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4bbb0755#\e5d417288fa27c06b76e92888796ac38\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll MOD - [2015.09.22 18:19:34 | 003,118,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e9fd7406#\68131464c26035c5b23498b1abebf90e\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll MOD - [2015.09.22 18:19:29 | 000,556,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.846fa813#\d4f5ffa32c475ba3348f174ca425d583\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll MOD - [2015.09.22 18:19:24 | 000,068,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ae5e117c#\305a10286029ab92dbee40f0956bc8b8\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll MOD - [2015.09.22 18:19:23 | 001,576,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.aa59351a#\99a6962ed8eb6f51bbf468ae12269eb2\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll MOD - [2015.09.22 18:19:22 | 006,233,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e6d9f3a8#\0ab02895fbd039886fbdea32ffb960ad\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll MOD - [2015.09.22 18:19:20 | 000,428,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8e996306#\a47f98b15d83ec7043d8a8159314fe15\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll MOD - [2015.09.22 18:19:19 | 000,465,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Gee7d2dbc#\8370ac3232dba7cf94360ba57ceb72b4\CLI.Caste.Graphics.Dashboard.ni.dll MOD - [2015.09.22 18:19:18 | 001,446,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Gd9d9b43b#\0f6388bd4b548dc588902711ec628751\CLI.Caste.Graphics.Dashboard.Shared.ni.dll MOD - [2015.09.22 18:19:18 | 000,075,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ec8786e5#\fab6a4bcf3b7c41b61ae6d352a8d3b2e\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll MOD - [2015.09.22 18:19:17 | 001,935,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wfbf9373c#\89a528600f321471024356ef425b82d3\Microsoft.WindowsAPICodePack.Shell.ni.dll MOD - [2015.09.22 18:19:15 | 000,857,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundatd3771151#\486a07ea8cc19ff8b6196959a17a93fb\CLI.Foundation.Client.ni.dll MOD - [2015.09.22 18:19:15 | 000,265,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W8090224c#\f71927024aea4c665a4d3f0519a2dee9\Microsoft.WindowsAPICodePack.ni.dll MOD - [2015.09.22 18:19:15 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\9237b985c80ea51de121bc5572229627\WindowsFormsIntegration.ni.dll MOD - [2015.09.22 18:19:14 | 000,108,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone168638d1#\33c528658e7efb4c66324a24a4de8498\CLI.Component.Client.Shared.Private.ni.dll MOD - [2015.09.22 18:19:14 | 000,068,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componef4cf054f#\6a8af448a6658b942cbad0cf1f5fa461\CLI.Component.Dashboard.Shared.ni.dll MOD - [2015.09.22 18:19:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ResourceManf163905a#\c6e984fedad860d886976179e87d033d\ResourceManagement.Foundation.Private.ni.dll MOD - [2015.09.22 18:19:14 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componef1fd67b2#\2fea17f65fffe01b5f589686a177071c\CLI.Component.Client.Shared.ni.dll MOD - [2015.09.22 18:19:10 | 001,564,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componec89c3bec#\e04faa0562783b91d43b16eba211fcc3\CLI.Component.Dashboard.Shared.Private.ni.dll MOD - [2015.09.22 18:19:08 | 002,151,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G60a7b4d1#\4893b2bcb7131e2a3daae9d73763d26d\CLI.Caste.Graphics.Shared.ni.dll MOD - [2015.09.22 18:19:05 | 000,237,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundation\aa62b060b43fba014ef3345c0c8f896e\CLI.Foundation.ni.dll MOD - [2015.09.22 18:19:04 | 000,214,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.5d945b6b#\0332a705d4f451c56c59dddef3bb7c50\AEM.Plugin.Source.Kit.Server.ni.dll MOD - [2015.09.22 18:19:01 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundat5023f8e7#\a9851d094fbf76380135ecedaf479620\LOG.Foundation.Private.ni.dll MOD - [2015.09.22 18:19:01 | 000,102,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundation\764d81f00a8f14e329119a10ca5fe5f6\LOG.Foundation.ni.dll MOD - [2015.09.22 17:58:11 | 001,639,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fe41e3eae34ac29f3c1f03a03d8aa1af\System.Drawing.ni.dll MOD - [2015.08.11 17:02:20 | 000,313,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM.Implementation\e4c5afcafc63cb27d61b6181c05aecaa\MOM.Implementation.ni.dll MOD - [2015.08.11 17:02:14 | 000,048,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat60cdf5df#\e9278f4262bbda822bef645459265f9a\CLI.Foundation.XManifest.ni.dll MOD - [2015.08.11 17:02:13 | 000,198,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.73911eb5#\860b9dc4e94890926ba0c2c2216d8fd8\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll MOD - [2015.08.11 17:02:12 | 000,091,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ATICCCom\70dca4f735568a05cb1fdc18170e8ede\ATICCCom.ni.dll MOD - [2015.08.11 17:02:12 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componeb4d0485c#\b0ef9a318e01fc2b2a9a4082b40efd97\CLI.Component.Runtime.Extension.EEU.ni.dll MOD - [2015.08.11 17:02:06 | 000,878,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine7332395e#\d90a455af733e86747116725874b13d5\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll MOD - [2015.08.11 17:02:06 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.382a3def#\949df9999aa9b2b1380bf4f3ccc2f6ea\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll MOD - [2015.08.11 17:02:03 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pdb36d56e#\6693d1c27c78a592054c85e2d32d81a2\CLI.Caste.Platform.Runtime.ni.dll MOD - [2015.08.11 17:02:02 | 000,036,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.H18c99613#\ee2758b2e83a48cb63ae0475c12bbd22\CLI.Caste.HydraVision.Runtime.ni.dll MOD - [2015.08.11 17:02:02 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pac40511b#\b8f93b38dfabec999cb5142222a1b6ac\CLI.Caste.Platform.Shared.ni.dll MOD - [2015.08.11 17:02:02 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.H92ba4e46#\60b9b7f4ead13b09a657dc079fcba89f\CLI.Caste.HydraVision.Shared.ni.dll MOD - [2015.08.11 17:02:02 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Hbb906c0b#\04a19d77d26fb727c66d3d2312ec16dc\CLI.Caste.HydraVision.Dashboard.ni.dll MOD - [2015.08.11 17:02:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pfeefa2b6#\4d6f45b17b33659a518472d6f24aadb4\CLI.Caste.Platform.Dashboard.ni.dll MOD - [2015.08.11 17:01:58 | 000,235,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.F36b07a2b#\76e706a89c995b3b7fa3da5ab459bcb5\CLI.Caste.Fuel.Runtime.ni.dll MOD - [2015.08.11 17:01:58 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Fuel.Foundation\ed7f5dcacc51887a4d6e1aedfa9e2bee\Fuel.Foundation.ni.dll MOD - [2015.08.11 17:01:58 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Ff3085433#\022fb20abb1b1056f31997fae98dc24d\CLI.Caste.Fuel.Dashboard.ni.dll MOD - [2015.08.11 17:01:57 | 000,042,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.A4.Runtime\8f9b0b7f7bc60c0dfc13fc6a68abbcbb\CLI.Caste.A4.Runtime.ni.dll MOD - [2015.08.11 17:01:57 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Af820fedc#\05d8f3c94bf3344f0b5445a5a005f260\CLI.Caste.A4.Dashboard.ni.dll MOD - [2015.08.11 17:01:54 | 000,051,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8350f5c6#\ff4fcafc35ff63505e1973502e9da4b4\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll MOD - [2015.08.11 17:01:53 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.a765109e#\9f27481b8494fd543e7780b3244eebb1\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll MOD - [2015.08.11 17:01:53 | 000,039,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.f480a2f3#\7f0d38d6ce24686955776a561b6a96fb\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:52 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.3a6f1658#\d112f4050b7c7f7f2d01792d3010e7f6\CLI.Aspect.TransCode.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:52 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ef3eaa4d#\e3aacf9f2cf7d5151c43a1dc46fd4ec6\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll MOD - [2015.08.11 17:01:50 | 000,558,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8d333b6b#\06e42ad30aa959b361cda49beb8a55b6\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:45 | 000,265,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c7aaa0f8#\9d9623b883abbd9964883a3f9b24dfd9\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:45 | 000,245,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.87ad5c75#\9efea343177bb3bf2741b4457ae0ded1\CLI.Aspect.OverDrive5.Graphics.Dashboard.ni.dll MOD - [2015.08.11 17:01:44 | 000,130,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.30dea481#\ca03efebad266effd6187fb1e34db5f4\CLI.Aspect.MultiVPU4.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:41 | 000,206,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e8635fc7#\27fe64bb4379f505700228cddaf9d039\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll MOD - [2015.08.11 17:01:38 | 000,072,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.9cd1e9e7#\b74320501b138aba42ece76cab734878\CLI.Aspect.FPS.Graphics.Dashboard.ni.dll MOD - [2015.08.11 17:01:38 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.a6cd7fff#\2843ccc71c884fdb19ebd84839682d5d\CLI.Aspect.FPS.Graphics.Runtime.ni.dll MOD - [2015.08.11 17:01:38 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.52c6dbaa#\fd17d2904d2da757d64b87f6f9b6a2cd\CLI.Aspect.FPS.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:36 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G60338cc0#\dc78149cc4335ab4e469668c9477a920\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll MOD - [2015.08.11 17:01:34 | 000,235,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.9b707b25#\3bac000ad53d7c2e7e547af4e2a89218\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll MOD - [2015.08.11 17:01:34 | 000,054,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.b0a7c1fb#\e678e9c5a5caf3b74dfdad59bf866d09\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll MOD - [2015.08.11 17:01:33 | 000,188,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.eda8935e#\da73826623778cda1d1d0fb10b4aa2b9\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:30 | 000,271,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.b3da5a8f#\2fb8f0b6285d8b74e34716a24d72c790\CLI.Aspect.PowerXpress.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:30 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c854b457#\ab677cea5b65675aeb740cfb6a108432\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.F24de14fe#\457af270c08672cd540839041c5b7a99\CLI.Caste.Fuel.Shared.ni.dll MOD - [2015.08.11 17:01:28 | 000,161,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4542c692#\8b56f0439fb9e1a03c257c3c7dc343a7\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:28 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.a0ae52bc#\9d0d15fc0e19fb7afbab185d9dd1b876\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:28 | 000,020,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.37d3d968#\21fe5f0bea0ab3f8ebfacd1a67011e51\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:27 | 000,354,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.acb9d930#\5bf18d6ed5980304fbb0f0c59cdfd453\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:27 | 000,273,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.7ec2db45#\9cdff24a22e7d2c2736af4d92ee4351a\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:26 | 000,097,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.3399d0ec#\ac8bc1072df6350dfa07e5c82acdafb0\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll MOD - [2015.08.11 17:01:25 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone59f353b4#\06ccea00a07c7a998897b5571e55306a\CLI.Component.Runtime.Shared.Private.ni.dll MOD - [2015.08.11 17:01:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.A4.Shared\4c9e426908b1d956b8600d9f66e63ad2\CLI.Caste.A4.Shared.ni.dll MOD - [2015.08.11 17:01:18 | 000,152,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CCC.Implementation\a63fb4113a275f6954e68c57d0d17f8f\CCC.Implementation.ni.dll MOD - [2015.08.11 17:01:18 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundatcaafa75b#\d1a25ba702e0eab536efdda813dac1b5\LOG.Foundation.Implementation.Private.ni.dll MOD - [2015.08.11 17:01:18 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM.Foundation\cdd880cd6521c95228a7b584b16a5e4f\MOM.Foundation.ni.dll MOD - [2015.08.11 17:01:16 | 000,991,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Localizatio01dbc1c0#\96e8663e872fc0c744fa7b42484a1f7c\Localization.Foundation.Private.ni.dll MOD - [2015.08.11 17:01:15 | 000,202,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\APM.Server\96f44cffb106b3ed3179a65652edd416\APM.Server.ni.dll MOD - [2015.08.11 17:01:15 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat3d5d3945#\7c5b5a64cfaef07d01faac46154e314b\CLI.Foundation.Private.ni.dll MOD - [2015.08.11 17:01:15 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\APM.Foundation\1275c006e0005af530db4a6265599e21\APM.Foundation.ni.dll MOD - [2015.08.11 17:01:13 | 000,193,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Server\577307b84531d57fd9b4f18529a3fe9f\AEM.Server.ni.dll MOD - [2015.08.11 17:01:13 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone1b4a8c97#\c53540a1fd092f0dad0dcc479b3a3b78\CLI.Component.Runtime.Shared.ni.dll MOD - [2015.08.11 17:01:12 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat619559bd#\9a6cf5ae9ce14856709613de22e21166\CLI.Foundation.CoreAudioAPI.ni.dll MOD - [2015.08.11 17:01:12 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.674d2b8a#\41ff1a57274f28e739124af8535578d7\AEM.Plugin.WinMessages.Shared.ni.dll MOD - [2015.08.11 17:01:11 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics\240d8a1430eb758e984bcf0a354ef031\DEM.Graphics.ni.dll MOD - [2015.08.11 17:01:11 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Server.Shared\fa548ce604a3c1885f22cc3997a34eb5\AEM.Server.Shared.ni.dll MOD - [2015.08.11 17:01:10 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.2b6a6775#\ebb36e1a1b8b3a0322891ccdac21e654\AEM.Plugin.Hotkeys.Shared.ni.dll MOD - [2015.08.11 17:01:10 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.88aba5d2#\aaeaac54ea90b766cfbab9f4ef371ae8\AEM.Plugin.REG.Shared.ni.dll MOD - [2015.08.11 17:01:09 | 000,043,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\NEWAEM.Foundation\26667397a52050a7099dc91bc07a67fe\NEWAEM.Foundation.ni.dll MOD - [2015.08.11 17:01:09 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.0a1309f7#\5b426967e8e2cf2d3d72c40b706f5c33\AEM.Plugin.EEU.Shared.ni.dll MOD - [2015.08.11 17:01:09 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.GD.Shared\3a97082aacede48a6e976352939a1d92\AEM.Plugin.GD.Shared.ni.dll MOD - [2015.08.11 17:01:08 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Actions5dc83b46#\c132652cb6c1bc7777462b4070132aae\AEM.Actions.CCAA.Shared.ni.dll MOD - [2015.08.11 17:01:07 | 000,026,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\A4.Foundation\8736e7648512446b2533414af66ddb11\A4.Foundation.ni.dll MOD - [2015.07.28 09:25:22 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0812\bf3ce9d9ade696370b9b49ea63642bc4\DEM.Graphics.I0812.ni.dll MOD - [2015.07.28 09:25:22 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0805\88c9b6f0c235d6e165b987e7a2844066\DEM.Graphics.I0805.ni.dll MOD - [2015.07.28 09:25:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0703\ec8c1b2ea3933b5a4a0101c18b0902e9\DEM.Graphics.I0703.ni.dll MOD - [2015.07.28 09:25:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I1010\aeb8512cda9b4d4d2019be3365d6635d\DEM.Graphics.I1010.ni.dll MOD - [2015.07.28 09:25:07 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0906\2992c7869f9a3e33d93c1528a46ff2ca\DEM.Graphics.I0906.ni.dll MOD - [2015.07.28 09:24:41 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0709\7ff837c0c4063fb0ba2d2bd8a1acee51\DEM.Graphics.I0709.ni.dll MOD - [2015.07.28 09:24:38 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0804\bc24ec6e829520c45fdd6bc97da09235\DEM.Graphics.I0804.ni.dll MOD - [2015.07.28 09:24:38 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0912\80aefc18cb55a7ddc4ea3cdac1373d79\DEM.Graphics.I0912.ni.dll MOD - [2015.07.28 09:24:38 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0706\bcbab65705590d1328e06b7158c0dc94\DEM.Graphics.I0706.ni.dll MOD - [2015.07.28 09:24:38 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0712\29d9db152f22aa852fa6ef58ddca0187\DEM.Graphics.I0712.ni.dll MOD - [2015.07.28 09:24:23 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CCC\a7203178cfd8677b8725ad8805e58a1c\CCC.ni.exe MOD - [2015.07.28 09:24:17 | 000,089,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0601\65d73ff6749dc0a63e709ac81610a13d\DEM.Graphics.I0601.ni.dll MOD - [2015.07.28 09:24:17 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Foundation\648c1fe200ecdd73223437371070d29e\DEM.Foundation.ni.dll MOD - [2015.07.28 09:24:14 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ADL.Foundation\3f0510ebf9a24cfd0a37e00839e0f69a\ADL.Foundation.ni.dll MOD - [2015.05.13 18:51:12 | 000,017,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM\013c74568caf69469df08ef770c6a71b\MOM.ni.exe MOD - [2015.05.13 16:59:07 | 000,967,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\908075c4922acdf834c67ac802814c9d\System.Configuration.ni.dll MOD - [2015.05.13 16:58:35 | 003,904,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\efd34838fa44da246b78328f4432eac7\WindowsBase.ni.dll MOD - [2015.05.13 16:58:22 | 006,982,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c61bafa9d029e3f2bf83bd5af3f1f5ac\System.Core.ni.dll MOD - [2015.01.16 16:13:15 | 010,069,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll MOD - [2015.01.16 16:07:30 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\9e42fe7c83345249b5dde1693d1bf8b5\PresentationFramework-SystemXml.ni.dll MOD - [2015.01.16 14:59:15 | 007,793,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6ee4ffbd9a86ac1e7b01800b6fe9c7\System.Xml.ni.dll MOD - [2015.01.16 14:59:06 | 001,873,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\1196cc375887ce75f134047505fe19bf\System.Xaml.ni.dll MOD - [2015.01.16 14:57:56 | 000,458,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\5e3e26e6c81809aab854ea76a884fde2\PresentationFramework.Aero.ni.dll MOD - [2015.01.16 14:57:31 | 017,207,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll ========== Services (SafeList) ========== SRV - [2015.10.30 23:36:30 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2015.07.29 03:25:52 | 000,214,528 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2015.07.22 18:53:34 | 000,937,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack) SRV - [2015.07.09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\zamguard32.sys -- (ZAM_Guard) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\zam32.sys -- (ZAM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetndis.sys -- (andnetndis) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetmodem.sys -- (ANDNetModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetdiag.sys -- (AndNetDiag) DRV - [2015.07.29 04:14:14 | 019,503,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2015.07.29 03:21:52 | 000,532,480 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2015.07.15 11:20:30 | 000,078,848 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2014.03.19 01:24:18 | 000,037,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2014.03.19 01:24:16 | 000,043,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2014.03.19 01:24:14 | 000,042,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2014.03.19 01:24:14 | 000,010,136 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2013.10.02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 13:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010.11.20 13:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010.11.20 11:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.14 08:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.07.16 04:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 F7 64 2B C3 A4 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {F659E625-502C-45A6-B0CC-A0BCF2920531} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{F659E625-502C-45A6-B0CC-A0BCF2920531}: "URL" = https://www.google.com/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.9.36 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:40.0.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 43.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.07.25 13:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wolverine\AppData\Roaming\mozilla\Extensions [2015.10.18 14:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wolverine\AppData\Roaming\mozilla\Firefox\Profiles\8o5fdbey.default-1430503317838\extensions [2016.01.14 18:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wolverine\AppData\Roaming\mozilla\Firefox\Profiles\8qwtscld.tghtggsgggrtg\extensions [2016.01.09 13:29:21 | 000,563,263 | ---- | M] () (No name found) -- C:\Users\wolverine\AppData\Roaming\mozilla\firefox\profiles\8qwtscld.tghtggsgggrtg\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015.11.07 10:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2016.01.08 13:58:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF File not found (No name found) -- C:\USERS\WOLVERINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8O5FDBEY.DEFAULT-1430503317838\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI O1 HOSTS File: ([2015.10.18 15:07:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [f.lux] C:\Users\wolverine\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.39 78.42.43.39 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE3A6D0B-97D3-4621-AD2A-3274BE425E4B}: DhcpNameServer = 82.212.62.39 78.42.43.39 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2016.01.16 02:30:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\wolverine\Desktop\OTL.exe [2016.01.16 01:43:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2016.01.15 23:52:45 | 000,000,000 | ---D | C] -- C:\Users\wolverine\Documents\CMC [2016.01.15 23:51:57 | 000,238,016 | ---- | C] (EldoS Corporation) -- C:\Windows\System32\drivers\cbfltfs3x32.sys [2016.01.15 23:51:54 | 000,000,000 | ---D | C] -- C:\Users\wolverine\AppData\Local\CMC [2016.01.15 23:51:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\JAIL [2016.01.15 23:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\CMC [2016.01.15 21:26:40 | 093,403,201 | ---- | C] (CMC Antivirus 2014 ) -- C:\Users\wolverine\Desktop\setupCMCAV.exe [2015.12.30 18:53:15 | 001,988,928 | ---- | C] (Kaspersky Lab) -- C:\Users\wolverine\Desktop\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7695.exe [2015.12.24 16:51:34 | 002,521,272 | ---- | C] (NesterSoft Inc.) -- C:\Users\wolverine\Desktop\SpyDetectFree.exe [2015.12.19 16:40:59 | 001,599,336 | ---- | C] (Malwarebytes) -- C:\Users\wolverine\Desktop\JRT.exe ========== Files - Modified Within 30 Days ========== [2016.01.16 02:30:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\wolverine\Desktop\OTL.exe [2016.01.16 02:30:13 | 000,013,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016.01.16 02:30:13 | 000,013,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016.01.16 02:23:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016.01.16 02:23:30 | 2817,826,816 | -HS- | M] () -- C:\hiberfil.sys [2016.01.15 23:02:05 | 000,701,356 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2016.01.15 23:02:05 | 000,654,858 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2016.01.15 23:02:05 | 000,150,256 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2016.01.15 23:02:05 | 000,122,730 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2016.01.15 21:43:01 | 093,403,201 | ---- | M] (CMC Antivirus 2014 ) -- C:\Users\wolverine\Desktop\setupCMCAV.exe [2015.12.30 19:00:19 | 000,002,687 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2015.12.30 18:53:16 | 001,988,928 | ---- | M] (Kaspersky Lab) -- C:\Users\wolverine\Desktop\kss15.0.0.737en_ru_de_fr_es_it_zh-hans_pl_tr_nl_cs_7695.exe [2015.12.23 13:38:47 | 000,000,715 | ---- | M] () -- C:\Users\wolverine\AppData\Roaming\burnaware.ini [2015.12.19 16:41:00 | 001,599,336 | ---- | M] (Malwarebytes) -- C:\Users\wolverine\Desktop\JRT.exe ========== Files Created - No Company Name ========== [2015.07.29 04:09:54 | 000,203,776 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2015.07.29 03:26:06 | 000,143,872 | ---- | C] () -- C:\Windows\System32\atieah32.exe [2015.07.29 03:26:04 | 000,189,952 | ---- | C] () -- C:\Windows\System32\amdgfxinfo32.dll [2015.07.29 03:19:46 | 000,102,400 | ---- | C] () -- C:\Windows\System32\hsa-thunk.dll [2015.07.13 16:19:34 | 000,167,456 | ---- | C] () -- C:\Windows\System32\amde31a.dat [2015.07.13 16:19:20 | 000,169,152 | ---- | C] () -- C:\Windows\System32\ativce03.dat [2015.07.10 08:40:10 | 000,833,798 | ---- | C] () -- C:\Windows\System32\amdicdxx.dat [2015.07.06 20:33:18 | 000,100,816 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2015.05.29 02:21:32 | 000,255,808 | ---- | C] () -- C:\Windows\System32\ativvaxy_cz_nd.dat [2015.05.29 02:17:22 | 000,250,884 | ---- | C] () -- C:\Windows\System32\ativvaxy_FJ.dat [2015.05.29 02:15:12 | 000,249,088 | ---- | C] () -- C:\Windows\System32\ativvaxy_FJ_nd.dat [2015.05.29 02:10:56 | 000,322,868 | ---- | C] () -- C:\Windows\System32\ativvaxy_vi.dat [2015.05.29 02:08:18 | 000,321,200 | ---- | C] () -- C:\Windows\System32\ativvaxy_vi_nd.dat [2015.05.29 02:00:40 | 000,234,420 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2015.05.29 01:58:30 | 000,232,752 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2014.11.20 21:35:00 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2014.11.06 11:53:26 | 000,737,410 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2013.01.24 21:19:59 | 000,001,461 | ---- | C] () -- C:\Users\wolverine\AppData\Local\RecConfig.xml [2012.04.04 10:07:34 | 000,007,605 | ---- | C] () -- C:\Users\wolverine\AppData\Local\Resmon.ResmonCfg [2012.01.07 02:25:51 | 000,000,715 | ---- | C] () -- C:\Users\wolverine\AppData\Roaming\burnaware.ini [2011.12.20 14:41:18 | 000,458,083 | ---- | C] () -- C:\Users\wolverine\AppData\Local\census.cache [2011.12.20 14:41:04 | 000,106,226 | ---- | C] () -- C:\Users\wolverine\AppData\Local\ars.cache [2011.12.20 13:47:09 | 000,000,036 | ---- | C] () -- C:\Users\wolverine\AppData\Local\housecall.guid.cache [2011.11.06 18:38:57 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.11.06 03:17:01 | 000,001,877 | -H-- | C] () -- C:\Users\wolverine\AppData\Roaming\xpy.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.08.06 18:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.26 14:32:43 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\.purple [2013.11.18 00:35:54 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\4Media [2013.02.03 22:59:30 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\aignes [2015.11.05 15:08:32 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\AMD [2014.08.11 00:21:04 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Ashampoo [2013.01.25 23:05:23 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Audacity [2013.04.14 19:36:04 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Auslogics [2014.11.03 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\avidemux [2013.11.01 15:58:28 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\calibre [2015.11.29 14:41:20 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Canneverbe Limited [2013.10.30 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Canon [2014.02.04 23:05:25 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Digiarty [2012.06.28 22:58:23 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\DisplayTune [2014.01.22 14:56:27 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\DVDVideoSoft [2014.02.21 00:53:20 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Foxit Software [2014.10.29 19:44:41 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Greenshot [2013.01.25 00:12:36 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Import Audio from Video [2012.01.14 01:33:03 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\InfraRecorder [2013.11.17 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\IObit [2013.04.03 18:41:54 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Jumping Bytes [2013.04.26 23:31:52 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Leadertech [2015.09.24 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\LG Electronics [2015.07.28 09:22:17 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\library_dir [2014.10.21 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\LibreOffice [2013.11.08 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\MPC-HC [2014.10.03 14:59:17 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\office6 [2015.05.28 14:11:30 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\OpenOffice [2012.03.25 18:50:59 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\OpenOffice.org [2014.09.21 11:01:44 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\Panda Security [2014.12.05 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\QuickScan [2014.02.15 22:48:06 | 000,000,000 | ---D | M] -- C:\Users\wolverine\AppData\Roaming\SharePod ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.01.2016 02:35:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\wolverine\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18097)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.50 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 74.42% Memory free
7.00 Gb Paging File | 6.13 Gb Available in Paging File | 87.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 279.62 Gb Free Space | 60.05% Space Free | Partition Type: NTFS
Computer Name: X2 | User Name: wolverine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000EF65-BE80-3B99-BDE5-84C515C3F64C}" = Microsoft .NET Framework 4.5.2 (DEU)
"{00A3E636-DD3D-B92F-2D54-E2012EA9E68F}" = CCC Help Greek
"{0930155C-4E2F-6E2D-E966-6541B1715E28}" = CCC Help Italian
"{0E811725-6BA2-646D-22D5-63FE9160EEAD}" = CCC Help Danish
"{0F441DF6-5278-46AC-6F4E-42DCFC7F775F}" = CCC Help Turkish
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX390_series" = Canon MX390 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1E8B1577-BBCC-55A0-C939-09C90C42CF84}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{275A7997-4C4A-DDE0-FC63-E6FDAEB985EC}" = ATI AVIVO Codecs
"{27971C1D-9424-92FC-4C00-AE56B0767E90}" = CCC Help Spanish
"{2AAA4CF8-949E-0B51-C3D9-EAD9F8189431}" = Catalyst Control Center Graphics Previews Common
"{2E61F80D-8F43-C254-2FDB-6B8FDAF37AF9}" = CCC Help Portuguese
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{3D74D109-4068-6F03-3AD8-75357DF62B70}" = CCC Help Dutch
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40DF54B5-E0B6-6ECB-02C7-C1064E06EAA1}" = CCC Help Korean
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{4D77F2B4-14CE-CF36-83C8-AB44E328DB27}" = CCC Help Japanese
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5238C282-8CC5-C5E4-17DA-39DD772E09A3}" = CCC Help Thai
"{5AA0E269-92DB-328C-7BC5-53547E1E3FCE}" = CCC Help French
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7601F4BD-2DFD-2C85-F623-F06E097D2D61}" = AMD Catalyst Install Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B6DB690-4552-9EDC-40F3-4F73B2B98EB1}" = AMD Wireless Display v3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85494707-8DE1-3F79-9B74-A619BA2188A4}" = AMD Media Foundation Decoders
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{917509EB-4AAD-05B8-F4AC-D5F39FE81C6A}" = CCC Help Hungarian
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.2 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{99BD80FE-6035-B86F-BD2C-26590A1B3B79}" = AMD Drag and Drop Transcoding
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADEBDA7-C8E0-5B99-9E32-10F7AC1B1DA4}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C13F99C-6E1A-4126-AE91-EAA2DADE08D6}" = LibreOffice 4.3.2.2
"{A0C3862E-2006-BACA-2C60-5D8B8FFD9951}" = AMD Wireless Display v3.0
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7A1DFA0-0294-1607-9A90-86FABB3B524F}" = Catalyst Control Center Localization All
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}" = OpenOffice 4.1.1
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B291A43D-3588-86E1-DABF-DC4C122E9361}" = CCC Help Chinese Standard
"{B9443CDE-47CB-38EE-5D3C-9C82507E1BF2}" = CCC Help Norwegian
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{CA17AC98-DA1B-A84D-0921-AD1B1C3DF2CF}" = AMD Wireless Display v3.0
"{CB4E76E0-EC6F-B3FB-DD86-9EAA2AEFC1C6}" = CCC Help English
"{CEC10FBF-E009-E406-9EC4-0EEB7FC25CD1}" = CCC Help Chinese Traditional
"{D427123D-6FED-3FF4-8490-49BAD3970C11}" = AMD Accelerated Video Transcoding
"{D9A85F14-FFA5-40B1-8402-80D510D48D01}" = calibre
"{DAF4BBF5-DEC4-A63C-0E15-31B4C0D761A1}" = CCC Help Russian
"{DBFC3356-25AF-A1D4-8E18-F15BD4B2DBB2}" = CCC Help Finnish
"{E939FBFE-85E7-A95F-8D30-26B27B5D6426}" = CCC Help Polish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2AF165F-4CA7-9625-643B-015F5AB5CF5C}" = CCC Help German
"{F509C1F4-0029-49F9-B145-A4C4E8DF4819}" = paint.net
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FBBF30C7-E5C4-50B5-7555-D77A892ED80E}" = AMD Catalyst Control Center
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.16
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"Canon MX390 series Benutzerregistrierung" = Canon MX390 series Benutzerregistrierung
"Canon MX390 series On-screen Manual" = Canon MX390 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FormatFactory" = FormatFactory 3.6.0.0
"Foxit Reader_is1" = Foxit Reader
"Greenshot_is1" = Greenshot 1.2.6.12
"jdownloader2" = JDownloader 2
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 43.0.4 (x86 de)" = Mozilla Firefox 43.0.4 (x86 de)
"Revo Uninstaller" = Revo Uninstaller 1.95
"Speed Dial Utility" = Canon Kurzwahlprogramm
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.11 (32-bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = f.lux
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.01.2016 20:44:43 | Computer Name = X2 | Source = System Restore | ID = 8193
Description =
Error - 15.01.2016 20:45:59 | Computer Name = X2 | Source = VSS | ID = 13
Description =
Error - 15.01.2016 20:45:59 | Computer Name = X2 | Source = VSS | ID = 12292
Description =
Error - 15.01.2016 20:45:59 | Computer Name = X2 | Source = VSS | ID = 8193
Description =
Error - 15.01.2016 20:45:59 | Computer Name = X2 | Source = System Restore | ID = 8193
Description =
Error - 15.01.2016 21:17:57 | Computer Name = X2 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cmccore.exe, Version: 0.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0x00000000 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x6ac Startzeit der fehlerhaften Anwendung: 0x01d14ff80a65968f Pfad der fehlerhaften
Anwendung: C:\Program Files\CMC\Antivirus\cmccore.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: f97661fe-bbee-11e5-89d8-f46d04626921
Error - 15.01.2016 21:19:19 | Computer Name = X2 | Source = VSS | ID = 13
Description =
Error - 15.01.2016 21:19:19 | Computer Name = X2 | Source = VSS | ID = 12292
Description =
Error - 15.01.2016 21:19:19 | Computer Name = X2 | Source = VSS | ID = 8193
Description =
Error - 15.01.2016 21:19:19 | Computer Name = X2 | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 15.01.2016 17:59:45 | Computer Name = X2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 15.01.2016 17:59:46 | Computer Name = X2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 15.01.2016 17:59:46 | Computer Name = X2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 15.01.2016 17:59:47 | Computer Name = X2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 15.01.2016 19:04:38 | Computer Name = X2 | Source = Service Control Manager | ID = 7034
Description = Dienst "CMC eEngine service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 15.01.2016 20:52:17 | Computer Name = X2 | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 15.01.2016 20:53:43 | Computer Name = X2 | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 15.01.2016 21:22:48 | Computer Name = X2 | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 15.01.2016 21:24:15 | Computer Name = X2 | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 15.01.2016 21:25:58 | Computer Name = X2 | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.2 (01.06.2016) Operating System: Windows 7 Ultimate x86 Ran by wolverine (Administrator) on 16.01.2016 at 2:19:19.71 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\Users\wolverine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OEPWOGF (Folder) Successfully deleted: C:\Users\wolverine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3K18TBCM (Folder) Successfully deleted: C:\Users\wolverine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IF0O1EX4 (Folder) Successfully deleted: C:\Users\wolverine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JZL5CQFP (Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.01.2016 at 2:20:28.01 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Geändert von Valerius (16.01.2016 um 15:18 Uhr) |
| Themen zu Windows 7 Update funktioniert nicht+Funde |
| antivirus, autorun, canon, cdrom, defender, error, escan, explorer, firefox, format, harddisk, install.exe, kaspersky, logfile, malwarebytes, microsoft, nodrives, realtek, registry, revo uninstaller, rundll, scan, software, system32, treiber, update, windows, winlogon, wmp |
Baum-Darstellung