|
Plagegeister aller Art und deren Bekämpfung: Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.03.2016, 17:28 | #16 |
/// TB-Ausbilder | Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Servus, wird es noch genutzt? |
10.03.2016, 21:21 | #17 |
| Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Nein, kann weg
__________________ |
11.03.2016, 07:13 | #18 |
/// TB-Ausbilder | Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Servus,
__________________dann deinstalliere OkayFreedom über die Systemsteuerung. Anschließend nochmal FRST bitte sowie eine Info, wie der Rechner aktuell läuft:
|
12.03.2016, 13:39 | #19 |
| Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Hi, es scheint soweit alles in Ordnung zu sein. Es wurden keine weiteren Nachrichten von meinem Skype verschickt. Habe dort sicherheitshalber das Passwort geändert. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 durchgeführt von Gabriel (Administrator) auf GABRIEL-PC (12-03-2016 13:36:13) Gestartet von C:\Users\Gabriel\Desktop Geladene Profile: Gabriel (Verfügbare Profile: Gabriel) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser nicht gefunden!) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe () C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-10] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\RunOnce: [Uninstall C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" Lsa: [Notification Packages] DPPassFilter scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Users\Gabriel\AppData\Local\Temp\OfficeDC\_tools\IDMShellExt64.dll [2012-02-08] (Tonec Inc.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) AutoConfigURL: [S-1-5-21-3980449854-420695129-2575981882-1000] => hxxp://127.0.0.1:8445/okayfreedom.pac Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\..\Interfaces\{55287400-DE03-44A2-863C-9C0144864978}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{55287400-DE03-44A2-863C-9C0144864978}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{E44E6384-8F8B-421A-8D3A-8A5F1BD97E07}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{E95ECF9B-ABF1-4A94-8E2A-43470FA0EB02}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{EE9C8FEE-8405-4E4F-8B24-B213688943D2}: [DhcpNameServer] 192.168.42.129 ManualProxies: 0hxxp://127.0.0.1:8445/okayfreedom.pac Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-3980449854-420695129-2575981882-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-3980449854-420695129-2575981882-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-3980449854-420695129-2575981882-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Kein Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> Keine Datei BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-03-08] (Microsoft Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-03-08] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-03-08] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-03-08] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-03-08] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-03-08] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-08] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-08] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-08] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-08] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-08] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-08] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-03-08] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-03-08] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\gAJQHTbB.default FF Homepage: www.google.de FF Session Restore: -> ist aktiviert. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-03-08] (Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll [2014-07-24] (Skype) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-08] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-03-08] (Microsoft Corporation) FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll [2014-07-24] (Skype) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\.DEFAULT: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2012-07-20] (Digital Persona, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\gAJQHTbB.default\searchplugins\youtube-videosuche.xml [2015-09-02] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\gAJQHTbB.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-09-02] FF Extension: Avira Browser Safety - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\gAJQHTbB.default\Extensions\abs@avira.com [2016-02-25] FF Extension: Mein Grundeinkommen - CrowdBar - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\gAJQHTbB.default\Extensions\jid1-XGbYhwCViPEOUQ@jetpack.xpi [2015-11-26] FF Extension: OpenSC PKCS11 Installer - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\gAJQHTbB.default\Extensions\support@hrz.uni-giessen.de.xpi [2015-09-01] [ist nicht signiert] FF Extension: Adblock Plus - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\gAJQHTbB.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-25] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-11-11] [ist nicht signiert] FF HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Gabriel\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Gabriel\AppData\Roaming\IDM\idmmzcc5 [2014-11-27] [ist nicht signiert] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Session Restore: Default -> ist aktiviert. CHR Profile: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05] CHR Extension: (Google Docs) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23] CHR Extension: (YouTube) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Adblock Plus) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-09] CHR Extension: (Google-Suche) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Google Tabellen) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05] CHR Extension: (Avira Browserschutz) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-18] CHR Extension: (Google Docs Offline) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19] CHR Extension: (Skype) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-21] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Google Mail) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Users\Gabriel\AppData\Local\Temp\OfficeDC\_tools\IDMGCExt.crx <nicht gefunden> CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-10] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-10] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-10] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-28] (Microsoft Corporation) R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-20] (DigitalPersona, Inc.) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.) S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.) S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [Datei ist nicht signiert] R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [480472 2014-06-10] (VMware, Inc.) R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [480472 2014-06-10] (VMware, Inc.) R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [480472 2014-06-10] (VMware, Inc.) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe [14407384 2014-06-12] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-03-10] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [133168 2016-03-10] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69888 2016-03-10] (Avira Operations GmbH & Co. KG) S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-23] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus) R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.) R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-06-12] (VMware, Inc.) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) S3 xiringcciddrv3; C:\Windows\System32\DRIVERS\xccid3wdm.sys [36184 2012-06-29] (Ingenico) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-12 13:36 - 2016-03-12 13:36 - 00029187 _____ C:\Users\Gabriel\Desktop\FRST.txt 2016-03-12 13:35 - 2016-03-12 13:35 - 00000000 __SHD C:\Nsi.pending 2016-03-12 13:30 - 2016-03-12 13:30 - 00130347 _____ C:\Users\Gabriel\Downloads\SS_2016-_Übung_im_Strafrecht_Zeitplan.pdf 2016-03-12 12:22 - 2016-03-12 12:22 - 00000000 ___HD C:\OneDriveTemp 2016-03-12 12:17 - 2016-03-12 13:22 - 00001078 _____ C:\Windows\system32dbgraw.bmp 2016-03-10 12:41 - 2016-03-10 12:47 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\dvdcss 2016-03-10 00:27 - 2016-02-12 19:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-03-10 00:27 - 2016-02-12 19:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-03-10 00:27 - 2016-02-12 19:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-03-10 00:27 - 2016-02-12 19:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-03-10 00:27 - 2016-02-12 19:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-03-10 00:27 - 2016-02-12 19:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-03-10 00:27 - 2016-02-12 19:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-03-10 00:27 - 2016-02-12 19:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-03-10 00:27 - 2016-02-12 19:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-03-10 00:27 - 2016-02-12 19:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-03-10 00:27 - 2016-02-12 19:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-03-10 00:27 - 2016-02-12 19:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-03-10 00:27 - 2016-02-12 19:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-03-10 00:27 - 2016-02-12 19:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-03-10 00:27 - 2016-02-12 19:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-03-10 00:27 - 2016-02-12 19:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-03-10 00:27 - 2016-02-09 07:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-03-10 00:27 - 2016-02-09 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-03-10 00:27 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-03-10 00:27 - 2016-02-08 21:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-03-10 00:27 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-03-10 00:27 - 2016-02-08 21:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-03-10 00:27 - 2016-02-08 21:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-03-10 00:27 - 2016-02-08 21:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-03-10 00:27 - 2016-02-08 21:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-03-10 00:27 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-03-10 00:27 - 2016-02-08 21:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-03-10 00:27 - 2016-02-08 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-03-10 00:27 - 2016-02-08 21:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-03-10 00:27 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-03-10 00:27 - 2016-02-08 21:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-03-10 00:27 - 2016-02-08 21:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-03-10 00:27 - 2016-02-08 21:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-03-10 00:27 - 2016-02-08 21:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-03-10 00:27 - 2016-02-08 21:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-03-10 00:27 - 2016-02-08 21:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-03-10 00:27 - 2016-02-08 21:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-03-10 00:27 - 2016-02-08 21:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-03-10 00:27 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-03-10 00:27 - 2016-02-08 21:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-03-10 00:27 - 2016-02-08 21:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-03-10 00:27 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-03-10 00:27 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-03-10 00:27 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-03-10 00:27 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-03-10 00:27 - 2016-02-08 21:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-03-10 00:27 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-03-10 00:27 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-03-10 00:27 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-03-10 00:27 - 2016-02-08 19:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-03-10 00:27 - 2016-02-08 19:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-03-10 00:27 - 2016-02-08 19:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-03-10 00:27 - 2016-02-08 19:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-03-10 00:27 - 2016-02-08 19:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-03-10 00:27 - 2016-02-08 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-03-10 00:27 - 2016-02-08 19:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-03-10 00:27 - 2016-02-08 19:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-03-10 00:27 - 2016-02-08 19:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-03-10 00:27 - 2016-02-08 19:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-03-10 00:27 - 2016-02-08 19:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-03-10 00:27 - 2016-02-08 19:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-03-10 00:27 - 2016-02-08 19:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-03-10 00:27 - 2016-02-08 19:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-03-10 00:27 - 2016-02-08 19:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-03-10 00:27 - 2016-02-08 19:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-03-10 00:27 - 2016-02-08 19:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-03-10 00:27 - 2016-02-08 19:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-03-10 00:27 - 2016-02-08 18:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-03-10 00:27 - 2016-02-08 18:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-03-10 00:27 - 2016-02-08 18:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-03-10 00:27 - 2016-02-08 18:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-03-10 00:27 - 2016-02-08 18:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-03-10 00:27 - 2016-02-08 18:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-03-10 00:27 - 2016-02-08 18:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-03-10 00:27 - 2016-02-08 18:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-03-10 00:27 - 2016-02-08 18:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-03-10 00:27 - 2016-02-08 18:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-03-10 00:27 - 2016-02-08 18:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-03-10 00:27 - 2016-02-08 18:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-03-10 00:27 - 2016-02-08 18:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-03-10 00:27 - 2016-02-08 18:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-03-10 00:27 - 2016-02-08 17:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-03-10 00:27 - 2016-02-04 18:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-03-10 00:27 - 2016-02-03 19:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-03-10 00:27 - 2016-02-03 19:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-03-10 00:27 - 2016-02-03 19:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-03-10 00:27 - 2016-02-03 19:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-03-10 00:27 - 2016-02-03 19:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2016-03-10 00:27 - 2016-01-11 20:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2016-03-10 00:27 - 2015-11-19 15:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2016-03-10 00:27 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2016-03-10 00:25 - 2016-02-19 20:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-03-10 00:25 - 2016-02-19 19:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-03-10 00:25 - 2016-02-19 15:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-03-10 00:25 - 2016-02-11 19:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-03-10 00:25 - 2016-02-11 19:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-03-10 00:25 - 2016-02-11 19:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-03-10 00:25 - 2016-02-11 19:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-03-10 00:25 - 2016-02-11 19:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-03-10 00:25 - 2016-02-11 19:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-03-10 00:25 - 2016-02-11 19:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-03-10 00:25 - 2016-02-11 19:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-03-10 00:25 - 2016-02-11 19:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-03-10 00:25 - 2016-02-11 19:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-03-10 00:25 - 2016-02-11 19:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-03-10 00:25 - 2016-02-11 19:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-03-10 00:25 - 2016-02-11 19:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-03-10 00:25 - 2016-02-11 19:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-03-10 00:25 - 2016-02-11 19:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-03-10 00:25 - 2016-02-11 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-03-10 00:25 - 2016-02-11 19:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-03-10 00:25 - 2016-02-11 19:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-03-10 00:25 - 2016-02-11 19:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-03-10 00:25 - 2016-02-11 19:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-03-10 00:25 - 2016-02-11 19:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-03-10 00:25 - 2016-02-11 19:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-03-10 00:25 - 2016-02-11 19:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-03-10 00:25 - 2016-02-11 19:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-03-10 00:25 - 2016-02-11 19:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-03-10 00:25 - 2016-02-11 19:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-03-10 00:25 - 2016-02-11 19:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-03-10 00:25 - 2016-02-11 19:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-03-10 00:25 - 2016-02-11 19:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-03-10 00:25 - 2016-02-11 19:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-03-10 00:25 - 2016-02-11 19:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-03-10 00:25 - 2016-02-11 19:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-03-10 00:25 - 2016-02-11 19:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-03-10 00:25 - 2016-02-11 19:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-03-10 00:25 - 2016-02-11 19:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-03-10 00:25 - 2016-02-11 19:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-03-10 00:25 - 2016-02-11 19:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-03-10 00:25 - 2016-02-11 19:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-03-10 00:25 - 2016-02-11 19:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-03-10 00:25 - 2016-02-11 19:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-03-10 00:25 - 2016-02-11 19:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-03-10 00:25 - 2016-02-11 19:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-03-10 00:25 - 2016-02-11 19:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-03-10 00:25 - 2016-02-11 19:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-03-10 00:25 - 2016-02-11 19:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-03-10 00:25 - 2016-02-11 19:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 19:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 18:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-03-10 00:25 - 2016-02-11 18:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-03-10 00:25 - 2016-02-11 18:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-03-10 00:25 - 2016-02-11 18:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-03-10 00:25 - 2016-02-11 18:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-03-10 00:25 - 2016-02-11 18:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-03-10 00:25 - 2016-02-11 18:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-03-10 00:25 - 2016-02-11 18:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-03-10 00:25 - 2016-02-11 18:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-03-10 00:25 - 2016-02-11 18:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-03-10 00:25 - 2016-02-11 18:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-03-10 00:25 - 2016-02-11 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-03-10 00:25 - 2016-02-11 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-03-10 00:25 - 2016-02-11 18:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-03-10 00:25 - 2016-02-11 18:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-03-10 00:25 - 2016-02-11 15:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-03-10 00:25 - 2016-02-09 10:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-03-10 00:25 - 2016-02-09 10:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-03-10 00:25 - 2016-02-09 10:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2016-03-10 00:25 - 2016-02-09 10:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2016-03-10 00:25 - 2016-02-09 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-03-10 00:25 - 2016-02-09 10:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2016-03-10 00:25 - 2016-02-09 10:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-03-10 00:25 - 2016-02-09 10:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-03-10 00:25 - 2016-02-09 10:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2016-03-10 00:25 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2016-03-10 00:25 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2016-03-10 00:25 - 2016-02-05 19:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-03-10 00:25 - 2016-02-05 19:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-03-10 00:25 - 2016-02-05 19:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-03-10 00:25 - 2016-02-05 19:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-03-10 00:25 - 2016-02-05 19:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-03-10 00:25 - 2016-02-05 19:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-03-10 00:25 - 2016-02-05 19:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-03-10 00:25 - 2016-02-05 18:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-03-10 00:25 - 2016-02-05 18:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-03-10 00:25 - 2016-02-05 18:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-03-10 00:25 - 2016-02-05 15:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-03-10 00:25 - 2016-02-05 15:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-03-10 00:25 - 2016-02-05 15:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-03-10 00:25 - 2016-02-05 02:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-03-10 00:25 - 2016-02-04 19:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-03-09 23:54 - 2016-03-09 23:57 - 00000000 ____D C:\Program Files (x86)\AdwCleaner 2016-03-09 23:54 - 2016-03-09 23:54 - 01524224 _____ C:\Users\Gabriel\Downloads\AdwCleaner_5.101.exe 2016-03-09 23:54 - 2016-03-09 23:54 - 01524224 _____ C:\Users\Gabriel\Desktop\AdwCleaner_5.101.exe 2016-03-09 11:27 - 2016-03-09 11:27 - 00325784 _____ C:\Users\Gabriel\Downloads\Rechnung BERO.pdf 2016-03-08 13:04 - 2016-03-08 13:04 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2016-03-08 12:36 - 2016-03-08 12:36 - 00002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00002464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2016-03-08 12:36 - 2016-03-08 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools 2016-03-08 12:26 - 2016-03-08 13:05 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-08 12:18 - 2016-03-08 12:18 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-03-08 12:15 - 2016-03-08 12:15 - 04492488 _____ (Microsoft Corporation) C:\Users\Gabriel\Downloads\Setup.X64.de-de_O365ProPlusRetail_71a9fdd8-54cf-4eee-9768-1d64430e3282_TX_PR_b_32_.exe 2016-03-08 12:09 - 2016-03-08 12:09 - 03237576 _____ (Microsoft Corporation) C:\Users\Gabriel\Downloads\Setup.X86.de-DE_O365ProPlusRetail_71a9fdd8-54cf-4eee-9768-1d64430e3282_TX_PR_b_32_.exe 2016-03-08 12:00 - 2016-03-08 12:01 - 00318194 _____ C:\Users\Gabriel\Downloads\12540.pdf 2016-03-07 18:03 - 2016-03-07 18:18 - 00243786 _____ C:\TDSSKiller.3.1.0.9_07.03.2016_18.03.39_log.txt 2016-03-07 18:01 - 2016-03-12 13:36 - 00000000 ____D C:\FRST 2016-03-07 18:00 - 2016-03-07 18:00 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Gabriel\Desktop\tdsskiller.exe 2016-03-07 16:34 - 2016-03-07 16:34 - 02949383 _____ C:\Users\Gabriel\Downloads\Dateiordner_Allgemeiner_Dateiordner.zip 2016-03-07 14:14 - 2016-03-07 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-03-07 14:14 - 2016-03-07 14:14 - 00000000 ____D C:\Program Files\iTunes 2016-03-07 14:14 - 2016-03-07 14:14 - 00000000 ____D C:\Program Files\iPod 2016-03-07 14:14 - 2016-03-07 14:14 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-03-06 21:56 - 2016-03-06 21:56 - 01609216 _____ (Malwarebytes) C:\Users\Gabriel\Desktop\JRT.exe 2016-03-06 21:55 - 2016-03-06 21:55 - 02374144 _____ (Farbar) C:\Users\Gabriel\Desktop\FRST64.exe 2016-03-06 20:59 - 2016-03-10 00:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-06 20:58 - 2016-03-06 20:58 - 00001102 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-03-06 20:58 - 2016-03-06 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-03-06 20:58 - 2016-03-06 20:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-06 20:58 - 2016-03-06 20:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-03-06 20:58 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-06 20:58 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-06 20:58 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-03-06 20:53 - 2016-03-06 20:53 - 22908888 _____ (Malwarebytes ) C:\Users\Gabriel\Downloads\mbam-setup-2.2.0.1024.exe 2016-03-06 11:46 - 2016-03-06 11:46 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\UltraMixer4 2016-03-06 11:45 - 2016-03-06 11:46 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\UltraMixer5 2016-03-06 11:45 - 2016-03-06 11:45 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\AMD 2016-03-06 11:45 - 2016-03-06 11:45 - 00000000 ____D C:\Users\Gabriel\.oracle_jre_usage 2016-03-06 11:43 - 2016-03-06 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMixer5 2016-03-06 11:42 - 2016-03-06 11:43 - 00000000 ____D C:\Program Files\UltraMixer5 2016-03-06 11:24 - 2016-03-06 11:24 - 00000000 ____D C:\Users\Gabriel\AppData\Local\MediaMonkey 2016-03-04 17:24 - 2016-03-04 17:24 - 00000000 ____D C:\Users\Gabriel\AppData\Local\MaxRecorder 2016-03-04 17:24 - 2016-03-04 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Recorder 2016-03-04 17:24 - 2016-03-04 17:24 - 00000000 ____D C:\Program Files (x86)\Max Recorder 2016-03-04 16:04 - 2016-03-06 11:13 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Spotify 2016-03-04 16:04 - 2016-03-04 16:04 - 00001803 _____ C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-03-04 16:03 - 2016-03-06 11:13 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Spotify 2016-03-02 22:59 - 2016-03-02 22:59 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\library_dir 2016-03-02 22:59 - 2016-03-02 22:59 - 00000000 ____D C:\ProgramData\ATI 2016-03-02 22:58 - 2016-03-03 00:13 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Raptr 2016-03-02 22:58 - 2016-03-03 00:12 - 00000000 ____D C:\Program Files (x86)\Raptr 2016-03-02 22:58 - 2016-03-02 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2016-03-02 22:58 - 2016-03-02 22:58 - 00000000 ____D C:\Program Files (x86)\AMD 2016-03-02 22:56 - 2016-03-02 22:57 - 00000000 ____D C:\Program Files\AMD 2016-03-02 21:06 - 2016-03-02 21:06 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Kryptotel_fz_llc 2016-03-02 20:46 - 2016-03-12 12:17 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-03-02 16:33 - 2016-03-02 16:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Activision 2016-02-25 20:41 - 2016-02-25 20:49 - 00000000 ____D C:\Users\Gabriel\AppData\Local\BetterDS3 2016-02-25 20:23 - 2016-03-02 23:57 - 00000000 ____D C:\Windows\Minidump 2016-02-25 20:22 - 2016-02-25 20:22 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\MotioninJoy 2016-02-25 20:22 - 2016-02-25 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy 2016-02-25 20:22 - 2016-02-25 20:22 - 00000000 ____D C:\Program Files\MotioninJoy 2016-02-25 20:22 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll 2016-02-25 19:48 - 2016-02-25 22:13 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Unity 2016-02-25 19:48 - 2016-02-25 19:48 - 00000000 ____D C:\Users\Gabriel\AppData\LocalLow\Unity 2016-02-17 22:42 - 2015-11-12 11:51 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys 2016-02-17 22:41 - 2016-03-12 12:18 - 00000000 ____D C:\Users\Gabriel\AppData\Local\LogMeIn Hamachi 2016-02-17 22:41 - 2016-02-17 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2016-02-17 22:41 - 2016-02-17 22:41 - 00000000 ____D C:\Users\Gabriel\AppData\Local\LogMeIn 2016-02-17 22:41 - 2016-02-17 22:41 - 00000000 ____D C:\ProgramData\LogMeIn 2016-02-17 22:41 - 2016-02-17 22:41 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2016-02-17 20:28 - 2016-02-21 21:01 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Hero_Siege 2016-02-17 18:59 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2016-02-17 18:59 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-02-17 18:59 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2016-02-17 18:59 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-02-17 18:59 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-02-17 18:59 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2016-02-17 18:59 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2016-02-17 18:59 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2016-02-17 18:59 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2016-02-17 18:59 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2016-02-17 18:59 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2016-02-17 18:59 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2016-02-17 18:59 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2016-02-17 18:59 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2016-02-17 18:59 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2016-02-16 19:23 - 2016-02-16 19:23 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\MW2 FoV Changer 2016-02-16 19:12 - 2016-02-17 16:18 - 00000000 ____D C:\Program Files (x86)\MW2CU 2016-02-11 12:14 - 2016-02-11 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-02-11 12:13 - 2016-02-11 12:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-02-11 12:13 - 2016-02-11 12:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-02-11 12:08 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2016-02-11 12:08 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2016-02-11 12:07 - 2015-12-16 19:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2016-02-11 12:07 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2016-02-11 12:07 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2016-02-11 12:07 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2016-02-11 12:07 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2016-02-11 12:07 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2016-02-11 12:07 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2016-02-11 12:07 - 2015-12-16 19:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-12 13:35 - 2015-04-11 10:47 - 00000000 ____D C:\Users\Gabriel\AppData\Local\CrashDumps 2016-03-12 13:35 - 2014-12-25 21:56 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Steganos 2016-03-12 13:35 - 2014-12-25 21:55 - 00000000 ____D C:\Program Files (x86)\OkayFreedom 2016-03-12 13:22 - 2014-10-14 20:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-12 13:21 - 2011-04-12 08:43 - 00702064 _____ C:\Windows\system32\perfh007.dat 2016-03-12 13:21 - 2011-04-12 08:43 - 00150698 _____ C:\Windows\system32\perfc007.dat 2016-03-12 13:21 - 2009-07-14 06:13 - 01627626 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-12 13:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-03-12 13:14 - 2015-11-19 12:14 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-03-12 13:14 - 2015-11-19 12:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-12 13:13 - 2014-10-21 21:20 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-12 13:13 - 2014-10-21 21:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-12 12:57 - 2009-07-14 05:45 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-12 12:57 - 2009-07-14 05:45 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-12 12:22 - 2014-11-02 13:10 - 00000000 ___RD C:\Users\Gabriel\OneDrive 2016-03-12 12:18 - 2015-10-19 19:09 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS 2016-03-12 12:17 - 2014-10-14 23:24 - 00000000 ____D C:\ProgramData\VMware 2016-03-12 12:17 - 2014-10-14 20:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-12 12:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-10 23:39 - 2016-01-05 12:33 - 00000000 ____D C:\Program Files (x86)\Steam 2016-03-10 23:39 - 2014-10-15 11:39 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Skype 2016-03-10 23:38 - 2014-11-02 13:10 - 00002184 _____ C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-03-10 22:24 - 2014-10-14 20:13 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-10 21:30 - 2014-10-14 22:25 - 00154816 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2016-03-10 21:30 - 2014-10-14 22:25 - 00133168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2016-03-10 21:30 - 2014-10-14 22:25 - 00069888 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2016-03-10 21:30 - 2014-10-14 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-03-10 13:26 - 2016-01-12 22:26 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-10 12:57 - 2014-11-19 23:33 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\vlc 2016-03-10 10:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2016-03-10 09:42 - 2009-07-14 05:45 - 00514768 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-10 09:34 - 2014-10-18 11:11 - 00000000 ____D C:\Windows\system32\MRT 2016-03-10 09:29 - 2014-12-12 09:48 - 00000000 ____D C:\Windows\system32\appraiser 2016-03-10 09:29 - 2014-10-18 11:11 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-03-09 23:51 - 2014-10-14 22:43 - 00000000 ____D C:\Users\Gabriel\Tools 2016-03-09 13:11 - 2014-10-18 18:44 - 00000000 ___RD C:\Users\Gabriel\Documents\Scanned Documents 2016-03-09 11:04 - 2014-10-15 11:05 - 00000000 ____D C:\Program Files\Microsoft Office 2016-03-08 13:05 - 2014-10-14 19:37 - 00151088 _____ C:\Users\Gabriel\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-08 13:04 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-03-08 12:14 - 2011-04-12 08:55 - 00000000 ____D C:\Windows\ShellNew 2016-03-08 12:12 - 2009-07-14 03:34 - 00000387 _____ C:\Windows\win.ini 2016-03-07 14:14 - 2014-11-30 16:48 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-03-06 20:13 - 2014-10-11 18:46 - 00000000 ____D C:\AdwCleaner 2016-03-06 16:40 - 2016-02-06 19:46 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\MediaMonkey 2016-03-06 11:45 - 2014-10-14 18:45 - 00000000 ____D C:\Users\Gabriel 2016-03-06 11:19 - 2014-12-29 20:36 - 00000000 ____D C:\Program Files (x86)\Warcraft III 2016-03-02 23:59 - 2015-01-06 22:09 - 00000000 ____D C:\Users\Gabriel\Documents\My Games 2016-03-02 22:57 - 2014-10-14 21:51 - 00000000 ____D C:\Program Files\ATI Technologies 2016-03-02 22:55 - 2014-10-09 17:49 - 00000000 ____D C:\AMD 2016-03-02 22:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2016-03-01 21:57 - 2015-04-28 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom 2016-03-01 21:57 - 2015-04-28 21:57 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2 2016-03-01 21:55 - 2015-04-28 21:56 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Downloaded Installations 2016-02-28 01:35 - 2015-04-07 15:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-02-28 01:35 - 2015-04-07 15:17 - 00000000 ___SD C:\Windows\system32\GWX 2016-02-20 12:24 - 2014-10-14 20:03 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-18 11:16 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-02-17 20:37 - 2014-10-15 11:39 - 00000000 ____D C:\ProgramData\Skype 2016-02-16 14:25 - 2015-12-28 19:21 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Amazon Music 2016-02-11 15:08 - 2014-12-25 21:56 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Steganos VPN 2016-02-11 13:00 - 2014-10-14 21:54 - 01601906 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-02-11 11:37 - 2014-10-16 15:11 - 00000000 ___SD C:\Windows\system32\CompatTel ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-07-22 14:51 - 2015-07-22 14:51 - 0159200 ____T () C:\Users\Gabriel\AppData\Roaming\CrashRpt1402.dll 2015-09-09 00:33 - 2015-09-09 11:51 - 0007597 _____ () C:\Users\Gabriel\AppData\Local\Resmon.ResmonCfg 2015-06-08 21:29 - 2015-06-08 21:30 - 0000000 _____ () C:\Users\Gabriel\AppData\Local\{B7EE9282-17A0-494E-AB5C-97B2FE8262F4} Einige Dateien in TEMP: ==================== C:\Users\Gabriel\AppData\Local\Temp\avgnt.exe C:\Users\Gabriel\AppData\Local\Temp\jpathwatch-nativelib-v-0-94-jpathwatch-native.dll C:\Users\Gabriel\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-03-09 12:19 ==================== Ende von FRST.txt ============================ |
12.03.2016, 13:51 | #20 | ||||||||||
/// TB-Ausbilder | Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Cleanup: Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank: Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür. Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional: Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren. NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie . Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen:
Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
12.03.2016, 13:59 | #21 |
| Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX"Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 durchgeführt von Gabriel (2016-03-12 13:36:39) Gestartet von C:\Users\Gabriel\Desktop Windows 7 Professional Service Pack 1 (X64) (2014-10-14 17:45:10) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-3980449854-420695129-2575981882-500 - Administrator - Disabled) Gabriel (S-1-5-21-3980449854-420695129-2575981882-1000 - Administrator - Enabled) => C:\Users\Gabriel Gast (S-1-5-21-3980449854-420695129-2575981882-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3980449854-420695129-2575981882-1002 - Limited - Enabled) ___VMware_Conv_SA___ (S-1-5-21-3980449854-420695129-2575981882-1005 - Limited - Enabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Skybox Labs) Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios) Amazon Music (HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\Amazon Amazon Music) (Version: 4.1.0.1229 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-Bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version: - Treyarch) Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version: - Treyarch) Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version: - Infinity Ward) Call of Duty: Modern Warfare 2 (HKLM-x32\...\Steam App 10180) (Version: - Infinity Ward) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) ElcomPDF (HKLM\...\ElcomPDF) (Version: - ) Foiled (HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\Foiled) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Hager (HKLM-x32\...\ZPlan21) (Version: - ) Hager prerequisites (HKLM-x32\...\{98C64AD3-6A1D-4737-9ED8-06A73741550C}) (Version: 1.00.0000 - hager) Hager prerequisites (HKLM-x32\...\{EB733D93-1923-4F2E-97D1-125AAA8DD59D}) (Version: 1.00.0000 - hager) Hero Siege (HKLM-x32\...\Steam App 269210) (Version: - Elias Viglione) HP Connection Manager (HKLM-x32\...\{C0ED9561-8312-457C-BB1B-BDC7EE034CED}) (Version: 4.7.4.1 - Hewlett-Packard Company) HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company) HP Power Assistant (HKLM\...\{682FBA83-2CCA-4CFA-A08A-6767DAB2FC9C}) (Version: 2.5.0.16 - Hewlett-Packard Company) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.2.1213 - Hewlett-Packard Company) iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation) iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Max Recorder (HKLM-x32\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.6568.2036 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 43.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 de)) (Version: 43.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden OpenSC (HKLM-x32\...\{0707CEBF-DD03-4042-B2AF-F48F0DFF6A53}) (Version: 0.13.0.0 - OpenSC Project) paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC) PDF24 Creator 7.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) RAPID Mode (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9 - Samsung Electronics) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.2.2 - SAMSUNG Electronics Co., Ltd.) SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3980449854-420695129-2575981882-1000\...\Spotify) (Version: 1.0.24.104.g92a22684 - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated) TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) UltraMixer 5.1.1 (HKLM\...\{272e17ad-75e3-4a72-bee8-45e5e927920f}_is1) (Version: 5.1.1 - UltraMixer Digital Audio Solutions) Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.) VirtualDJ 8 (HKLM-x32\...\{6B8D3A67-346D-410E-81D2-3BFE228D263D}) (Version: 8.1.2587.0 - Atomix Productions) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.1.1890470 - VMware, Inc.) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc) VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation) Windows-Treiberpaket - XIRING (xiringcciddrv3) SmartCardReader (06/29/2012 3.0.0.3) (HKLM\...\CC5816C152375AF188FA880B1B39AA2B1245E122) (Version: 06/29/2012 3.0.0.3 - XIRING) WinRAR 5.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-3980449854-420695129-2575981882-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-3980449854-420695129-2575981882-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Gabriel\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0E1C33D2-FA5A-438C-9255-3333ED5C2027} - System32\Tasks\{30D93048-8DD3-4E08-A791-F21748378FD1} => pcalua.exe -a C:\Users\Gabriel\Downloads\sp60775.exe -d C:\Users\Gabriel\Downloads Task: {20EE9B8D-4B86-45AE-9B44-0CF32C15E287} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3980449854-420695129-2575981882-1000 Task: {2B818B35-1AF3-4198-AF12-85ECEEA7942D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) Task: {525ADF54-93B7-455C-8F4B-B3AAF73E6B20} - System32\Tasks\{D022BC08-F7C4-4A40-AB58-F701B2077139} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{FE041B02-234C-4AAA-9511-80DF6482A458}\Setup.exe" -c -runfromtemp -l0x0007 anything -removeonly Task: {5455FBDA-C13B-441A-8640-1BDE4BEC042A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-08] (Microsoft Corporation) Task: {55E35628-895A-497E-8367-C7DF9139DCBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {5B9CAB8D-62D6-4E1F-AD1C-7BC2C91B237E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-15] () Task: {683BBF82-5582-4209-86DE-1C78FD8D87E2} - System32\Tasks\{ADBCDE11-73EF-4E97-8823-6282628B908F} => pcalua.exe -a C:\Users\Gabriel\Downloads\JLUPruefeChipkarte.exe -d C:\Users\Gabriel\Downloads Task: {75090E95-D6EB-4187-BD1B-0A0119E8BCFE} - System32\Tasks\{A127F928-3218-4584-8AED-62BD0FD4B3FA} => C:\The Games Page\Gunner 3\gunner3.exe [2000-11-04] (Clickteam) Task: {8BD9843E-C2D6-438F-83C1-7DA2EF7C17B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-03-08] (Microsoft Corporation) Task: {9FB00720-67C6-4746-8450-CCEF4E505E90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.) Task: {A8F356BF-120A-46FB-8EC3-A48712BACDEA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {AD3A2732-7A99-431E-8D3C-4876FFC28F85} - System32\Tasks\{83300497-BB56-431B-8B2E-5AA86C038B68} => C:\Users\Gabriel\Downloads\OfficeDC.1.33.exe Task: {AE4E012A-BDA5-4C9B-96FC-B743A479E174} - System32\Tasks\{EB8BD2C2-A141-43ED-ACAA-5B72BF8BCC86} => C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe Task: {C0744401-F414-4668-B068-EE666BD23471} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-12] (Adobe Systems Incorporated) Task: {C2E1AC57-8D74-4A37-A7F8-EF99B455D7C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {C33CDC8F-AB43-46EF-945E-7DF89004BBF3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-08] (Microsoft Corporation) Task: {C376D878-4F2F-4C0B-9197-E0B476335ACA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {CBC28C97-36BB-482A-990E-AC0057AEBA45} - System32\Tasks\{3E33D226-F5A1-40BF-94E3-835631EB3EDB} => C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe Task: {CF425B62-2E2D-48E3-9FDC-0DC130270817} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {D4419160-71B7-417C-B9FC-8840DA06E777} - System32\Tasks\{47DA8770-DB3F-49CE-B1A1-7A999E23C9D8} => C:\The Games Page\Gunner 3\gunner3.exe [2000-11-04] (Clickteam) Task: {D814A807-A0FB-4099-97F1-85C7AD42A6C9} - System32\Tasks\{36A09DAE-4309-4F49-B1FA-476689651A43} => pcalua.exe -a C:\Users\Gabriel\Downloads\sp66402.exe -d C:\Users\Gabriel\Downloads Task: {DB59D9B8-F946-4197-9A33-601C859458F7} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2015-11-06] (Samsung Electronics.) Task: {F540DB13-6D4E-4500-AFF5-CF42588797DB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) Task: {FCB33D48-5900-4EED-A617-A1222491AE75} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {FF8F448D-2462-423B-846B-DDDE64D4C967} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2012-01-17 16:57 - 2012-01-17 16:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2011-10-12 00:55 - 2011-10-12 00:55 - 00213328 _____ () C:\Windows\system32\PassThroughOTP.dll 2015-03-08 18:40 - 2008-07-19 15:26 - 00087040 _____ () C:\Windows\System32\custmon64.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-03-08 12:18 - 2016-02-28 02:20 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2014-06-12 16:44 - 2014-06-12 16:44 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe 2015-12-08 20:25 - 2015-12-08 20:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2012-02-10 13:26 - 2012-02-10 13:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll 2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-10-14 20:25 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-10-14 20:25 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-10-14 20:25 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-06-10 19:56 - 2014-06-10 19:56 - 00086744 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll 2014-06-10 19:55 - 2014-06-10 19:55 - 01297624 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll 2014-06-10 19:54 - 2014-06-10 19:54 - 00542936 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll 2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: ========================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2014-10-14 23:18 - 00450709 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com Da befinden sich 15461 zusätzliche Einträge. ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-3980449854-420695129-2575981882-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupreg: Amazon Music => "C:\Users\Gabriel\AppData\Local\Amazon Music\Amazon Music Helper.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe MSCONFIG\startupreg: SamsungRapidApp => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" MSCONFIG\startupreg: Spotify => "C:\Users\Gabriel\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Gabriel\AppData\Roaming\Spotify\SpotifyWebHelper.exe" MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Player\vmware-tray.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{BD889D3D-A690-49B3-AA2E-D8ADCBA53300}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{ECE1A4AF-907D-4B2B-A44C-42494757D425}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4C0D6FAD-A54E-4847-8D7C-C75AAAA9AB33}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CF20E5F0-6707-4CDF-9220-D05C1FBA4DEB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{30C11337-998C-4BF2-85F3-710ADF0413AF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{A588E33A-723A-4506-A183-1236643A1AB3}H:\call of duty modern warfare 2 lanserver\iw4mp.exe] => (Allow) H:\call of duty modern warfare 2 lanserver\iw4mp.exe FirewallRules: [UDP Query User{479F72ED-ADA8-4124-BA78-5F02C1754392}H:\call of duty modern warfare 2 lanserver\iw4mp.exe] => (Allow) H:\call of duty modern warfare 2 lanserver\iw4mp.exe FirewallRules: [{146785B4-2FD5-4D6D-81C3-536E4157CDAC}] => (Block) H:\call of duty modern warfare 2 lanserver\iw4mp.exe FirewallRules: [{93A0B2BF-0217-4781-A12C-D67F117C83D4}] => (Block) H:\call of duty modern warfare 2 lanserver\iw4mp.exe FirewallRules: [TCP Query User{863D9770-572F-4C1E-BE98-94C022CDEAD9}H:\call of duty modern warfare 2 lanserver\iwnetserver\iwnetserver.exe] => (Allow) H:\call of duty modern warfare 2 lanserver\iwnetserver\iwnetserver.exe FirewallRules: [UDP Query User{74108909-43E8-4A91-92E2-C8015C97902E}H:\call of duty modern warfare 2 lanserver\iwnetserver\iwnetserver.exe] => (Allow) H:\call of duty modern warfare 2 lanserver\iwnetserver\iwnetserver.exe FirewallRules: [{B8AC803E-53C3-44C5-8B88-77796C2254DD}] => (Block) H:\call of duty modern warfare 2 lanserver\iwnetserver\iwnetserver.exe FirewallRules: [{71630EED-E6EE-4FD9-A294-A729DBF2040A}] => (Block) H:\call of duty modern warfare 2 lanserver\iwnetserver\iwnetserver.exe FirewallRules: [TCP Query User{35618C5C-F8A3-4A15-A1F9-0EA3536F1624}H:\call of duty modern warfare 2 lanserver\iw4mp.dat] => (Allow) H:\call of duty modern warfare 2 lanserver\iw4mp.dat FirewallRules: [UDP Query User{FED1F4EB-5A18-41E9-9598-0517488D3388}H:\call of duty modern warfare 2 lanserver\iw4mp.dat] => (Allow) H:\call of duty modern warfare 2 lanserver\iw4mp.dat FirewallRules: [{F626EE4D-4BBC-466F-B55F-936D086F1FCF}] => (Block) H:\call of duty modern warfare 2 lanserver\iw4mp.dat FirewallRules: [{BA97A5D3-8DC9-479E-A4EC-81DCB5D74B71}] => (Block) H:\call of duty modern warfare 2 lanserver\iw4mp.dat FirewallRules: [{00778EFF-14CA-4D0E-A141-A6EFEF2BA262}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{7E2189A5-498F-4047-915E-BEACCEF6A65D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{17E5BB5B-9E4A-425D-9117-6BB76BB6BAD5}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe FirewallRules: [{8E94A732-40D8-4C1A-BAE9-839A03F834E4}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe FirewallRules: [{1A57E7C0-22CE-4B04-AF33-E21EDA78C5A6}] => (Allow) LPort=9089 FirewallRules: [{0B865921-0DE7-4F62-8DE0-7500885E341A}] => (Allow) LPort=56789 FirewallRules: [{124A0744-198D-41F7-B3CF-AF9CE4BBB5FB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2C27638A-0B97-4C8B-91D5-FCDE2ED59314}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{241298C7-5B03-481E-81F3-A712E57D7407}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{07D87E29-691E-4C5C-9756-9FF92DEBA380}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4C3C541F-2496-44B1-9950-AC60FC64648D}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\SkypeWebPlugin.exe FirewallRules: [{143F0BBE-F991-40A1-B55F-422C4FBA73DC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FA773BE8-D4FA-4FDA-BB7D-9AEB1E211118}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AE263E50-6FA8-479D-872E-D2F60673A7E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{552C7D46-C458-4406-9678-9C9158F35F45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{C5C69819-8614-4EDE-86AB-45016436752E}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [UDP Query User{D4769BE2-ED0C-4485-9B3E-97CC8E1C33AF}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe FirewallRules: [{9CF6E971-6D88-44DD-936D-90D456BDA7C7}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe FirewallRules: [{9B6C0EE3-3793-4B72-9246-294113C601DD}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe FirewallRules: [{00DB28AD-62F9-46AD-81FD-9AB8DBA00E8D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{14B14F2F-E995-4B7B-8F43-496D75BBAABA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DF1DBBC4-6C4F-46EB-AA3F-67EDF8246DFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{277E9E08-BC4D-46B3-AB30-F484BD2717B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CD80537A-F693-48DF-B7C9-F4CBA03C60BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DD641276-B854-4F67-9C30-E6E8D9DA6045}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C365DE2C-7E09-4C40-8B80-1A1AF5993AAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{191F760E-3CA6-4001-9A26-85893F834538}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{049D3184-88F2-497B-A458-877FE4683D55}] => (Allow) LPort=1688 FirewallRules: [TCP Query User{6BA1621D-C2B5-41EA-A063-83AC91199F7E}C:\elcom\zplan21\apps\rteng9.exe] => (Allow) C:\elcom\zplan21\apps\rteng9.exe FirewallRules: [UDP Query User{08D20B19-7A32-4C10-9EFC-34913850CF10}C:\elcom\zplan21\apps\rteng9.exe] => (Allow) C:\elcom\zplan21\apps\rteng9.exe FirewallRules: [{8874AED5-87AD-410A-A6AA-44CF7014F41D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{638B5C96-B087-40DB-B542-EC4A0737610A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{40222547-33EE-41C0-9D3F-3758D995E7B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{2E2F1418-7077-4442-B361-EAC7C5691D4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe FirewallRules: [{2087A9F4-2BF7-4DE7-83BB-3E28BC70FC59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe FirewallRules: [{930565A8-D500-4D26-ADC0-96D7C702BABC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe FirewallRules: [{6E40B288-3D78-4D87-8059-844FF6817FED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe FirewallRules: [{4AE6992B-7C19-42F9-A6A1-3B92C801B2E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe FirewallRules: [{FC87BD8E-CADB-4F6C-BF24-E1631BFC7B07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe FirewallRules: [{DBE7445C-3C8A-4DBB-9790-187A699D6F08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe FirewallRules: [{E2142C34-AE82-472A-80E6-4574D18A98EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe FirewallRules: [{9727ACC0-A829-4E18-8F05-E4B1FE581658}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe FirewallRules: [{6C27D0BF-DDB8-4810-9178-58819DCDCD14}] => (Allow) H:\GabrielDaten2015\Saved Games\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe FirewallRules: [{49D5A6D9-A3C6-483B-9826-5443DB6A903F}] => (Allow) H:\GabrielDaten2015\Saved Games\Steam\steamapps\common\Hell Yeah\HELLYEAH.exe FirewallRules: [{4B3EEF91-2386-4316-ACE4-2EC7CF5AFAC8}] => (Allow) H:\GabrielDaten2015\Saved Games\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe FirewallRules: [{5B6D0EA0-537A-446D-89B4-DC8A9142F04F}] => (Allow) H:\GabrielDaten2015\Saved Games\Steam\steamapps\common\Sega Classics\SEGAGenesisClassics.exe FirewallRules: [{9A718AE9-3C12-42C0-AC28-59F02B98F10C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5204B4D7-1F41-4836-8495-6F2D79C9418C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe FirewallRules: [{E7FEE871-2757-463F-AE3B-61A1E49AA77B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe FirewallRules: [{DF72E38F-1846-426A-A670-6420676FF3D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{156169AA-0A8B-4518-B4B2-4BC4C112CBCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe FirewallRules: [{7F976C0A-A97A-4A81-9F71-7B16EB4B03BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOps.exe FirewallRules: [{9E374EB6-9408-446B-804B-6751CA136B9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOps.exe FirewallRules: [{A39878E4-1020-4B64-A4A4-717EFAE1AD40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe FirewallRules: [{414CBCDC-BEA1-421E-9B24-D54F9D3130E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe FirewallRules: [{C036A278-BA22-423B-882B-BB2237AE4354}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{57174513-1B1C-4FF7-9449-754E3046842B}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{A1F48AA9-A2F5-4E39-A2FD-C27197274403}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{E003C2D1-C34E-4E00-8994-02A5ED0B7777}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{3D0B99CC-501F-4E0D-8E63-30566A67E863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{0D3A9B0F-826C-4487-998A-36886B4F3BBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{DC211AE0-E468-47C8-9935-5A3CE61DD515}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe FirewallRules: [{64A345C3-B2D2-4EF1-B70C-9F4D9F95C87B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe FirewallRules: [TCP Query User{9853A361-1588-447E-A515-8F11FCA9FE09}C:\users\gabriel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gabriel\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{53EA0294-74CB-487E-B186-283D8CA0C191}C:\users\gabriel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\gabriel\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{6169CF1D-35A4-427A-B572-494EEF1C14D5}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{EBE417A8-5F4C-4F8D-B0C1-B6EDEB3D59C8}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [{AFD4042E-D673-4EB1-B304-C05BB4A59960}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{074B930C-8949-430F-BE09-A03306FC8060}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{6A47780D-97EE-4C3D-A55A-AA4579C9984A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{5096D0FC-F133-482B-A8FD-22FC368001E8}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{4B49AB1E-ACFE-461D-9AFE-C779013535D7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{1861C06B-5931-403C-B205-241B5A776CA2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{0EBBCFFD-66FA-42A0-B827-711BB537C2A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe FirewallRules: [{1BBFB107-A47D-477A-9F5B-B7060CFDF482}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HeroSiege\bin\Hero_Siege.exe ==================== Wiederherstellungspunkte ========================= 08-03-2016 12:12:02 OMUI.DE-DE 08-03-2016 12:12:56 Removed Microsoft Office Professional Plus 2013 08-03-2016 12:13:01 PROPLUSR 08-03-2016 12:51:49 Entfernt Call of Duty(R) 4 - Modern Warfare(TM) 10-03-2016 00:18:13 JRT Pre-Junkware Removal 10-03-2016 09:29:20 Windows Update 10-03-2016 22:22:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 10-03-2016 22:23:01 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 10-03-2016 22:23:14 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 10-03-2016 22:23:20 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 10-03-2016 22:23:29 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 10-03-2016 22:23:41 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 10-03-2016 22:23:51 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 10-03-2016 22:24:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (03/12/2016 01:35:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: OkayFreedomClient.exe, Version: 1.6.3.11539, Zeitstempel: 0x56446bbc Name des fehlerhaften Moduls: OkayFreedomClient.exe, Version: 1.6.3.11539, Zeitstempel: 0x56446bbc Ausnahmecode: 0xc0000005 Fehleroffset: 0x00350d1a ID des fehlerhaften Prozesses: 0x20d8 Startzeit der fehlerhaften Anwendung: 0xOkayFreedomClient.exe0 Pfad der fehlerhaften Anwendung: OkayFreedomClient.exe1 Pfad des fehlerhaften Moduls: OkayFreedomClient.exe2 Berichtskennung: OkayFreedomClient.exe3 Error: (03/12/2016 12:27:11 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418220 Error: (03/12/2016 12:17:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/10/2016 10:22:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel: 0x56130448 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xd80 Startzeit der fehlerhaften Anwendung: 0xhl2.exe0 Pfad der fehlerhaften Anwendung: hl2.exe1 Pfad des fehlerhaften Moduls: hl2.exe2 Berichtskennung: hl2.exe3 Error: (03/10/2016 09:19:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (03/10/2016 01:26:32 PM) (Source: MsiInstaller) (EventID: 1024) (User: Gabriel-PC) Description: Produkt: Adobe Acrobat Reader DC - Deutsch - Update "{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (03/10/2016 12:57:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19160, Zeitstempel: 0x56bcd74c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000183ed ID des fehlerhaften Prozesses: 0x13d8 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (03/10/2016 12:49:38 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19160, Zeitstempel: 0x56bcd74c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000183ed ID des fehlerhaften Prozesses: 0x1780 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (03/10/2016 12:49:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.19160, Zeitstempel: 0x56bcd74c Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000183ed ID des fehlerhaften Prozesses: 0x15d4 Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Error: (03/10/2016 12:48:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: libdvdnav_plugin.dll, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000033632 ID des fehlerhaften Prozesses: 0x13cc Startzeit der fehlerhaften Anwendung: 0xvlc.exe0 Pfad der fehlerhaften Anwendung: vlc.exe1 Pfad des fehlerhaften Moduls: vlc.exe2 Berichtskennung: vlc.exe3 Systemfehler: ============= Error: (03/12/2016 12:18:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/12/2016 12:18:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (03/12/2016 12:17:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/12/2016 12:17:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (03/12/2016 12:17:05 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error: (03/10/2016 09:19:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/10/2016 09:19:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (03/10/2016 09:19:13 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error: (03/10/2016 09:42:32 AM) (Source: Ntfs) (EventID: 137) (User: ) Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. Error: (03/10/2016 09:25:36 AM) (Source: Ntfs) (EventID: 137) (User: ) Description: Auf dem Volume "D:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten. ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Prozentuale Nutzung des RAM: 39% Installierter physikalischer RAM: 8123.56 MB Verfügbarer physikalischer RAM: 4941.6 MB Summe virtueller Speicher: 8321.77 MB Verfügbarer virtueller Speicher: 4689.01 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:216.63 GB) (Free:78.9 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive d: (HP_RECOVERY) (Fixed) (Total:14.48 GB) (Free:0 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive e: (HP_TOOLS) (Fixed) (Total:1.55 GB) (Free:1.53 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E6D17E37) Partition 1: (Active) - (Size=228 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=216.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1.6 GB) - (Type=0C) ==================== Ende von Addition.txt ============================ |
12.03.2016, 14:18 | #22 |
/// TB-Ausbilder | Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Servus, meinen letzten Post schon gesehen? |
12.03.2016, 15:25 | #23 |
| Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Hi, Habe alles wie beschrieben befolgt. Es wurde ja letztendlich nichts gefunden... wie kann es dann sein, dass von meinem Skype aus Nachrichten verschickt wurden? LG |
13.03.2016, 12:20 | #24 |
/// TB-Ausbilder | Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Ich würde an deiner Stelle das Passwort von Skype ändern. Evtl. ist jemand an deine Passwort gekommen und wollte Schadsoftware oder Werbung verteilen. Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
13.03.2016, 15:10 | #25 |
| Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" Alles klar! Danke! LG, bright_night |
Themen zu Spam Nachricht an alle Skype Kontakte "http://bit.ly/21Dc6l3?dazjsugo=XXX" |
account, aktualisiert, angeklickt, avira, erhalte, erhalten, erstelle, erstellen, gefunde, gemeinde, kontakte, liebe, link, links, nachricht, skype, spam, spamnachricht, spybot, thread, tools, verschicke, verschicken, windows, zwischen, Ähnliche |