| |
| |||||||
Log-Analyse und Auswertung: kernel_data_inpage_error und RootkitverdachtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.04.2016, 13:50
| #1 |
 |  kernel_data_inpage_error und Rootkitverdacht Hallo Leute :-) ich hatte heut morgen nen Bluescreen mit der Meldung: kernel_data_inpage_error (fastfat.sys), darauf hat das System versucht neu zu starten es aber nicht geschafft. Nach manuellem Ausschalten des Laptops und Neustart lief alles wieder wie normal. Das selbe Problem hatte ich allerdings schon mal vor 2 Wochen mit der selben Meldung. Beim googlen hab ich dann gelesen dass u.a. auch ein Virus oder Rootkit dafür verantworlich sein könnte. Außer den beiden Bluescreens soweit keine Probleme. Hab übrigens nen Lenovo Laptop mit Windows 8.1. Virenscanner (Windows Defender, Spybot) haben nichts gefunden. Bei Rootkit-Scannern wurden zwar Einträge gezeigt, aber keine definitiven Rootkitfunde, also keine Alarme oder Löschvorschläge. Ich poste mal die Logs und FRST Scans, bei GMER kommt übrigens jedes Mal was anderes dabei raus. Dabei wird die csrss.exe angezeigt, die auch laut Taskmanager zwei mal läuft was ja komisch ist, beide Instanzen gehen auf die selbe Datei im System32 Ordner zurück. FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
durchgeführt von Home (Administrator) auf LENOVO-PC (22-04-2016 14:15:09)
Gestartet von C:\Users\Home\Desktop\Logs
Geladene Profile: Home (Verfügbare Profile: Home)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2780400 2013-09-13] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-02-19]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] xxxxxxxx
Tcpip\..\Interfaces\{62EBEEB6-5A18-4299-B478-F88B8FF96FA4}: [DhcpNameServer] xxxxxxxx
Tcpip\..\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}: [DhcpNameServer] xxxxxxxx
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-28] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-28] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986\searchplugins\imdb.xml [2014-08-25]
FF Extension: FireGestures - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986\extensions\firegestures@xuldev.org.xpi [2016-04-10]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986\Extensions\elemhidehelper@adblockplus.org.xpi [2016-02-17]
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\1z5kqp9j.default-1408892543986\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-08] (Broadcom Corporation.)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [976600 2013-09-25] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-08-08] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
S3 rzdaendpt; C:\Windows\System32\drivers\rzdaendpt.sys [42192 2015-09-03] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [44224 2015-09-03] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U3 aswMBR; \??\C:\Users\Home\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Home\AppData\Local\Temp\aswVmm.sys [X]
U3 fxlyrpog; \??\C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-22 13:23 - 2016-04-22 13:25 - 00225362 _____ C:\TDSSKiller.3.1.0.9_22.04.2016_13.23.35_log.txt
2016-04-22 10:12 - 2016-04-22 10:14 - 00225956 _____ C:\TDSSKiller.3.1.0.9_22.04.2016_10.12.51_log.txt
2016-04-22 09:55 - 2016-04-22 09:56 - 00024015 _____ C:\Users\Home\Desktop\Addition.txt
2016-04-22 09:54 - 2016-04-22 14:15 - 00000000 ____D C:\FRST
2016-04-22 09:54 - 2016-04-22 09:56 - 00030236 _____ C:\Users\Home\Desktop\FRST.txt
2016-04-22 08:45 - 2016-04-22 08:45 - 00000000 ____D C:\AdwCleaner
2016-04-20 21:13 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-20 21:13 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-20 21:13 - 2016-03-14 18:50 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-04-20 21:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-20 21:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-04-20 21:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-04-20 21:13 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-04-20 21:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-04-20 21:13 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-04-20 21:13 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-04-20 21:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-04-20 21:13 - 2016-03-08 16:44 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-20 21:13 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-04-20 21:13 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-04-20 21:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-04-20 21:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-04-20 21:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-04-20 21:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-04-20 21:13 - 2016-02-23 22:50 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-04-20 21:13 - 2016-02-23 22:48 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-04-16 15:51 - 2016-04-16 15:51 - 00000000 ____D C:\Users\Home\AppData\Roaming\Sun
2016-04-15 16:15 - 2016-04-15 16:15 - 00000000 ____D C:\Users\Home\AppData\Roaming\LolClient
2016-04-13 09:28 - 2016-03-31 02:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 09:27 - 2016-03-31 02:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-13 09:27 - 2016-03-31 02:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-13 09:27 - 2016-03-31 02:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-13 09:27 - 2016-03-31 02:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-13 09:27 - 2016-03-31 02:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 09:27 - 2016-03-31 01:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-13 09:27 - 2016-03-31 01:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-13 09:27 - 2016-03-31 01:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-13 09:27 - 2016-03-31 01:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-13 09:27 - 2016-03-31 01:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-13 09:27 - 2016-03-31 01:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-13 09:27 - 2016-03-31 01:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-13 09:27 - 2016-03-31 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-13 09:27 - 2016-03-31 01:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-13 09:27 - 2016-03-31 01:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-13 09:27 - 2016-03-31 01:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-13 09:27 - 2016-03-31 01:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-13 09:27 - 2016-03-31 01:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 09:27 - 2016-03-31 01:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-13 09:27 - 2016-03-31 01:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 09:27 - 2016-03-31 01:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-13 09:27 - 2016-03-31 01:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-13 09:27 - 2016-03-31 01:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-13 09:27 - 2016-03-31 01:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-13 09:27 - 2016-03-31 01:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-13 09:27 - 2016-03-31 01:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-13 09:27 - 2016-03-31 01:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-13 09:27 - 2016-03-31 01:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 09:27 - 2016-03-31 01:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 09:27 - 2016-03-31 01:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-13 09:27 - 2016-03-31 01:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 09:27 - 2016-03-31 01:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 09:27 - 2016-03-31 01:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-13 09:26 - 2016-03-16 01:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 09:26 - 2016-03-15 16:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 09:26 - 2016-03-11 16:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 09:26 - 2016-03-10 20:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-13 09:26 - 2016-03-10 20:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-13 09:26 - 2016-03-10 20:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-13 09:26 - 2016-03-10 19:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 09:26 - 2016-03-10 19:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-13 09:26 - 2016-03-10 19:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 09:26 - 2016-03-10 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-13 09:26 - 2016-03-10 19:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 09:26 - 2016-03-10 18:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 09:26 - 2016-03-10 18:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 09:26 - 2016-03-03 18:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 09:26 - 2016-03-03 18:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 09:26 - 2016-03-03 03:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-13 09:26 - 2016-03-03 03:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-13 09:25 - 2016-03-29 16:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-13 09:25 - 2016-03-10 21:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 09:25 - 2016-03-10 21:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 09:25 - 2016-03-10 21:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 09:25 - 2016-03-10 21:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 09:25 - 2016-03-10 21:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 09:25 - 2016-03-10 21:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 09:25 - 2016-03-10 18:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 09:25 - 2016-03-03 18:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-10 20:49 - 2016-04-10 20:49 - 00000000 ____D C:\Users\Home\AppData\Local\CEF
2016-04-10 18:42 - 2016-04-10 18:42 - 00000000 ____D C:\Users\Home\AppData\Roaming\java
2016-04-10 15:39 - 2016-04-10 15:39 - 00000000 ____D C:\Users\Home\.oracle_jre_usage
2016-04-10 13:44 - 2016-04-10 13:44 - 00000000 ____D C:\Users\Home\AppData\Roaming\.mono
2016-04-10 13:44 - 2016-04-10 13:44 - 00000000 ____D C:\ProgramData\.mono
2016-04-10 12:34 - 2016-04-04 08:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-10 12:34 - 2016-04-02 15:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-10 12:34 - 2016-04-02 15:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-10 12:34 - 2016-03-28 15:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-10 12:34 - 2016-03-28 15:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-10 12:34 - 2016-03-28 15:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-10 12:34 - 2016-03-28 15:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-10 12:34 - 2016-03-28 15:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-08 16:30 - 2016-04-08 16:30 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-03-29 23:48 - 2016-03-29 23:48 - 00049384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WirelessKeyboardFilter.sys
2016-03-29 09:58 - 2016-03-29 09:58 - 02160912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01009.dll
2016-03-28 13:09 - 2016-03-28 13:09 - 00000000 ____D C:\WINDOWS\Minidump
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-22 13:47 - 2014-04-29 19:20 - 00000000 ____D C:\Users\Home\AppData\Local\Battle.net
2016-04-22 13:47 - 2014-04-29 19:20 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-22 13:29 - 2014-07-07 22:54 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-22 13:28 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-04-22 13:19 - 2015-02-14 13:49 - 00000000 ____D C:\Users\Home\AppData\Local\JDownloader 2.0
2016-04-22 11:37 - 2014-02-19 15:20 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-22 11:37 - 2014-02-19 15:20 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-22 11:37 - 2013-10-07 20:27 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-22 11:37 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-22 11:06 - 2014-04-30 14:36 - 00000000 ____D C:\Users\Home\AppData\Roaming\vlc
2016-04-22 07:00 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-21 21:08 - 2014-04-29 19:23 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-21 11:25 - 2015-02-20 18:00 - 00000000 ____D C:\Program Files (x86)\World of Tanks
2016-04-20 21:15 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-16 21:27 - 2014-10-10 12:29 - 00000000 ____D C:\Users\Home\AppData\Local\PokerStars.NET
2016-04-14 01:45 - 2014-04-30 15:43 - 00453280 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-13 23:18 - 2014-04-29 18:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-13 12:48 - 2014-04-29 14:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 12:45 - 2014-04-29 14:23 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 09:23 - 2016-01-13 11:32 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-04-13 09:21 - 2016-03-02 12:28 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-13 09:21 - 2016-03-02 12:28 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-13 09:21 - 2016-03-02 12:28 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-12 10:20 - 2014-07-31 18:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-10 15:39 - 2014-04-29 19:08 - 00000000 ____D C:\Users\Home
2016-04-10 14:28 - 2014-04-29 19:14 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4228906309-3005005469-1149960139-1001
2016-04-10 12:35 - 2015-04-09 21:58 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-08 16:30 - 2014-07-07 22:54 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-06 23:02 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-05 23:53 - 2014-08-14 09:02 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-05 23:53 - 2014-08-14 09:02 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-01 16:11 - 2014-10-09 14:33 - 00000000 ____D C:\Users\Home\AppData\Roaming\Mp3tag
2016-03-31 10:54 - 2014-02-19 06:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-28 00:31 - 2014-08-19 16:28 - 00000000 ____D C:\ProgramData\Oracle
2016-03-28 00:30 - 2015-04-02 10:31 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-28 00:30 - 2014-10-18 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-28 00:30 - 2014-08-19 16:28 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-24 11:01 - 2015-07-15 23:27 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-03-24 11:01 - 2015-07-15 23:27 - 00000000 ___SD C:\WINDOWS\system32\GWX
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2014-11-10 10:49 - 2014-12-18 12:43 - 0007605 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2014-02-19 06:50 - 2014-02-19 06:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-17 14:51
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:18-04-2016
durchgeführt von Home (2016-04-22 14:16:36)
Gestartet von C:\Users\Home\Desktop\Logs
Windows 8.1 (X64) (2014-04-29 17:08:37)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4228906309-3005005469-1149960139-500 - Administrator - Disabled)
Gast (S-1-5-21-4228906309-3005005469-1149960139-501 - Limited - Disabled)
Home (S-1-5-21-4228906309-3005005469-1149960139-1001 - Administrator - Enabled) => C:\Users\Home
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{EE19B92D-1F52-D7C1-81BF-326A3405A422}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.21.50 - Conexant)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
EVE Online (nur entfernen) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.0 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
World of Tanks (HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {06B8A2F0-5531-4320-8378-3694919C3E6F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {2F37FA9A-BD63-4BFF-98C2-2BBD1E2B7439} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: {4A883EFB-3122-43FB-823C-8972D50E7EBB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {7F89117E-25FB-440C-AA59-7258D368F818} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {ADA11046-28AA-4429-A55C-52AC2E6E34F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {C56D0677-E75F-466B-8A08-0A1DE57794BD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {DB82CC20-A37F-497D-BFA8-F9F1A1DA4B57} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\Classes\.exe: => <===== ACHTUNG
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Viewer\Hintergrundbild der Windows-Fotoanzeige.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A3E38F22-7179-4B2D-A502-AB0C25ACA583}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8479067C-D246-4607-A3F7-5C2C4B48E284}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{0284AC1C-72DA-4AAD-9E4C-1736AC468DC2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C63C26F5-BAEE-473C-A4C3-7C4BBB9EBC2E}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{3B357093-D347-4FEC-B525-0F6079C4831C}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{E2F953AD-E0A7-49A2-9436-B1C9D0546960}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{1B675FF5-BCEC-40E5-BECF-89DB6F57A536}] => (Block) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{21FBAD9D-9CA8-46A7-8A73-B7200BF5295A}] => (Block) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{D5A7BA63-A1AC-43A1-8056-756852E28948}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{70D2CE96-82A6-440B-8543-A98BFA09FFC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8661F19B-E1C7-42B6-9262-2B4D7518AD36}C:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world of tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8090E37F-B7F6-4BD7-86ED-852F52D3FAD5}C:\program files (x86)\world of tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world of tanks\wotlauncher.exe
FirewallRules: [TCP Query User{54C061AF-5699-465F-98F2-EDBE6E274B75}C:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world of tanks\worldoftanks.exe
FirewallRules: [UDP Query User{335FB34E-EAB2-4E48-B4DF-905E8A59BEFD}C:\program files (x86)\world of tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world of tanks\worldoftanks.exe
FirewallRules: [TCP Query User{67955F7F-8D4F-4BEE-B51A-3C5538F0226F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3729B319-AAA1-475D-9D82-3AFBE49F9905}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9CD6BF27-E03A-4AA0-9C2D-0786B08634CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2B33F520-15F9-4140-AE96-C0C352ECCD91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50B6935A-3254-4C34-9F64-D9658C596610}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEEA681B-0F41-474E-A5AA-004A113D9609}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D183D61D-74D1-4EE2-8A7A-D1C8A226C5E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F4CEDC94-5DB3-4C71-87AA-C0DA404D6B52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6BC05C83-B608-4ED5-8229-9F2FA33F87CE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{1D44BE5A-DA4B-4D5A-A8D0-59C28A333E4F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C4A9BC75-5301-48FF-A5B5-D503CBDB5F3B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Wiederherstellungspunkte =========================
08-04-2016 18:31:15 Geplanter Prüfpunkt
13-04-2016 12:40:25 Windows Update
20-04-2016 21:13:23 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Wireless Device
Description: Wireless Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Systemfehler:
=============
Error: (04/22/2016 01:13:20 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (04/22/2016 01:12:50 PM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (04/22/2016 11:24:52 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (04/22/2016 11:24:22 AM) (Source: DCOM) (EventID: 10010) (User: Lenovo-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
CodeIntegrity:
===================================
Date: 2016-04-22 07:25:18.558
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-21 10:02:38.462
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-17 15:07:24.106
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-16 08:17:43.785
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-14 09:03:58.834
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-12 08:24:47.092
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-11 08:28:27.803
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-10 09:04:58.461
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-07 11:49:18.842
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-06 08:52:19.350
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 8104.27 MB
Verfügbarer physikalischer RAM: 5694.04 MB
Summe virtueller Speicher: 16296.27 MB
Verfügbarer virtueller Speicher: 13710.64 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:425.78 GB) (Free:223.21 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.73 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B6F5D6EB)
Partition: GPT.
==================== Ende von Addition.txt ============================
Code:
ATTFilter aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-04-22 12:36:09
-----------------------------
12:36:09.658 OS Version: Windows x64 6.2.9200
12:36:09.658 Number of processors: 8 586 0x3C03
12:36:09.674 ComputerName: LENOVO-PC UserName: Home
12:36:44.252 Initialize success
12:36:44.283 VM: initialized successfully
12:36:44.408 VM: Intel CPU BiosDisabled
12:36:44.518 write error "aswEngin.dll". Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
12:40:37.185 AVAST engine defs: 16033102
12:40:43.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000001e
12:40:43.431 Disk 0 Vendor: ST500LM000-SSHD-8GB LVD3 Size: 476940MB BusType: 11
12:40:43.946 Disk 0 MBR read successfully
12:40:43.961 Disk 0 MBR scan
12:40:43.961 Disk 0 unknown MBR code
12:40:43.977 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
12:40:44.711 Disk 0 scanning C:\WINDOWS\system32\drivers
12:41:36.775 Service scanning
12:42:10.750 Modules scanning
12:42:10.750 Disk 0 trace - called modules:
12:42:10.797 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
12:42:10.797 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000d09fa060]
12:42:10.797 3 CLASSPNP.SYS[fffff801df802f40] -> nt!IofCallDriver -> \Device\0000001e[0xffffe000d0892380]
12:42:28.028 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
12:42:28.028 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
TDSkiller hat keine Funde angezeigt. AdwCleaner.txt: Code:
ATTFilter # AdwCleaner v5.112 - Bericht erstellt am 22/04/2016 um 08:45:50
# Aktualisiert am 17/04/2016 von Xplode
# Datenbank : 2016-04-19.5 [Server]
# Betriebssystem : Windows 8.1 (X64)
# Benutzername : Home - LENOVO-PC
# Gestartet von : C:\Users\Home\Desktop\AdwCleaner_5.112.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
Wert gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PokerStars.net
Schlüssel gefunden : HKU\S-1-5-21-4228906309-3005005469-1149960139-1001\Software\OCS
***** [ Internetbrowser ] *****
*************************
C:\AdwCleaner\AdwCleaner[S1].txt - [991 Bytes] - [22/04/2016 08:45:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1063 Bytes] ##########
Und nun verschiedene GMER Scans, die komischerweise alle verschiedenes zeigen, aber keine definitiven Rootkitfunde. 1: Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net
Rootkit scan 2016-04-22 08:04:11
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST500LM000-SSHD-8GB rev.LVD3 465,76GB
Running: 6orxbtw2.exe; Driver: C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys
---- Threads - GMER 2.2 ----
Thread C:\WINDOWS\system32\csrss.exe [624:640] fffff960008812d0
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x6F 0x37 0x2B 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x03 0x88 0x4F 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 305
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMO15A70_1F_07DA_95^E31A9EA2CA573A9B957AE374289AD020@Timestamp 0xE3 0x91 0x28 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 724
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1884874392
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID d0a858af-0ba0-4819-8e69-b51b50c
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{1407f282-4947-40d0-ad0c-9142559516d9}
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387faebac
Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog 0x31 0x7C 0xC6 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog 0x41 0x96 0x78 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\dc3d\Parameters\Wdf@TimeOfLastSqmLog 0x41 0x41 0xD1 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{796b8351-5832-4161-9ecd-93ac6cb2f195}@LastProbeTime 1461228494
Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog 0x13 0xA9 0x8B 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\ialm\Device0@ProfilingToolValues 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastSqmLog 0x31 0x7C 0xC6 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwdbus\Parameters\Wdf@TimeOfLastSqmLog 0xF1 0x79 0xCC 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\MEIx64\Parameters\Wdf@TimeOfLastSqmLog 0xB2 0x1F 0x82 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog 0x5E 0x7E 0x28 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog 0x6A 0x66 0xCC 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0x5F 0x06 0x60 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Do?, ?Apr ?21 ?16, 10:54:51???????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 5771
Reg HKLM\SYSTEM\CurrentControlSet\Services\SmbDrvI\Parameters\Wdf@TimeOfLastSqmLog 0xDF 0x52 0xCC 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 314
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1957
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters\Wdf@TimeOfLastSqmLog 0x4E 0x7F 0xC2 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@LeaseObtainedTime 1461221280
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@T1 1462128480
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@T2 1462808880
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@LeaseTerminatesTime 1463035680
Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog 0x41 0x96 0x78 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog 0x58 0xCA 0x2B 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog 0x16 0x82 0x84 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vwifibus\Parameters\Wdf@TimeOfLastSqmLog 0xCA 0xCE 0xB1 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\WirelessKeyboardFilter\Parameters\Wdf@TimeOfLastSqmLog 0x48 0x3D 0xEA 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog 0x69 0x2C 0xA8 0x86 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop@TaskbarWinXP 0x0C 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xD8 0x26 0xC8 0x31 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CachePrefix :2016042120160422:
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CachePath %USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016042120160422
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CacheOptions 11
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CacheRepair 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016042120160422@CacheLimit 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0xC6 0x9B 0xDC 0x2F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x00 0x90 0x48 0xE6 ...
Reg HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug\UIHandles@FirstLevelConsentDialog 0xE0 0x02 0x1E 0x00 ...
---- Disk sectors - GMER 2.2 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.2 ----
2: Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net
Rootkit scan 2016-04-22 09:41:26
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST500LM000-SSHD-8GB rev.LVD3 465,76GB
Running: 6orxbtw2.exe; Driver: C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys
---- Threads - GMER 2.2 ----
Thread C:\WINDOWS\system32\csrss.exe [624:640] fffff960008812d0
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 88506605
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387faebac
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xD8 0x03 0x36 0x32 ...
---- Disk sectors - GMER 2.2 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.2 ----
3: Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net
Rootkit scan 2016-04-22 11:34:02
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST500LM000-SSHD-8GB rev.LVD3 465,76GB
Running: 6orxbtw2.exe; Driver: C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys
---- Kernel code sections - GMER 2.2 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600021b100 15 bytes [80, BB, F0, 01, 00, 98, 6B, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600021b110 11 bytes [00, 4B, FC, FF, 40, 90, BA, ...]
---- Threads - GMER 2.2 ----
Thread C:\WINDOWS\system32\csrss.exe [624:640] fffff960008812d0
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 88506605
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387faebac
---- Disk sectors - GMER 2.2 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.2 ----
Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net
Rootkit scan 2016-04-22 12:34:39
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001e ST500LM000-SSHD-8GB rev.LVD3 465,76GB
Running: 6orxbtw2.exe; Driver: C:\Users\Home\AppData\Local\Temp\fxlyrpog.sys
---- User IAT/EAT - GMER 2.2 ----
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_CxxThrowException] [23004400570053]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__CxxFrameHandler3] [0]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memcpy] [69006c006e004f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!setlocale] [65006e]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_lock] [6c00660066004f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_unlock] [65006e0069]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!___lc_collate_cp_func] [650065006c0053]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memcmp] [67006e00690070]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memset] [0]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_ismbblead] [0]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__pctype_func] [64006e00690057]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!calloc] [5f00730077006f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_callnewh] [6900640065004d]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__uncaught_exception] [650073005f0061]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_wcsdup] [6c006100690072]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??8type_info@@QEBAHAEBV0@@Z] [640065007a0069]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__crtCompareStringW] [6f00740073005f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!___lc_codepage_func] [65006700610072]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!___lc_handle_func] [0]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!___mb_cur_max_func] [61006600650044]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!wcstod] [420074006c0075]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__crtLCMapStringW] [730077006f0072]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_get_current_locale] [4e005f00720065]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!modff] [4200550050004f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_free_locale] [4800530049004c]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!abort] [44004900520045]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!modf] [64006900000000]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0exception@@QEAA@XZ] [0]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_ecvt_s] [1700000011]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBDH@Z] [250000001d]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??3@YAXPEAX@Z] [3500000029]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!log10] [5300000043]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!fmod] [8300000067]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!floorf] [d3000000a3]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!floor] [14b00000101]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!ceilf] [20900000199]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!ceil] [33500000287]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??1type_info@@UEAA@XZ] [50b00000407]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_onexit] [8050000065b]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!__dllonexit] [cb300000a1f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_initterm] [201100001979]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_amsg_exit] [32cf0000285b]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_XcptFilter] [50b70000401b]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!wcstol] [8003000065a1]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_errno] [cb350000a153]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!wcscpy_s] [1428b00010001]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!realloc] [2001d00019661]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0exception@@QEAA@AEBV0@@Z] [32cc300028529]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0exception@@QEAA@AEBQEBD@Z] [50a2f00040003]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??1exception@@UEAA@XZ] [8001500065993]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!?what@exception@@UEBAPEBDXZ] [cb323000a1453]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!_purecall] [1428b300100007]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0bad_cast@@QEAA@AEBV0@@Z] [2000110019661f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??0bad_cast@@QEAA@PEBD@Z] [32cbff00285151]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??1bad_cast@@UEAA@XZ] [50a28d0040000f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!??_V@YAXPEAX@Z] [80000900659801]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!strchr] [cb2ff900a14521]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!malloc] [ffffffff]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!free] [0]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memmove] [64006e00690057]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!memmove_s] [2e00730077006f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[msvcrt.dll!log10f] [6e0075006f0046]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_CountRefs] [3e003e]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrOleAllocate] [0]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrStubForwardingFunction] [64006e00690057]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrOleFree] [2e00730077006f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!IUnknown_QueryInterface_Proxy] [6e0075006f0046]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_Disconnect] [69007400610064]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!IUnknown_Release_Proxy] [43002e006e006f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_DebugServerQueryInterface] [65006c006c006f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_QueryInterface] [6f006900740063]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!IUnknown_AddRef_Proxy] [49002e0073006e]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrStubCall3] [74006300650056]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [6900560072006f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [31006000770065]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_Invoke] [6e00690057003c]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [730077006f0064]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrDllCanUnloadNow] [640065004d002e]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrCStdStubBuffer2_Release] [53002e00610069]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!NdrDllGetClassObject] [61006500720074]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_Connect] [67006e0069006d]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[RPCRT4.dll!CStdStubBuffer_AddRef] [6500440049002e]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[ntdll.dll!RtlQueryWnfStateData] [3e006e006f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[ntdll.dll!RtlNtStatusToDosError] [64006e00690057]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[ntdll.dll!RtlSubscribeWnfStateChangeNotification] [2e00730077006f]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[ntdll.dll!RtlUnsubscribeWnfStateChangeNotification] [6e0075006f0046]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!GetApplicationManifestLanguages] [6c9d81ac66d60eab]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47Normalize] [5a0b3bfce2fcc7c1]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47GetExtensionSubstring] [7ecbd169e772b0b2]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47GetIsoScriptCode] [49f388b3415a984a]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!GetUserLanguages] [6c0ddfbe0805af92]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47GetDistance] [532e4b5698b9acc1]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!ResolveLanguages] [90ca1c29d50373ac]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!ClearApplicationLanguageOverride] [49dcaf72d322b163]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!SetApplicationLanguageOverride] [22679008a57d228b]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!Bcp47IsWellFormed] [0]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!GetApplicationLanguageOverride] [3800300025007b]
IAT C:\WINDOWS\Explorer.EXE[4384] @ C:\Windows\System32\Windows.Globalization.dll[Bcp47Langs.dll!GetApplicationLanguages] [300025002d0058]
---- Threads - GMER 2.2 ----
Thread C:\WINDOWS\system32\csrss.exe [1636:4076] fffff9600092f2d0
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Diagnostics\Performance@ActiveShutdownDCL C:\WINDOWS\System32\WDI\LogFiles\WdiContextLog.etl.003
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\CMO15A70_1F_07DA_95^E31A9EA2CA573A9B957AE374289AD020@Timestamp 0x23 0x55 0x9F 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0D6B0640-BB35-45E9-8185-348E11209EBD}\Connection@Name isatap.Speedport_W_504V_Typ_A
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager\Defrag@LastRun 04:21:2016
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager\Defrag@TotalBytesSaved 0x00 0x30 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 88506605
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 1804
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 1785
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime 11577
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeBootMgrTime 227
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppTime 1329
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAppStartTimestamp 4068
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeLibraryInitTime 112
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeInitTime 459
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeHiberFileTime 729
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeRestoreImageStartTimestamp 4640
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressTime 240
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeAllocateTime 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeKernelSwitchTimestamp 5398
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp 5431
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp 9837
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TimeStampCounterAtSwitchTime 5418
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState 11484
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime 4837
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime 275
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberSharedBufferTime 3
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime 10941
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeHiberFileTime 4399
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeInitTime 187
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeSharedBufferTime 11
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime 1623
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelAnimationTime 52
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed 361488
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten 0x60 0xCB 0x01 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed 35244
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten 0xC4 0x44 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberWriteRate 109
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeReadRate 112
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeDecompressRate 82
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelResumeIoCpuTime 3548
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime 902
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HybridBootAnimationTime 4426
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp 0x8F 0xDB 0xE8 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\342387faebac
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{0D6B0640-BB35-45E9-8185-348E11209EBD}@DefunctTimestamp 0x83 0xE8 0x17 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 4403
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 5778
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1959
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@LeaseObtainedTime 1461310379
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@T1 1462217579
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@T2 1462897979
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A09BF16-0E40-4B27-9B00-2C75CAB58CC1}@LeaseTerminatesTime 1463124779
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0x37 0x58 0xBF 0x32 ...
---- Disk sectors - GMER 2.2 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.2 ----
|
| Themen zu kernel_data_inpage_error und Rootkitverdacht |
| bluescreen, bonjour, computer, desktop, device driver, dnsapi.dll, entfernen, error, excel, failed, flash player, google, hal.dll, home, homepage, log file, mp3, problem, realtek, rootkit, scan, software, starten, svchost.exe, system, taskmanager, virus, windows |
Baum-Darstellung