| |
| |||||||
Log-Analyse und Auswertung: BrowserModifier: Win32/SupTab!blnkWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.11.2016, 21:10
| #1 |
| |  BrowserModifier: Win32/SupTab!blnk Hallo, ich glaube ich habe ein Problem mit einem Trojaner, es kann allerdings auch ein Fehlalarm sein. Ich habe gesehen, dass hier bereits mehrere dieses Problem gemeldet haben (zuerst im Thread von NkPhilipp). Ich habe dann alle dort empfohlenen Schritte durchprobiert (Adw, Mbam, Jrt und Farbar). Sicher, ich hätte wohl erst hier Posten sollen, war wohl ein Fehler, da nicht alle Probleme gleich sind. Dazu muss ich sagen, dass ich alles andere als ein PC-Experte bin, ich bin froh wenn er läuft. Als Antivirusprogramm (Firewall etc) benutze ich Kaspersky Total Security und bin bisher sehr zufrieden gewesen. Da ich wie gesagt kein PC-Experte bin lade ich mir niemals irgendwo etwas runter, wenn ich nicht sicher bin, dass es kein offizielles Update ist. Allerdings meldet mit Windows Defender seit ca. 1,5 Stunden ständig "potenziell gefährliche Software erkannt". Und zwar an drei Orten: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk c:\users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Wenn ich dann versuche diese Software zu entfernen, wird mir zuerst eine erfolgreiche Entfernung gemeldet. Sekunden später kommt jedoch wieder die Schadensmeldung. Ich habe dann die erwähnten Programme von euch drüber laufen lassen, leider Farbar erst am Ende mit FRST.txt und Addition.txt. Edit: Da der Beitrag zu lang ist, splitte ich die Logs! Hier sind die Logs: Code:
ATTFilter # AdwCleaner v6.030 - Bericht erstellt am 08/11/2016 um 20:10:54
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-11-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Administrator - DERKING
# Gestartet von : C:\Users\Administrator\Downloads\AdwCleaner_6.030.exe
# Modus: Löschen
# Unterstützung : hxxps://www.malwarebytes.com/support
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\ProgramData\Partner
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\Partner
***** [ Dateien ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1119 Bytes] - [08/11/2016 20:10:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [1439 Bytes] - [08/11/2016 20:10:34]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1265 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 08.11.2016 Suchlaufzeit: 20:16 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.11.08.15 Rootkit-Datenbank: v2016.10.31.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Administrator Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 412635 Abgelaufene Zeit: 12 Min., 30 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 7 Home Premium x64 Ran by Administrator (Administrator) on 08.11.2016 at 20:40:03,72 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 46 Successfully deleted: C:\Users\Administrator\AppData\Local\{01CFCD3E-C470-42C4-BCE1-807F880FDCF9} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{0ACB9342-D7C1-44EC-990A-F6B30F5235EF} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{21F3CA16-D668-496C-9CF8-EE182BD754B2} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{243CC142-C20D-4452-9645-0AF282A7993B} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{2B97C432-CE9A-4D30-BCA5-4DEDA723BC85} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{50FD3931-FB75-407D-BBF5-70C4C9ED9B08} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{5727A8BE-ED95-48A8-A96C-6799D7F211E1} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{57524B29-A50E-41B8-BDAB-CB5767CEAB42} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{593DE638-209A-4858-ACF3-076DD40D9A42} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{5D993111-2D40-4C69-8103-ACFB32599547} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{7FFAA837-5E10-46BD-BF7B-0EBE303C6C1C} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{8246F086-3EF8-47DF-A7EF-304005220BC0} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{86E9510A-2A55-4DAA-B33E-1C5AEED1E81A} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{8B2383C0-9D69-4BB6-8295-39CF4B2D045C} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{A077B432-2A92-4EF0-AF45-75D84EC10802} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{A34B07A8-D476-4CDE-AE5C-AB26A40D7920} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{A64B23B3-267C-44F2-A34B-2C40D96B2D94} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{B678AE1E-627F-449C-A669-0ECB4689FB1B} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{BAFEBD91-6E77-49DF-BA1F-3175B1D8A401} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{BF4DEF4A-DCCD-48DD-93E1-55F827571EC1} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{C37CACF2-82D1-4CE0-9557-A60CB3F3BC57} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{C4EAD4CE-7EBA-4F0A-83E3-2A3933A36A6B} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{C9B936CC-2494-4DB4-B03B-65A945F9E531} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{D3E7A83D-81A6-479D-BCC8-53F00BE85488} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{D4B3671E-C8BE-4C2E-B407-2F1532BFA994} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{D7393384-4EDC-4CA3-92C7-505B02F93FC6} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{D9BF5B69-14BF-4BA2-A9B8-642DADE73A32} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{DA3ADDBE-A8D1-4027-AB5A-DA8C4761AD28} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\{EBE73556-06BF-4B87-BED7-D73B14A1054E} (Empty Folder) Successfully deleted: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\niyevnc8.default\user.js (File) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DXJODAU (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JLG1TNG (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOXA2C0C (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5HLAZ8X (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0DXJODAU (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1JLG1TNG (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BOXA2C0C (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5HLAZ8X (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Registry: 2 Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.11.2016 at 20:42:46,79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zweiter Teil, Farbar FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016 durchgeführt von Administrator (Administrator) auf DERKING (08-11-2016 20:43:53) Gestartet von C:\Users\Administrator\Downloads Geladene Profile: Administrator (Verfügbare Profile: Daniel & Chef & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor) HKLM\...\Run: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1860120 2016-01-12] (NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-02] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1285704 2014-08-08] (CANON INC.) HKLM\...\RunOnce: [MedionReminder] => C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe [443688 2011-05-26] (CyberLink) HKU\S-1-5-21-3287674110-1264964589-4252129545-500\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-04-16] (Hewlett-Packard Company) HKU\S-1-5-21-3287674110-1264964589-4252129545-500\...\MountPoints2: {35dfed76-3232-11e6-bf95-8c89a5cdfdb8} - H:\AutoRun.exe HKU\S-1-5-21-3287674110-1264964589-4252129545-500\...\MountPoints2: {d8938f1d-1e73-11e6-960d-8c89a5cdfdb8} - H:\iLinker.exe ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-28] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-28] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-28] (Acronis) Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk [2016-11-08] ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) BootExecute: autocheck autochk * ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 130.234.4.30 130.234.5.30 Tcpip\..\Interfaces\{19D8FACB-F720-4157-B3E1-E6A0D53DCD20}: [DhcpNameServer] 130.234.4.30 130.234.5.30 Tcpip\..\Interfaces\{330FE5DF-2FCF-4498-9FF2-00C0C8C7D7F2}: [DhcpNameServer] 192.168.0.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3287674110-1264964589-4252129545-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3287674110-1264964589-4252129545-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF SearchScopes: HKLM -> DefaultScope Wert fehlt SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation) BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-03-21] (Kaspersky Lab ZAO) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-03-21] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2016-03-21] (Kaspersky Lab ZAO) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation) BHO: Kein Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2016-03-21] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-26] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.) BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2016-03-21] (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2016-03-21] (Kaspersky Lab ZAO) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-08-09] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-26] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3287674110-1264964589-4252129545-500 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\niyevnc8.default [2016-11-08] FF Extension: (Dangerous Websites Blocker) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-05-24] FF Extension: (Virtual Keyboard) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-05-24] FF Extension: (Safe Money) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-05-24] FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-10-13] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE8@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_074028@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] () FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-26] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_663BE8 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2016-05-24] () FF Plugin-x32: @kaspersky.com/online_banking_08806E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2016-05-24] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_074028 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2016-05-24] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-16] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-11] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-11] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-16] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2016-10-06] CHR Extension: (Kaspersky Protection) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-11-03] CHR Extension: (Adobe Acrobat) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-10-06] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-06] CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-06] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-10-01] ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated) R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-03] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink) S2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert] R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [Datei ist nicht signiert] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-03-13] (EldoS Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2016-03-21] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2016-05-26] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [237480 2016-05-24] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [843696 2016-05-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49240 2016-05-24] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [49008 2016-03-25] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [47992 2016-03-25] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-07-09] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [89272 2016-03-21] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-10-06] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-08] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation) R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-11-18] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-11-18] (Acronis International GmbH) U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S0 tib_mounter; system32\DRIVERS\tib_mounter.sys [X] S0 vididr; system32\DRIVERS\vididr.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-08 20:43 - 2016-11-08 20:43 - 02410496 ____C (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2016-11-08 20:43 - 2016-11-08 20:43 - 00025814 ____C C:\Users\Administrator\Downloads\FRST.txt 2016-11-08 20:43 - 2016-11-08 20:43 - 00000000 ___DC C:\FRST 2016-11-08 20:42 - 2016-11-08 20:42 - 00006953 ____C C:\Users\Administrator\Desktop\JRT.txt 2016-11-08 20:39 - 2016-11-08 20:39 - 01631928 ____C (Malwarebytes) C:\Users\Administrator\Downloads\JRT.exe 2016-11-08 20:16 - 2016-11-08 20:38 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-08 20:15 - 2016-11-08 20:15 - 00001106 ____C C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-11-08 20:15 - 2016-11-08 20:15 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-11-08 20:15 - 2016-11-08 20:15 - 00000000 ___DC C:\ProgramData\Malwarebytes 2016-11-08 20:15 - 2016-11-08 20:15 - 00000000 ___DC C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-11-08 20:15 - 2016-03-10 14:09 - 00064896 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-11-08 20:15 - 2016-03-10 14:08 - 00140672 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-11-08 20:15 - 2016-03-10 14:08 - 00027008 ____C (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-11-08 20:13 - 2016-11-08 20:14 - 22851472 ____C (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.1.1043.exe 2016-11-08 20:09 - 2016-11-08 20:10 - 00000000 ___DC C:\AdwCleaner 2016-11-08 20:07 - 2016-11-08 20:08 - 03910208 ____C C:\Users\Administrator\Downloads\AdwCleaner_6.030.exe 2016-10-27 11:21 - 2016-10-27 11:21 - 00002148 ____C C:\Users\Public\Desktop\Google Earth.lnk 2016-10-27 11:21 - 2016-10-27 11:21 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2016-10-26 15:37 - 2016-10-27 10:24 - 00000000 ___DC C:\Program Files\Common Files\AV 2016-10-21 08:00 - 2016-11-05 12:56 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox 2016-10-11 21:11 - 2016-10-11 22:47 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-10-11 21:11 - 2016-10-11 22:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-10-11 21:11 - 2016-10-11 22:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-10-11 21:11 - 2016-10-11 22:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-10-11 21:11 - 2016-10-11 22:47 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-10-11 21:11 - 2016-10-11 22:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-10-11 21:11 - 2016-10-11 22:47 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-10-11 21:11 - 2016-10-11 22:47 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-10-11 21:11 - 2016-10-11 22:47 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-10-11 21:11 - 2016-10-11 22:47 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-10-11 21:11 - 2016-10-11 22:47 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-10-11 21:11 - 2016-10-11 22:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2016-10-11 21:11 - 2016-10-11 22:47 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-10-11 21:11 - 2016-10-11 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-10-11 21:11 - 2016-10-11 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-10-11 21:10 - 2016-10-13 07:13 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-10-11 21:10 - 2016-10-13 07:13 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-10-11 21:10 - 2016-10-13 07:13 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-10-11 21:10 - 2016-10-13 07:13 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-10-11 21:10 - 2016-10-13 07:13 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-10-11 21:10 - 2016-10-13 07:13 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-10-11 21:10 - 2016-10-13 07:13 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-10-11 21:10 - 2016-10-13 07:13 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-10-11 21:10 - 2016-10-12 07:31 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2016-10-11 21:10 - 2016-10-12 07:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2016-10-11 21:10 - 2016-10-11 22:47 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-10-11 21:10 - 2016-10-11 22:47 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-10-11 21:10 - 2016-10-11 22:47 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-10-11 21:10 - 2016-10-11 22:47 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-10-11 21:10 - 2016-10-11 22:47 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-10-11 21:10 - 2016-08-16 22:40 - 00343552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2016-10-11 21:10 - 2016-08-16 22:40 - 00327168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2016-10-11 21:10 - 2016-08-16 22:40 - 00099840 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2016-10-11 21:10 - 2016-08-16 22:40 - 00056320 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2016-10-11 21:10 - 2016-08-16 22:40 - 00030720 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2016-10-11 21:10 - 2016-08-16 22:40 - 00025600 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2016-10-11 21:10 - 2016-08-16 22:40 - 00007808 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-08 20:40 - 2016-08-18 15:31 - 00000000 ___DC C:\Users\Administrator\AppData\Local\CrashDumps 2016-11-08 20:38 - 2016-10-06 15:39 - 00000000 ___DC C:\Users\Public\Documents\AdobeGC 2016-11-08 20:38 - 2014-09-13 14:41 - 00000000 ___DC C:\ProgramData\Kaspersky Lab 2016-11-08 20:38 - 2013-11-13 18:15 - 00001106 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-08 20:38 - 2012-04-12 00:03 - 00000000 ___DC C:\ProgramData\NVIDIA 2016-11-08 20:38 - 2009-07-14 07:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT 2016-11-08 20:29 - 2013-11-13 18:15 - 00000884 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-08 20:20 - 2013-11-13 18:15 - 00001110 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-08 20:20 - 2009-07-14 06:45 - 00024800 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-08 20:20 - 2009-07-14 06:45 - 00024800 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-08 20:17 - 2011-05-16 16:04 - 00699884 ____C C:\Windows\system32\perfh007.dat 2016-11-08 20:17 - 2011-05-16 16:04 - 00149766 ____C C:\Windows\system32\perfc007.dat 2016-11-08 20:17 - 2009-07-14 07:13 - 01622300 ____C C:\Windows\system32\PerfStringBackup.INI 2016-11-08 20:17 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\inf 2016-11-08 20:11 - 2016-04-07 20:29 - 00000946 ____C C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-11-08 20:04 - 2015-01-17 21:37 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\TS3Client 2016-11-08 19:29 - 2016-04-07 20:29 - 00003954 ____C C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-11-08 19:29 - 2013-11-13 18:15 - 00003822 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-11-08 19:29 - 2012-11-17 20:05 - 00796352 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-08 19:29 - 2011-12-01 23:26 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-08 19:29 - 2011-10-14 14:15 - 00000000 ___DC C:\Windows\system32\Macromed 2016-11-08 19:29 - 2011-07-18 23:12 - 00000000 ___DC C:\Windows\SysWOW64\Macromed 2016-11-06 18:51 - 2015-01-17 16:34 - 00000000 ___DC C:\Users\Administrator\AppData\Roaming\Skype 2016-11-03 20:01 - 2015-07-15 14:07 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-10-31 18:49 - 2015-01-17 16:34 - 00000000 __RDC C:\Program Files (x86)\Skype 2016-10-31 18:49 - 2015-01-17 16:34 - 00000000 ___DC C:\ProgramData\Skype 2016-10-31 18:42 - 2013-01-18 18:48 - 00000000 ___DC C:\Users\Administrator 2016-10-29 07:19 - 2009-07-14 07:09 - 00000000 ___DC C:\Windows\System32\Tasks\WPD 2016-10-28 21:34 - 2009-07-14 06:57 - 00001547 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-10-27 15:36 - 2014-09-13 14:31 - 00003866 ____C C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410611484 2016-10-27 15:36 - 2012-11-08 21:38 - 00000000 ___DC C:\Program Files (x86)\Opera 2016-10-26 16:29 - 2010-11-21 05:27 - 00485032 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-10-24 21:25 - 2013-11-13 18:16 - 00002191 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-24 21:25 - 2013-11-13 18:16 - 00002179 ____C C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-22 07:22 - 2014-09-13 14:32 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service 2016-10-19 20:52 - 2015-01-21 15:47 - 00000000 ___DC C:\Users\Administrator\AppData\Local\Windows Live 2016-10-14 22:54 - 2014-09-16 16:31 - 00000000 ___DC C:\ProgramData\regid.1991-06.com.microsoft 2016-10-14 22:53 - 2014-09-16 16:28 - 00000000 ___DC C:\Program Files\Microsoft Office 15 2016-10-13 22:47 - 2015-08-13 16:28 - 00000000 ___DC C:\Windows\rescache 2016-10-13 07:03 - 2015-02-03 17:32 - 00002453 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk 2016-10-13 07:03 - 2015-02-03 17:32 - 00002214 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk 2016-10-13 07:03 - 2015-02-03 17:32 - 00002053 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2016-10-12 16:04 - 2013-10-05 19:53 - 00000000 ___DC C:\Users\Chef 2016-10-12 16:04 - 2012-11-08 21:25 - 00000000 ___DC C:\Users\Daniel 2016-10-12 07:27 - 2009-07-14 06:45 - 00336984 ____C C:\Windows\system32\FNTCACHE.DAT 2016-10-12 07:26 - 2015-01-16 15:50 - 00000000 ___DC C:\Windows\system32\appraiser 2016-10-12 07:26 - 2014-09-13 14:06 - 00000000 __SDC C:\Windows\system32\CompatTel 2016-10-12 07:26 - 2013-03-14 13:49 - 00000000 ___DC C:\Program Files\Microsoft Silverlight 2016-10-12 07:26 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\SysWOW64\Dism 2016-10-12 07:26 - 2009-07-14 05:20 - 00000000 ___DC C:\Windows\system32\Dism 2016-10-12 07:25 - 2013-03-14 13:49 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight 2016-10-11 22:47 - 2015-12-09 07:17 - 00419640 _____ C:\Windows\SysWOW64\locale.nls 2016-10-11 22:47 - 2015-12-09 07:17 - 00419640 _____ C:\Windows\system32\locale.nls 2016-10-11 22:47 - 2013-11-18 20:39 - 00000000 ___DC C:\Windows\system32\MRT 2016-10-11 22:43 - 2013-03-14 13:50 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-10-11 22:43 - 2011-07-18 22:31 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-07-22 12:28 - 2015-07-22 12:28 - 0000057 ____C () C:\ProgramData\Ament.ini Einige Dateien in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\libeay32.dll C:\Users\Administrator\AppData\Local\Temp\msvcr120.dll C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll C:\Users\Daniel\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\Daniel\AppData\Local\Temp\install_reader11_de_gtbd_chrd_dn_aih.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-11-04 05:08 ==================== Ende von FRST.txt ============================ |
| Themen zu BrowserModifier: Win32/SupTab!blnk |
| administrator, browsermodifier: win32/suptab!blnk, defender, einstellungen, entfernen, explorer, fehlalarm, fehler, firefox, firewall, google, home, internet, internet explorer, kaspersky, kaspersky total security, launch, mozilla, neustart, problem, proxy, security, sekunden, server, software, trojaner, windows, wmi |
Baum-Darstellung