| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes finde Trojan.Agent.EDWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
21.02.2016, 11:22
| #1 |
| |  Malwarebytes finde Trojan.Agent.ED Hallo zusammen, ich habe mal wieder Malwarebytes laufen lassen. Malwarebytes hat Trojaner.agent.ed gefunden. Ich habe auf einmal ignorieren gedrückt. Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 21.02.2016 Suchlaufzeit: 09:14 Protokolldatei: Malwarebytes.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.02.21.01 Rootkit-Datenbank: v2016.02.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Atlan Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 392615 Abgelaufene Zeit: 1 Std., 11 Min., 12 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 2 Trojan.Agent.ED, C:\Users\Atlan\AppData\Roaming\Apple Computer\MobileSync\Backup\9e918596f66a85a05a04faf4dc546cb8b757c377\2897a9776625e11c096400c1c25be192fac39133, , [1540045fd4c52a0cec6881783cc4718f], Trojan.Agent.ED, C:\Users\Atlan\AppData\Roaming\Apple Computer\MobileSync\Backup\9e918596f66a85a05a04faf4dc546cb8b757c377\f591dc27a231d06d32318791453ba43a53daced3, , [a6af8fd47623c571c88c32c7a45c08f8], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) TDSS hat nichts gefunden. Soll ich bei Malwarebytes auf entfernen drücken? Danke. Gruß Dogbert Anbei noch FRST #FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-02-2016
durchgeführt von Atlan (2016-02-21 11:09:37)
Gestartet von C:\Users\Atlan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-31 20:40:23)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3156769684-3460529154-1887623434-500 - Administrator - Disabled)
Atlan (S-1-5-21-3156769684-3460529154-1887623434-1001 - Administrator - Enabled) => C:\Users\Atlan
Gast (S-1-5-21-3156769684-3460529154-1887623434-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3156769684-3460529154-1887623434-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-PDF Website Converter Version 1.0.3 (Build 236) (HKLM-x32\...\7-PDF Website Converter_is1) (Version: 7-PDF Website Converter - Version 1.0.3 (Build 236) - 7-PDF, Germany - Thorsten Hodes)
ABBYY Screenshot Reader (HKLM-x32\...\{F9000000-0015-0000-0000-074957833700}) (Version: 9.010.483.59811 - ABBYY)
Acer 3G Connection Manager (HKLM-x32\...\{1E49D2F5-18C5-4097-B30B-9AC73168B5E9}) (Version: 2.00.3004 - Acer Incorporated)
Acer 3G Connection Manager (HKLM-x32\...\Acer 3G Connection Manager) (Version: 13.001.07.04.470 - Huawei Technologies Co.,Ltd)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3004 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0211.2010 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Active@ ISO Burner (HKLM-x32\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALDI Bestellsoftware (HKLM-x32\...\ALDI Bestellsoftware) (Version: 5.0.2 - ORWO_Net)
Amazon Kindle (HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Amazon Kindle) (Version: - Amazon)
Amazon Kindle (HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version: - Amazon)
Amazon MP3-Downloader 1.0.9 (HKLM-x32\...\Amazon MP3-Downloader) (Version: - )
Apple Application Support (32-Bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.20 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{E861C324-6E11-5A4D-3433-54A4D68811F3}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
aTube Catcher Version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.141 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{ccdc9cfe-8ba7-4c6c-ac5f-b2d6cfa49efc}) (Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.54.24924 - Avira Operations GmbH & Co. KG) Hidden
Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden
Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.44.0 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden
Citavi (HKLM-x32\...\{E12C6653-1FF0-4686-ADB8-589C13AE761F}) (Version: 3.4.0.1 - Swiss Academic Software)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.1.14961 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Emsisoft HiJackFree 4.5 (HKLM-x32\...\Emsisoft HiJackFree_is1) (Version: 4.5 - Emsi Software GmbH)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GPL Ghostscript 9.00 (HKLM-x32\...\GPL Ghostscript 9.00) (Version: - )
HUAWEI DataCard Driver 3.12.00.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 3.12.00.00 - Huawei technologies Co., Ltd.)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KONZ 2012 (HKLM-x32\...\InstallShield_{20BFBFF9-55AB-4179-B4AA-54D2897B3EDD}) (Version: 1.00.0000 - USM)
KONZ 2012 (x32 Version: 1.00.0000 - USM) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
MAGIX Foto Manager 10 (HKLM-x32\...\MAGIX_MSI_Foto_Manager_10) (Version: 8.0.1.136 - MAGIX AG)
MAGIX Foto Manager 10 (x32 Version: 8.0.1.136 - MAGIX AG) Hidden
MAGIX Online Druck Service (HKLM-x32\...\{6D1FAE3E-7A6F-4045-BBF5-55DB4C5FB5FD}) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\{5B5F2D4C-3B63-4EEF-A881-CFD39E8D9C47}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Xtreme Foto & Grafik Designer 5 (Silver) (HKLM-x32\...\MAGIX_MSI_XtremeGrafik5_Silver) (Version: 5.1.2.15876 - MAGIX AG)
MAGIX Xtreme Foto & Grafik Designer 5 (Silver) (x32 Version: 5.1.2.15876 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version: - )
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version: - )
Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Paragon Backup & Recovery™ 2012 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Readiris Pro 10 (HKLM-x32\...\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.05.87 (08.09.2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.21.00(03.02.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.5.0 - Samsung Electronics Co., Ltd.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Samsung M288x Series (HKLM-x32\...\Samsung M288x Series) (Version: 1.02 (05.02.2014) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM-x32\...\Samsung Network PC Fax) (Version: 1.10.17 (19.12.2013) - Samsung Electronics Co., Ltd.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.01.05 (29.11.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung RAW Converter 4 (HKLM-x32\...\InstallShield_{D09E159D-0264-4597-B200-A9B4C0866F25}) (Version: 4 - Ichikawa Soft Laboratory)
Samsung RAW Converter 4 (x32 Version: 4 - Ichikawa Soft Laboratory) Hidden
Samsung Scan Process Machine (x32 Version: 1.01.12.00 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-4100 Series - TWAIN (HKLM-x32\...\{FB838FDB-0C2D-44EC-8C40-F69C5CDABFCC}) (Version: - )
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:24 - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.0.0 - DMAILER)
Schmidt Interaktivspaß Doppelkopf (HKLM-x32\...\{BA947C14-9B71-484D-B66C-055E2E6CA7B1}) (Version: - )
Seagate*DiscWizard (HKLM-x32\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8330 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmarThru 4 (HKLM-x32\...\{90F1943D-EA4A-4460-B59F-30023F3BA69A}) (Version: - )
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
StarCraft II Demo (HKLM-x32\...\StarCraft II Demo) (Version: 1.0.0.17164 - Blizzard Entertainment)
Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)
tiptoi® Manager 3.0.9 (HKLM-x32\...\9978-5763-2995-5228) (Version: 3.0.9 - Ravensburger AG)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{59E0381C-1047-45A3-B68A-57F586EAF3C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{D338102B-BA1C-4CCA-B870-8690FA0F0433}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.64 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WISO Sparbuch 2009 (HKLM-x32\...\{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}) (Version: 16.00.6228 - Buhl Data Service GmbH)
WISO Sparbuch 2010 (HKLM-x32\...\{46B70DEB-97B3-4E38-B746-EC16905E6A8F}) (Version: 17.00.6531 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{734A67D1-3C5F-41E1-8824-3527A9D94BB7}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2011 (HKLM-x32\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2012 (HKLM-x32\...\{0CC1DAFB-40C8-4903-953D-471E541477C7}) (Version: 19.00.7303 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{1E5AB2C6-0FC2-4807-BC8C-D387D279F7F5}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{DEF1E117-A9ED-4395-977A-3F8C462AB147}) (Version: 22.00.8811 - Buhl Data Service GmbH)
XING Connector 1.2 (HKLM\...\XING Connector) (Version: 1.2 - XING AG)
Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.)
Zoner Photo Studio 12 (HKLM-x32\...\ZonerPhotoStudio12_DE_is1) (Version: 12.0.1.10 - ZONER software)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {014A5BF6-951C-4053-9677-DB263BCA7D50} - System32\Tasks\{68CB6C97-2FE7-4F6C-A93D-C33440EB1E36} => pcalua.exe -a C:\Users\Atlan\Downloads\HiJackThis204.exe -d C:\Users\Atlan\Downloads
Task: {25A5BF75-F1A5-4B33-A703-80E58A12B7BD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3156769684-3460529154-1887623434-1001UA => C:\Users\Atlan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {3609087D-DE6C-43E6-AA97-9B5855346E61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {397DF622-DB91-4130-B1F5-85E128C66469} - System32\Tasks\{EA23C3B8-2C8A-43A8-B29C-7FD28A5FBA68} => pcalua.exe -a C:\Users\Atlan\Downloads\dft32_v416_b00.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {675DE0AE-2ED1-4B4E-9ABC-639443EE058B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {72567B02-46FB-43E1-A836-D63B1BC5503E} - System32\Tasks\{04C33282-DF83-414F-BF12-1D56DDEFD3B5} => pcalua.exe -a C:\Users\Atlan\Downloads\esetsmartinstaller_enu.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {8A57E960-CC65-4471-B86F-5DE68A1613CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AD32B1D7-DE10-4A12-BEE7-E22058DAF8F9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3156769684-3460529154-1887623434-1001Core => C:\Users\Atlan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {B2D65505-209E-4CA4-8BD3-2A2BF1BC0A8D} - System32\Tasks\{CC8754B1-B47A-4A83-AB55-53BADE0001E3} => pcalua.exe -a C:\Users\Atlan\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {CBB58D56-66F8-45BE-BD57-2293C21FF75C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {D119F5DA-A4D5-4CAF-8475-E8966DAA5B3E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {E7640087-AAB3-4947-99A1-7361644665F2} - System32\Tasks\{F02AF0AA-39EA-463C-92B4-E22638E258CE} => pcalua.exe -a C:\Users\Atlan\Downloads\dft32_v416_b00.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {F916B3A9-65C4-483B-AB5D-8E0DC49A57C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3156769684-3460529154-1887623434-1001Core.job => C:\Users\Atlan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3156769684-3460529154-1887623434-1001UA.job => C:\Users\Atlan\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-26 10:46 - 2010-03-26 10:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-01-09 21:32 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2011-01-08 19:14 - 2008-06-04 07:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll
2015-07-15 12:44 - 2015-07-15 12:44 - 00022528 _____ () C:\Windows\System32\ssa7mlm.dll
2014-12-25 10:11 - 2014-04-16 09:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2010-08-28 15:27 - 2010-06-09 17:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-09 08:58 - 2012-03-09 08:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 08:58 - 2012-03-09 08:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-09-10 19:58 - 2015-07-15 12:44 - 01604096 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssa7mdu.dll
2014-12-25 10:11 - 2014-07-24 19:54 - 01194496 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\usp01du.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2010-03-08 09:57 - 2010-03-08 09:57 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-27 11:40 - 2010-05-27 11:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-12-23 14:33 - 2015-12-23 14:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-02-17 03:06 - 2016-01-12 19:44 - 00034768 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-17 03:05 - 2016-01-12 19:45 - 00019408 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-02-17 03:06 - 2016-01-12 19:44 - 00116688 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-02-17 03:06 - 2016-01-12 19:44 - 00093640 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-02-17 03:06 - 2016-01-12 19:44 - 00018376 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\select.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00019760 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-02-17 03:06 - 2016-01-12 19:46 - 00105928 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-02-17 03:06 - 2016-01-12 19:44 - 00392144 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-02-17 03:06 - 2016-02-16 19:39 - 00381752 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-02-17 03:06 - 2016-01-12 19:44 - 00692688 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-17 03:05 - 2016-02-16 19:38 - 00020816 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-02-17 03:06 - 2016-01-12 19:45 - 00112592 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-17 03:05 - 2016-02-16 19:38 - 01682760 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-17 03:05 - 2016-02-16 19:38 - 00020808 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00021840 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00038696 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-02-17 03:05 - 2016-01-12 19:46 - 00020936 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-02-17 03:06 - 2016-01-12 19:46 - 00024528 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-02-17 03:06 - 2016-01-12 19:47 - 00114640 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-02-17 03:06 - 2016-01-12 19:46 - 00124880 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00021832 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-02-17 03:06 - 2016-01-12 19:46 - 00024016 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-02-17 03:06 - 2016-01-12 19:46 - 00175560 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-02-17 03:06 - 2016-01-12 19:47 - 00030160 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-02-17 03:06 - 2016-01-12 19:47 - 00043472 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-02-17 03:06 - 2016-01-12 19:47 - 00028616 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-02-17 03:06 - 2016-01-12 19:47 - 00048592 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00026456 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-17 03:06 - 2016-01-12 19:46 - 00057808 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-02-17 03:06 - 2016-01-12 19:47 - 00024016 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-17 03:05 - 2016-02-16 19:38 - 00117056 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00024392 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-17 03:05 - 2016-01-12 19:47 - 00036296 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\librsync.dll
2016-02-17 03:06 - 2016-02-16 19:39 - 00023376 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-17 03:06 - 2016-01-12 19:44 - 00134608 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-02-17 03:05 - 2016-01-12 19:44 - 00134088 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-17 03:05 - 2016-01-12 19:45 - 00240584 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00052024 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00021824 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00019776 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00020800 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-17 03:05 - 2016-02-16 19:38 - 00020280 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-02-17 03:06 - 2016-01-12 19:47 - 00350152 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-17 03:06 - 2016-02-16 19:39 - 00022352 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00084792 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-02-17 03:05 - 2016-02-16 19:39 - 01826096 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-02-17 03:06 - 2016-01-12 19:45 - 00083912 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\sip.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 03928880 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 01971504 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00531248 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00132912 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00223544 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00207672 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00158008 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00042808 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-17 03:05 - 2016-01-12 19:49 - 00017864 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-17 03:05 - 2016-01-12 19:49 - 01631184 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-02-17 03:06 - 2016-02-16 19:39 - 00024904 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00546096 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-02-17 03:05 - 2016-02-16 19:39 - 00357680 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-02-17 03:06 - 2016-01-12 19:52 - 00697304 _____ () C:\Users\Atlan\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-08-29 00:56 - 2009-05-20 23:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2009-11-10 17:39 - 2009-11-10 17:39 - 01332576 _____ () C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2016-02-21 11:02 - 2016-02-21 11:02 - 01511424 _____ () C:\Users\Atlan\Desktop\adwcleaner_5.035.exe
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Atlan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Atlan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{9D35AAFE-7CD8-4A5C-83B8-39ADBC92419C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{AA22C094-E19E-4FC3-85D0-9A8E174BD57B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F1E0105F-E4F6-48E1-BC58-A47503A7ECD4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{B4AA5F7C-6203-430A-8BCE-0F970E443DB0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{93D73ACE-70B1-49BB-A968-C44F773286D1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{00C8A386-125C-4A33-BD97-6CC779C79B51}] => (Allow) svchost.exe
FirewallRules: [{34BD2439-80B7-4321-A2D4-B7F934E0A8FA}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{799DD745-168A-461E-8CE3-B171CEFE695D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{DB9329C6-9CB5-4777-9ED8-9C26E39CBBB1}C:\users\atlan\downloads\sc2-wingsofliberty-enus-demo-installer-downloader.exe] => (Allow) C:\users\atlan\downloads\sc2-wingsofliberty-enus-demo-installer-downloader.exe
FirewallRules: [UDP Query User{9AF415FD-7B79-4AFB-9CAC-D6F8DDBD8666}C:\users\atlan\downloads\sc2-wingsofliberty-enus-demo-installer-downloader.exe] => (Allow) C:\users\atlan\downloads\sc2-wingsofliberty-enus-demo-installer-downloader.exe
FirewallRules: [{A933D4E9-BB62-40A0-8B27-EA75ABD96B6A}] => (Allow) C:\Program Files (x86)\StarCraft II Demo\StarCraft II.exe
FirewallRules: [{A6ED34E2-F643-4F23-8B41-CD80398EB3B5}] => (Allow) C:\Program Files (x86)\StarCraft II Demo\StarCraft II.exe
FirewallRules: [{3BDDEDB3-F694-4F4E-8958-B14993DB9808}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{349D3FC0-36D0-46DC-AB48-FF9DDE6FC090}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{6A7BB73F-6ABF-4E24-85C2-A4B49778607A}] => (Allow) C:\Users\Atlan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{87756308-F132-4CAD-89AD-04ACC7B954F8}] => (Allow) C:\Users\Atlan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7A9F233F-A58C-4A61-B58E-35A08F022D5D}C:\users\atlan\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\atlan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{4BC74B2D-5C9C-4D35-8082-646222280FE4}C:\users\atlan\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\atlan\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{E42CE6A0-8D69-4F37-8C9A-F7E05F6FAD3E}C:\program files (x86)\samsung\pc auto backup\autobackup.exe] => (Allow) C:\program files (x86)\samsung\pc auto backup\autobackup.exe
FirewallRules: [UDP Query User{B111A368-BA67-4DA3-9806-39BD7FD66784}C:\program files (x86)\samsung\pc auto backup\autobackup.exe] => (Allow) C:\program files (x86)\samsung\pc auto backup\autobackup.exe
FirewallRules: [{96B9D80F-4465-4CC7-BDE9-A7FF2BDF4754}] => (Allow) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\WiselinkPro.exe
FirewallRules: [{2913E6F7-C026-4BB7-AD5E-63979E5780E1}] => (Allow) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\WiselinkPro.exe
FirewallRules: [{B5666AF4-D9DC-4E50-9283-4239A1D22001}] => (Allow) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\http_ss_win_pro.exe
FirewallRules: [{8E5424CB-DF83-458D-B15D-D6D22C12DE41}] => (Allow) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\http_ss_win_pro.exe
FirewallRules: [{496E0EA0-BD58-4566-9C0F-AAE863CB5FD8}] => (Allow) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\WiselinkPro.exe
FirewallRules: [{0B42C3A0-BCAB-4C34-BFFC-CBBE40463D90}] => (Allow) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\WiselinkPro.exe
FirewallRules: [{0553E61E-27B0-415A-A582-E4C680D90A0F}] => (Allow) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\http_ss_win_pro.exe
FirewallRules: [{1B25DDE7-5B9B-4013-8B3C-738AC480FAF1}] => (Allow) C:\Program Files (x86)\SAMSUNG\PC Auto Backup\http_ss_win_pro.exe
FirewallRules: [TCP Query User{CCF773FC-D004-4CEC-8BA7-6A40004BA82C}C:\program files (x86)\samsung\pc auto backup\autobackup.exe] => (Block) C:\program files (x86)\samsung\pc auto backup\autobackup.exe
FirewallRules: [UDP Query User{689D9C66-9874-4FEF-9126-8EB6CEB7A7C5}C:\program files (x86)\samsung\pc auto backup\autobackup.exe] => (Block) C:\program files (x86)\samsung\pc auto backup\autobackup.exe
FirewallRules: [TCP Query User{AECB3165-ACEF-41FC-A647-EFD9C7F4C3FB}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{D923A165-8CB4-42F0-8D36-060C05D7A495}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{EC31161B-7699-46DB-A500-12565DF9BC1C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{3125C8B1-E793-4694-85A4-5C1EE3C483E2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{B83D0231-C3BE-44B1-8155-80E531CE73D3}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe
FirewallRules: [{1A170B29-F7F9-42C5-ACF5-EA788E5C1A0E}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe
FirewallRules: [{B221FAB0-899B-4266-BF4B-0DA877C0CB9B}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{197BD46C-423D-468C-BF14-79B20762251D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{1294A8AF-72A7-49E4-ADA5-64BEC000E05C}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{FC08F948-39EF-45CE-B7E3-71580D362419}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{BCD99FB6-484F-47AD-8FA8-0356A77A5F04}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{68FDFB8F-7314-4586-9CDC-3EDB18DDCF93}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{A9E96A2A-33D8-4C07-BDDA-E9298D249FAA}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{3D5C6B44-68D8-47EB-BDBB-5C1C968D7779}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{5049458F-1F1D-4F33-9BDD-145CD1B8E7A0}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\uninstall.exe
FirewallRules: [{2FB8F8B5-9052-4873-B098-C8A99F87F3E5}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\uninstall.exe
FirewallRules: [{3DC9A3A3-6C89-40E2-B727-B33158926C0F}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{88E2E3DB-B7FA-4B16-988B-DB552D665C63}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{EC612B2F-1524-47D7-8223-5A3AA64A846F}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{E7C3D06E-E596-4353-A00A-0EF20C7AA67E}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{F23D0510-C275-4D55-8BD4-FF7A2F829248}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{2DDFFBAC-43E7-45BD-A472-E978AE0B74D2}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{E03574C0-EE87-42B5-986F-1F1D0A4393B5}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F7151D87-B6A8-4991-9820-1BBE9E089628}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5655BDF5-2C96-47F9-B945-439E6E10366E}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Document Creator\EDC.exe
FirewallRules: [{9D91F592-2A3D-4972-BEFD-9FBD2D93FCF2}] => (Allow) C:\Program Files (x86)\SAMSUNG\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{06901A2C-8C6C-41B3-BCDB-DCB6DDF35171}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{75518247-ED48-417A-B3A3-7786B3A7B84C}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{8D3D4D92-A13D-4BA1-ADD2-71E98207FE0B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{2B73BD60-12FB-4471-9E75-D966DD13FC99}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{532EACA3-FA0F-44DE-9BED-86659AE08CA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2C2C28AC-3079-4393-BE19-34BCE32B3E5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B4777450-5438-4A03-A065-53327C009735}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CD41EAB3-7939-41B0-8B1A-BBEB06FDCAD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6EAFC5CD-8FFC-432F-B7D7-B10FC4898094}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91976A64-638E-4CE5-95F7-126B075BAD2F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB878D44-3B96-4C9C-B9B9-041C01D42DCE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2546C8DE-5E98-40FE-A0B2-89C89DF42500}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5BE58179-79E3-47FF-A9BE-406A6BA4401A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99980471-DD02-4B6E-8497-08B505A9C97C}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{477E9594-3133-417E-BB77-25B31D12BE6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
11-02-2016 23:18:22 Windows Update
16-02-2016 14:30:38 Windows Update
20-02-2016 00:51:07 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (02/20/2016 10:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9719
Error: (02/20/2016 10:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9719
Error: (02/20/2016 10:47:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/20/2016 10:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8611
Error: (02/20/2016 10:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8611
Error: (02/20/2016 10:47:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/20/2016 10:47:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7535
Error: (02/20/2016 10:47:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7535
Error: (02/20/2016 10:47:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/20/2016 10:47:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5881
Systemfehler:
=============
Error: (02/21/2016 11:12:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/21/2016 10:25:16 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (02/21/2016 10:25:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (02/21/2016 10:25:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (02/21/2016 10:25:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (02/21/2016 10:25:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (02/21/2016 09:02:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (02/21/2016 09:02:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (02/21/2016 09:02:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (02/21/2016 09:02:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
CodeIntegrity:
===================================
Date: 2014-08-02 20:20:47.927
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-15 21:10:50.072
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-15 20:00:47.490
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-25 17:46:11.616
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-25 17:45:30.510
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-26 07:09:12.077
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-22 08:55:23.026
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-20 07:07:40.550
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-19 07:09:59.294
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-16 12:55:53.059
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: AMD Athlon(tm) II Neo K325 Dual-Core Processor
Prozentuale Nutzung des RAM: 63%
Installierter physikalischer RAM: 3838.17 MB
Verfügbarer physikalischer RAM: 1394.75 MB
Summe virtueller Speicher: 7674.55 MB
Verfügbarer virtueller Speicher: 4696.34 MB
==================== Laufwerke ================================
Drive c: (ACER) (Fixed) (Total:237.5 GB) (Free:101.78 GB) NTFS
Drive d: (Volume) (Fixed) (Total:215.46 GB) (Free:34.87 GB) NTFS
Drive g: () (Removable) (Total:59.62 GB) (Free:26.06 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: D04DD04D)
Partition 1: (Not Active) - (Size=12.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=237.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=215.5 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 59.6 GB) (Disk ID: 69205244)
No partition Table on disk 1.
==================== Ende von Addition.txt ============================
# |
|
21.02.2016, 11:24
| #2 |
| | Malwarebytes finde Trojan.Agent.ED #
__________________FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-02-2016
durchgeführt von Atlan (Administrator) auf ATLAN-PC (21-02-2016 11:05:56)
Gestartet von C:\Users\Atlan\Desktop
Geladene Profile: Atlan & (Verfügbare Profile: Atlan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ABBYY) C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Dropbox, Inc.) C:\Users\Atlan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Users\Atlan\Desktop\tdsskiller.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-11-10] (Seagate)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [370176 2010-06-17] (shbox.de)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [1352480 2009-11-10] (Seagate)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe [906912 2009-11-10] (Acronis)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [804168 2016-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ABBYY Screenshot Reader Retail] => C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenShotReader.exe [959752 2009-10-27] (ABBYY)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-08] (Google Inc.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Atlan\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-11-20] (Gemalto N.V.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [ABBYY Screenshot Reader Retail] => C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe [959752 2009-10-27] (ABBYY)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [Dropbox Update] => C:\Users\Atlan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\MountPoints2: {4addfd41-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\MountPoints2: {4addfd44-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\MountPoints2: {4addfd61-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\MountPoints2: {4addfd63-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\MountPoints2: {4addfd78-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\...\MountPoints2: {de608045-6dc2-11e0-a1f1-001e101f7f74} - E:\Setup.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-08] (Google Inc.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SanDiskSecureAccess_Manager.exe] => C:\Users\Atlan\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27306624 2011-11-20] (Gemalto N.V.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ABBYY Screenshot Reader Retail] => C:\Program Files (x86)\ABBYY Screenshot Reader\ScreenshotReader.exe [959752 2009-10-27] (ABBYY)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Atlan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4addfd41-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4addfd44-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4addfd61-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4addfd63-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4addfd78-9804-11e0-bb8b-001e101f4da1} - E:\AutoRun.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {de608045-6dc2-11e0-a1f1-001e101f7f74} - E:\Setup.exe
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-18\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Atlan\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2011-07-05]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-08-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2014-09-10]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-02-01]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\Atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Atlan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C5FB6D0-82ED-43A3-B398-DA394DF26FE6}: [NameServer] 212.23.115.150 212.23.115.132
Tcpip\..\Interfaces\{A35DE8BC-F420-46AE-BE9E-A950F37550D3}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B9264507-708F-414A-8665-534E58B1446A}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{DF320644-D58C-47AD-BDFE-40EB7C4C7CED}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1551&r=27361210f506l0418z1m5t47j1n26n
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1551&r=27361210f506l0418z1m5t47j1n26n
HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1551&r=27361210f506l0418z1m5t47j1n26n
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE412DE412
SearchScopes: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE412DE412
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {5733492D-4700-A76A-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\W3I-G\Passport.dll" => Keine Datei
BHO-x32: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-05] (Microsoft Corporation)
BHO-x32: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll [2012-05-01] (doubleTwist Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-23] (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-23] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {5733492D-4700-A76A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\W3I-G\Passport.dll" Keine Datei
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-23] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-12-16] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-12-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: Google
FF NetworkProxy: "ftp", "proxyus.stealthy.co"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "proxyus.stealthy.co"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxyus.stealthy.co"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "proxyus.stealthy.co"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-08-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3156769684-3460529154-1887623434-1001: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [2012-05-01] (doubleTwist Corporation)
FF Plugin HKU\S-1-5-21-3156769684-3460529154-1887623434-1001: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [2012-05-01] (doubleTwist Corporation)
FF Plugin HKU\S-1-5-21-3156769684-3460529154-1887623434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @phonostar.de/phonostar -> C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll [Keine Datei]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-06-19] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default\searchplugins\youtube-videosuche.xml [2016-01-19]
FF Extension: Flash and Video Download - C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-30]
FF Extension: EPUBReader - C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-15]
FF Extension: Toolbar für amazon.de - C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default\Extensions\0001.amztoolbar@minimalarts.de [2012-09-05] [ist nicht signiert]
FF Extension: Avira Browser Safety - C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default\Extensions\abs@avira.com [2016-02-18]
FF Extension: Google Scholar Button - C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default\Extensions\button@scholar.google.com.xpi [2015-05-29]
FF Extension: stealthy - C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default\Extensions\stealthyextension@gmail.com.xpi [2015-07-09]
FF Extension: Video DownloadHelper - C:\Users\Atlan\AppData\Roaming\Mozilla\Firefox\Profiles\jh5lq4f8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll => Keine Datei
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => Keine Datei
CHR Plugin: (doubletwist Plugin 1, 3, 0, 0) - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => Keine Datei
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\Atlan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Atlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-01-10]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Atlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-02-15]
CHR Extension: (Avira Browserschutz) - C:\Users\Atlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-15]
CHR Extension: (Google Wallet) - C:\Users\Atlan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-15]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [759048 2009-05-15] (ABBYY)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1417592 2016-02-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249120 2016-01-05] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [Datei ist nicht signiert]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [505648 2013-12-19] (Samsung Electronics Co., Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-04] (Avira Operations GmbH & Co. KG)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2006-11-14] (Samsung Electronics)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [216576 2009-09-04] (Huawei Technologies Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-31] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [Datei ist nicht signiert]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R0 SMR210; C:\Windows\System32\drivers\SMR210.SYS [96376 2011-12-27] (Symantec Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-12-19] (Duplex Secure Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 ALSysIO; \??\C:\Users\Atlan\AppData\Local\Temp\ALSysIO64.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-21 11:05 - 2016-02-21 11:08 - 00039508 _____ C:\Users\Atlan\Desktop\FRST.txt
2016-02-21 11:05 - 2016-02-21 11:05 - 00000000 ____D C:\FRST
2016-02-21 11:04 - 2016-02-21 11:04 - 02371072 _____ (Farbar) C:\Users\Atlan\Desktop\FRST64.exe
2016-02-21 11:02 - 2016-02-21 11:02 - 01511424 _____ C:\Users\Atlan\Desktop\adwcleaner_5.035.exe
2016-02-21 10:57 - 2016-02-21 10:59 - 00232114 _____ C:\TDSSKiller.3.1.0.9_21.02.2016_10.57.08_log.txt
2016-02-21 10:37 - 2016-02-21 10:37 - 00001638 _____ C:\Users\Atlan\Desktop\MBAM.txt
2016-02-21 10:36 - 2016-02-21 10:36 - 00001638 _____ C:\MBAM.txt
2016-02-21 10:29 - 2016-02-21 10:41 - 00462922 _____ C:\TDSSKiller.3.1.0.9_21.02.2016_10.29.22_log.txt
2016-02-21 10:26 - 2016-02-21 10:26 - 00001592 _____ C:\Users\Atlan\Desktop\Malwarebytes.txt
2016-02-21 09:51 - 2016-02-21 09:51 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Atlan\Desktop\tdsskiller.exe
2016-02-21 09:51 - 2016-02-21 09:51 - 00017046 _____ C:\Users\Atlan\Desktop\get-mirror-server.html
2016-02-20 11:37 - 2016-02-20 11:37 - 00647041 _____ C:\Users\Atlan\Desktop\678210acl_wog_Filing.pdf
2016-02-17 03:06 - 2016-02-17 03:07 - 00000000 ____D C:\Users\Atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-15 22:47 - 2016-02-15 22:47 - 00000000 ____D C:\Users\Atlan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2016-02-15 22:42 - 2016-02-15 22:43 - 13540177 _____ C:\Users\Atlan\Downloads\download.am-build233.zip
2016-02-15 20:58 - 2016-02-15 20:58 - 00092259 _____ C:\Users\Atlan\Desktop\Experteninterview Volkmar.pptx
2016-02-14 17:18 - 2016-02-14 17:19 - 00000000 ____D C:\Users\Atlan\Desktop\Wiwo
2016-02-14 10:47 - 2016-02-14 10:47 - 00043904 _____ C:\Users\Atlan\Desktop\ey bkk freiumschlag.pdf
2016-02-13 01:45 - 2016-02-13 07:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 11:11 - 2016-02-21 09:01 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-02-09 23:51 - 2016-01-16 20:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 23:51 - 2016-01-16 20:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 23:51 - 2016-01-16 19:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-09 23:51 - 2016-01-16 19:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 23:51 - 2016-01-11 20:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-09 23:51 - 2016-01-11 20:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-09 23:51 - 2016-01-11 20:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-09 23:51 - 2016-01-11 19:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-09 23:51 - 2016-01-11 19:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-09 23:51 - 2016-01-11 19:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-09 23:51 - 2016-01-11 19:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 23:51 - 2016-01-11 19:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-09 23:51 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-09 23:51 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-09 23:51 - 2016-01-11 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 23:51 - 2016-01-11 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-09 23:51 - 2016-01-11 19:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-09 23:51 - 2016-01-11 19:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-09 23:51 - 2016-01-11 19:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-09 23:51 - 2016-01-11 19:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-09 23:51 - 2016-01-11 15:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 23:51 - 2016-01-11 15:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 23:51 - 2016-01-11 15:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 23:51 - 2016-01-11 15:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 23:51 - 2016-01-11 15:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 23:51 - 2016-01-07 18:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 23:51 - 2016-01-06 20:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-09 23:51 - 2016-01-06 20:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-09 23:51 - 2016-01-06 19:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-09 23:51 - 2015-12-20 19:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-09 23:51 - 2015-12-20 19:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-09 23:51 - 2015-12-20 15:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-09 23:50 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-09 23:49 - 2016-01-22 07:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-09 23:49 - 2016-01-22 07:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-09 23:49 - 2016-01-22 07:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-09 23:49 - 2016-01-22 07:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 23:49 - 2016-01-22 07:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 23:49 - 2016-01-22 07:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 23:49 - 2016-01-22 07:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 23:49 - 2016-01-22 07:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 23:49 - 2016-01-22 07:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-09 23:49 - 2016-01-22 07:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-09 23:49 - 2016-01-22 07:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-09 23:49 - 2016-01-22 07:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 23:49 - 2016-01-22 07:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 23:49 - 2016-01-22 07:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-09 23:49 - 2016-01-22 07:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 23:49 - 2016-01-22 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-09 23:49 - 2016-01-22 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-09 23:49 - 2016-01-22 07:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 23:49 - 2016-01-22 07:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 23:49 - 2016-01-22 07:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 23:49 - 2016-01-22 07:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-09 23:49 - 2016-01-22 07:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-09 23:49 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 23:49 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 23:49 - 2016-01-22 07:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 07:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 23:49 - 2016-01-22 07:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 23:49 - 2016-01-22 07:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 23:49 - 2016-01-22 07:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 23:49 - 2016-01-22 07:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-09 23:49 - 2016-01-22 07:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 23:49 - 2016-01-22 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-09 23:49 - 2016-01-22 07:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-09 23:49 - 2016-01-22 07:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-09 23:49 - 2016-01-22 07:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-09 23:49 - 2016-01-22 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-09 23:49 - 2016-01-22 07:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-09 23:49 - 2016-01-22 07:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-09 23:49 - 2016-01-22 07:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-09 23:49 - 2016-01-22 07:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-09 23:49 - 2016-01-22 07:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-09 23:49 - 2016-01-22 07:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-09 23:49 - 2016-01-22 07:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-09 23:49 - 2016-01-22 07:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-09 23:49 - 2016-01-22 07:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-09 23:49 - 2016-01-22 06:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-09 23:49 - 2016-01-22 06:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-09 23:49 - 2016-01-22 06:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-09 23:49 - 2016-01-22 05:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-09 23:49 - 2016-01-22 05:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-09 23:49 - 2016-01-22 05:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-09 23:49 - 2016-01-22 05:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 23:49 - 2016-01-22 05:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 23:49 - 2016-01-22 05:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-09 23:49 - 2016-01-22 05:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-09 23:49 - 2016-01-22 05:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-09 23:49 - 2016-01-22 05:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-09 23:49 - 2016-01-22 05:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-09 23:49 - 2016-01-22 05:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 05:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 05:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-09 23:49 - 2016-01-22 05:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-09 23:48 - 2016-01-22 07:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 23:48 - 2016-01-22 07:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-09 23:48 - 2016-01-22 07:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 23:48 - 2016-01-22 07:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 23:48 - 2016-01-22 07:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-09 23:48 - 2016-01-22 06:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-09 23:48 - 2016-01-22 06:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-09 23:48 - 2016-01-22 06:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-07 20:23 - 2016-02-07 20:24 - 00274712 _____ C:\Windows\Minidump\020716-25474-01.dmp
2016-02-07 20:23 - 2016-02-07 20:23 - 454937558 _____ C:\Windows\MEMORY.DMP
2016-02-07 00:01 - 2016-02-21 10:57 - 00473942 _____ C:\Windows\ntbtlog.txt
2016-02-04 20:52 - 2016-02-04 20:52 - 00000000 ____D C:\Users\Atlan\AppData\Local\CEF
2016-02-04 19:31 - 2016-02-17 01:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-04 19:31 - 2016-02-04 19:31 - 00002011 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-01-31 20:45 - 2016-01-31 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-31 20:44 - 2016-01-31 20:45 - 00000000 ____D C:\Program Files (x86)\QuickTime
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-02-21 11:01 - 2012-04-05 13:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-21 10:38 - 2015-06-20 18:23 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3156769684-3460529154-1887623434-1001UA.job
2016-02-21 10:27 - 2010-08-29 01:11 - 00699682 _____ C:\Windows\system32\perfh007.dat
2016-02-21 10:27 - 2010-08-29 01:11 - 00149790 _____ C:\Windows\system32\perfc007.dat
2016-02-21 10:27 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-21 10:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-02-21 09:14 - 2015-01-03 20:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 09:11 - 2015-05-16 19:39 - 00001070 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-02-21 09:11 - 2015-01-03 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-02-21 09:11 - 2015-01-03 20:41 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-02-21 09:09 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-21 09:09 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-21 09:02 - 2012-04-09 18:14 - 00000000 ___RD C:\Users\Atlan\Dropbox
2016-02-21 09:02 - 2012-04-09 18:12 - 00000000 ____D C:\Users\Atlan\AppData\Roaming\Dropbox
2016-02-21 08:58 - 2011-09-11 20:57 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 08:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-20 10:44 - 2012-01-18 08:10 - 00000000 ____D C:\Users\Atlan\AppData\Local\CrashDumps
2016-02-20 10:35 - 2014-09-10 20:12 - 00000000 ____D C:\Users\Atlan\Documents\Scan
2016-02-20 00:56 - 2013-01-01 22:03 - 00002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 00:50 - 2014-10-11 12:20 - 00000000 ____D C:\Users\Atlan\AppData\Roaming\vlc
2016-02-20 00:39 - 2012-10-03 12:31 - 00000000 ____D C:\Users\Atlan\dwhelper
2016-02-18 20:39 - 2013-03-28 08:26 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-02-16 15:06 - 2011-01-09 21:34 - 00000000 ____D C:\Users\Atlan\AppData\Local\ElevatedDiagnostics
2016-02-15 23:19 - 2013-08-20 08:48 - 00000000 ____D C:\Users\Atlan\Downloads\Neuer Ordner (2)
2016-02-14 20:46 - 2015-06-20 18:23 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3156769684-3460529154-1887623434-1001Core.job
2016-02-13 07:23 - 2012-05-05 23:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-13 01:47 - 2012-06-11 06:16 - 00004891 _____ C:\Windows\wininit.ini
2016-02-11 23:21 - 2011-01-17 21:41 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-11 13:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-02-10 05:28 - 2009-07-14 05:45 - 00497856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 05:22 - 2015-04-20 20:37 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 05:22 - 2014-05-02 08:08 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 05:22 - 2010-05-08 01:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 05:04 - 2013-08-14 06:48 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 04:09 - 2011-12-14 07:55 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 04:01 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2016-02-10 00:02 - 2012-04-05 13:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 00:02 - 2012-04-05 13:04 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 00:02 - 2011-05-29 08:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-07 20:23 - 2011-04-05 21:36 - 00000000 ____D C:\Windows\Minidump
2016-02-06 08:28 - 2014-11-05 20:59 - 00000000 ____D C:\Users\Atlan\Desktop\Master Promotion
2016-02-05 22:40 - 2011-01-09 21:35 - 00000000 ____D C:\Users\Atlan\AppData\Local\FreePDF_XP
2016-02-04 20:52 - 2014-07-04 14:33 - 00000000 ____D C:\Users\Atlan\AppData\Local\Adobe
2016-02-04 19:34 - 2014-12-24 12:59 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-04 19:31 - 2010-05-08 00:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-04 19:30 - 2010-05-08 01:00 - 00000000 ____D C:\ProgramData\Adobe
2016-02-04 19:21 - 2014-08-06 08:16 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-04 19:21 - 2013-02-25 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-03 21:08 - 2011-09-11 20:58 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-03 21:08 - 2011-09-11 20:58 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-03 21:08 - 2011-09-11 20:58 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2011-11-20 18:44 - 2011-11-20 18:55 - 0000288 _____ () C:\Users\Atlan\AppData\Roaming\.backup.dm
2013-02-02 20:21 - 2013-02-02 20:21 - 0038475 _____ () C:\Users\Atlan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
2013-08-08 13:02 - 2013-08-08 13:02 - 0000031 _____ () C:\Users\Atlan\AppData\Roaming\mbam.context.scan
2011-12-11 10:56 - 2014-06-26 19:51 - 0009043 _____ () C:\Users\Atlan\AppData\Roaming\SmarThruOptions.xml
2011-12-27 10:21 - 2011-12-27 10:21 - 0000777 _____ () C:\Users\Atlan\AppData\Roaming\SMRBackup210.dat
2011-06-05 09:54 - 2012-03-25 12:01 - 0001188 _____ () C:\Users\Atlan\AppData\Local\crc32list11.txt
2016-01-09 13:34 - 2016-01-09 13:34 - 0000017 _____ () C:\Users\Atlan\AppData\Local\resmon.resmoncfg
2012-06-13 17:36 - 2013-04-09 14:00 - 0017408 _____ () C:\Users\Atlan\AppData\Local\WebpageIcons.db
2010-05-08 01:32 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
Einige Dateien in TEMP:
====================
C:\Users\Atlan\AppData\Local\Temp\avgnt.exe
C:\Users\Atlan\AppData\Local\Temp\proxy_vole887160538245520327.dll
C:\Users\Atlan\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-02-10 07:50
==================== Ende von FRST.txt ============================
# |
|
22.02.2016, 12:44
| #3 |
| /// Malwareteam  | Malwarebytes finde Trojan.Agent.ED Mein Name ist Dennis und ich werde dir bei der Bereinigung helfen. Bitte beachte, dass es ein paar Regeln gibt:
Sollte ich nicht innerhalb von 48h antworten, schreibe mir eine PM! Hast du ein iPhone?
__________________ |
|
22.02.2016, 15:00
| #4 |
| | Malwarebytes finde Trojan.Agent.ED Hallo Dennis, vielen Dank für Deine Unterstützung. Ja, ich hatte ein Iphone 3S, welches im Moment nicht genutzt ist. Außerdem habe ich ein Backup für das Iphone meiner Frau gemacht. Gruß Dogbert |
|
22.02.2016, 15:07
| #5 |
| /// Malwareteam | Malwarebytes finde Trojan.Agent.ED Hi, die Funde von MBAM sind nämlich iPhone-Backups. Ich würd die eher an deiner Stelle nicht löschen  |
|
22.02.2016, 23:10
| #6 |
| | Malwarebytes finde Trojan.Agent.ED Hallo Dennis, vielen Dank! Hätte ich kein Problem, da mein Iphone schon lange nicht mehr im Gebrauch ist und meine Frau nichts wichtiges drauf hat. Insofern könnte ich löschen. Gruß Dogbert ...sollte die Löschung dann mit MBAM erfolgen? Danke. Gruß Dogbert |
|
23.02.2016, 06:58
| #7 |
| /// Malwareteam | Malwarebytes finde Trojan.Agent.ED Hi, ja kannst du machen. Oder auch manuell. Ist eigentlich egal |
|
23.02.2016, 10:58
| #8 |
| | Malwarebytes finde Trojan.Agent.ED Vielen Dank! Ich werde heute abend die beiden Funde mit MBAM entfernen und das Logfile danach posten. Gruß Dogbert |
|
23.02.2016, 13:40
| #9 |
| /// Malwareteam | Malwarebytes finde Trojan.Agent.ED Brauchst du nicht, du bist eh sauber und somit entlassen |
|
23.02.2016, 13:51
| #10 |
| |  Malwarebytes finde Trojan.Agent.ED Zumindest mein Computer ist dann sauber...  Danke für die schnelle Hilfe. Euer Board ist super..... Viele Grüße aus Heidelberg Dogbert |
|
23.02.2016, 14:19
| #11 |
| /// Malwareteam | Malwarebytes finde Trojan.Agent.ED Freut mich, dass ich helfen konnte  |
|
23.02.2016, 16:24
| #12 |
| | Malwarebytes finde Trojan.Agent.ED ...noch eine Frage: Bringt der Kauf von MBAM Pro etwas, um zukünftiges Ungeziefer zu vermeiden? Danke. Dogbert |
|
23.02.2016, 16:30
| #13 |
| /// Malwareteam | Malwarebytes finde Trojan.Agent.ED Ja MBAM ist schon gut. Aber wenn du bis jetzt eigentlich nie Probleme hattest dann ist es auch nicht Pflicht |
|
| Themen zu Malwarebytes finde Trojan.Agent.ED |
| appdata, apple, backup, bösartige, compu, computer, device driver, drücke, elemente, entferne, entfernen, erkannt, gefunde, hallo zusammen, kostenlose, laufen, malwarebytes, nichts, roaming, service, troja, users, websites, windows, windows 7, zusammen |
Linear-Darstellung
