| |
| |||||||
Log-Analyse und Auswertung: Möglicher Trojaner auf beiden Laptops?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.10.2014, 17:37
| #1 |
 |  Möglicher Trojaner auf beiden Laptops? Hallo miteinander, habe Heute einen Brief von meinem Internetprovieder erhalten, der besagt, dass von unserer IP Adresse Schadware / Viren oder Trojaner versendet wurden. Zuhause haben wir 4 Laptops, alle laufen mit WIN 7, 64 Bit. Bei den beiden von meinen Kindern, fährt sich der Laptop im abgesicherten Modus automatisch beim booten wieder runter, was auf den GUV Trojaner hinweisen könnte. Der eigene Laptop funktioniert gut, hatte da Bitdefender drauf, welches ich auch bei den Kindern nachträglich Heute Abend installiert hatte, ( hatte jedoch nichts gefunden ). Bitdefender wurde jedoch beim eigenen Laptop mittlerweile durch Avast ersetzt, welcher jedoch nix gefunden hat. Meine Frau macht gerade ne Datensicherung an ihrem Laptop, da weiss ich jedoch noch nicht was Sache ist. Nun halt erstmal zu den Laptops der Kinder: Hab auf beiden den Farbar laufen lassen und hier sind nun die Logs, vielleicht werdet ihr schlau daraus: Laptop 1: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by SYSTEM on MININT-T7DVB68 on 09-10-2014 18:18:10
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: Englisch (USA)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [ChicoSys] => C:\Windows\SysWOW64\cc32\webtmr.exe [6674560 2009-07-13] (Salfeld Computer)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\ADMIN\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [7086464 2009-07-13] (Salfeld Computer)
HKU\ADMIN\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [4527424 2011-08-16] (DT Soft Ltd)
HKU\ADMIN\...\Policies\system: [DisableLockWorkstation] 0
HKU\ADMIN\...\Policies\system: [DisableChangePassword] 0
HKU\ADMIN\...\Policies\system: [DisableClock] 0
HKU\ADMIN\...\Policies\Explorer: [NoControlPanel] 0
HKU\ADMIN\...\Policies\Explorer: [NoSaveSettings] 0
HKU\ADMIN\...\Policies\Explorer: [NoFind] 0
HKU\Luna\...\Run: [Skype] => "C:\Users\Luna\AppData\Local\Skype\Phone\Skype.exe" /nosplash /minimized
HKU\Luna\...\Run: [043ed596af7365236306a463494dc0f4] => C:\Users\Luna\AppData\Local\Temp\update.exe [79872 2013-08-08] () <===== ATTENTION
HKU\Luna\...\Policies\system: [DisableLockWorkstation] 0
HKU\Luna\...\Policies\system: [DisableChangePassword] 0
HKU\Luna\...\Policies\system: [DisableRegistryTools] 1
HKU\Luna\...\Policies\system: [DisableClock] 1
HKU\Luna\...\Policies\Explorer: [NoControlPanel] 0
HKU\Luna\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Luna\...\Policies\Explorer: [NoFind] 0
Startup: C:\Users\Luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\043ed596af7365236306a463494dc0f4.exe ()
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S2 ksupmgr; C:\Windows\SysWOW64\ksupmgr.exe [765592 2009-07-13] (Salfeld Computer)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [271424 2012-01-08] (DT Soft Ltd)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-09 18:17 - 2014-10-09 18:18 - 00000000 ____D () C:\FRST
2014-10-09 07:17 - 2014-10-09 07:17 - 00000000 ___HD () C:\Device
2014-10-09 07:14 - 2014-10-09 07:14 - 00578478 _____ () C:\ProgramData\1412867344.bdinstall.bin
2014-10-09 07:14 - 2014-10-09 07:14 - 00000684 ____H () C:\bdr-cf01
2014-10-09 07:14 - 2014-10-09 07:14 - 00000385 _____ () C:\Users\ADMIN\AppData\Roaminguser_gensett.xml
2014-10-09 07:13 - 2014-10-09 07:13 - 00000000 ____D () C:\ProgramData\BDLogging
2014-10-09 07:12 - 2014-10-09 07:14 - 00253404 ____H () C:\bdr-ld01
2014-10-09 07:12 - 2014-10-09 07:14 - 00009216 ____H () C:\bdr-ld01.mbr
2014-10-09 07:12 - 2014-10-09 07:14 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-10-09 07:12 - 2014-10-09 07:12 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\Bitdefender
2014-10-09 07:12 - 2013-09-24 06:38 - 46879860 ____H () C:\bdr-im01.gz
2014-10-09 07:12 - 2013-08-13 03:38 - 03271472 ____H () C:\bdr-bz01
2014-10-09 07:10 - 2014-10-09 07:10 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\QuickScan
2014-10-09 07:09 - 2014-10-09 07:09 - 00000000 ____D () C:\Program Files\Bitdefender
2014-10-09 07:08 - 2014-10-09 07:09 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-09 18:04 - 2012-01-31 07:25 - 00000000 ____D () C:\Users\Luna\Documents\Youcam
2014-10-09 18:04 - 2012-01-04 08:52 - 00000000 ____D () C:\users\Luna
2014-10-09 18:04 - 2012-01-04 08:28 - 00000000 ____D () C:\Windows\SysWOW64\scurl
2014-10-09 18:04 - 2012-01-04 06:44 - 00000000 ____D () C:\users\ADMIN
2014-10-09 18:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-10-09 18:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-09 08:05 - 2014-05-11 04:44 - 00011812 _____ () C:\Windows\SysWOW64\cchservice.err
2014-10-02 04:57 - 2013-02-13 09:25 - 00000000 ___HD () C:\ProgramData\Device
Files to move or delete:
====================
C:\Users\Luna\AppData\Local\Temp\update.exe
Some content of TEMP:
====================
C:\Users\Luna\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Luna\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-1.exe
C:\Users\Luna\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-2.exe
C:\Users\Luna\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit-3.exe
C:\Users\Luna\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Luna\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Luna\AppData\Local\Temp\install_flashplayer11x64_mssd_aih.exe
C:\Users\Luna\AppData\Local\Temp\install_flashplayer11x64_mssd_aih_1.exe
C:\Users\Luna\AppData\Local\Temp\update.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2013-07-04 00:47:27
Restore point made on: 2013-07-22 00:00:44
Restore point made on: 2013-07-31 15:48:55
Restore point made on: 2013-10-27 04:57:44
Restore point made on: 2014-01-31 07:45:04
Restore point made on: 2014-05-25 00:26:08
Restore point made on: 2014-06-28 08:12:24
Restore point made on: 2014-08-17 02:56:19
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 3690.91 MB
Available physical RAM: 2985.91 MB
Total Pagefile: 3689.05 MB
Available Pagefile: 2971.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:444.29 GB) (Free:376.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Recovery) (Fixed) (Total:17.31 GB) (Free:1.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive g: (KlettNewWorld) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF
Drive h: () (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D7D1D417)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 12B85C0E)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
LastRegBack: 2014-08-17 02:55
==================== End Of Log ============================
Laptop 2: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by SYSTEM on MININT-SSVBTKI on 09-10-2014 18:31:22
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: Englisch (USA)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2013-09-27] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-02-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ChicoSys] => C:\Windows\SysWOW64\cc32\webtmr.exe [6674560 2009-07-13] (Salfeld Computer)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\ADMIN\...\Run: [CCWinTray] => C:\Windows\tray\wintmr.exe [7086464 2009-07-13] (Salfeld Computer)
HKU\ADMIN\...\Policies\system: [DisableLockWorkstation] 0
HKU\ADMIN\...\Policies\system: [DisableClock] 0
HKU\ADMIN\...\Policies\Explorer: [RestrictRun] 0
HKU\ADMIN\...\Policies\Explorer: [NoControlPanel] 0
HKU\ADMIN\...\Policies\Explorer: [NoFind] 0
HKU\kyra\...\Run: [Skype] => "C:\Users\kyra\AppData\Local\Skype\Phone\Skype.exe" /nosplash /minimized
HKU\kyra\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\kyra\...\Policies\system: [DisableRegistryTools] 1
HKU\kyra\...\Policies\system: [DisableLockWorkstation] 0
HKU\kyra\...\Policies\system: [DisableTaskMgr] 1
HKU\kyra\...\Policies\system: [DisableClock] 1
HKU\kyra\...\Policies\system: [DisableChangePassword] 0
HKU\kyra\...\Policies\Explorer: [NoControlPanel] 0
HKU\kyra\...\Policies\Explorer: [NoFind] 0
HKU\kyra\...\Policies\Explorer: [RestrictRun] 0
IFEO: [Debugger] logonui.exe
Startup: C:\Users\kyra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\kyra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3050A J611 series.lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-02-14] (Advanced Micro Devices, Inc.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-08-07] (Bitdefender)
S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-10] (HP)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-08] (WildTangent)
S2 ksupmgr; C:\Windows\SysWOW64\ksupmgr.exe [765592 2010-08-24] (Salfeld Computer)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-08] (AuthenTec, Inc.)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-08-07] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2013-09-30] (Bitdefender)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2012-01-03] (Advanced Micro Devices)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-07-19] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-07-19] (BitDefender)
S1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
S1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-07-23] (BitDefender SRL)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-23] (Synaptics Incorporated)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-09 18:31 - 2014-10-09 18:31 - 00000000 ____D () C:\FRST
2014-10-09 07:33 - 2014-10-09 07:33 - 00608167 _____ () C:\ProgramData\1412868139.bdinstall.bin
2014-10-09 07:31 - 2014-10-09 07:31 - 00000684 ____H () C:\bdr-cf01
2014-10-09 07:30 - 2014-10-09 07:30 - 00002237 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-10-09 07:30 - 2014-10-09 07:30 - 00002118 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
2014-10-09 07:30 - 2014-10-09 07:30 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-09 07:30 - 2014-10-09 07:30 - 00000000 ____D () C:\ProgramData\BDLogging
2014-10-09 07:30 - 2013-07-23 06:50 - 00082824 _____ (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2014-10-09 07:30 - 2013-02-22 09:46 - 00093600 _____ (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys
2014-10-09 07:30 - 2007-04-11 01:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-10-09 07:29 - 2013-07-19 08:08 - 00601360 _____ (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2014-10-09 07:29 - 2013-07-19 08:04 - 00727592 _____ (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2014-10-09 07:29 - 2012-11-02 04:17 - 00261056 _____ (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2014-10-09 07:28 - 2014-10-09 07:28 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\Bitdefender
2014-10-09 07:27 - 2014-10-09 07:32 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-10-09 07:27 - 2014-10-09 07:31 - 00253404 ____H () C:\bdr-ld01
2014-10-09 07:27 - 2014-10-09 07:31 - 00009216 ____H () C:\bdr-ld01.mbr
2014-10-09 07:27 - 2013-09-24 06:38 - 46879860 ____H () C:\bdr-im01.gz
2014-10-09 07:27 - 2013-08-13 03:38 - 03271472 ____H () C:\bdr-bz01
2014-10-09 07:24 - 2014-10-09 07:24 - 00000000 ____D () C:\Users\ADMIN\AppData\Roaming\QuickScan
2014-10-09 07:22 - 2014-10-09 07:22 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-10-09 07:22 - 2014-10-09 07:22 - 00000000 ____D () C:\Program Files\Bitdefender
2014-10-09 07:22 - 2013-08-23 03:48 - 00150256 _____ (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2014-10-09 07:22 - 2013-08-07 03:46 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2014-10-01 10:37 - 2014-10-01 10:37 - 01329791 _____ () C:\Users\kyra\Downloads\Unbenannt 1.odg
2014-10-01 10:29 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2014-10-01 10:29 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-27 05:03 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-09-27 05:03 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-13 05:02 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-09-13 05:02 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-13 05:02 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-13 05:02 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-09-13 05:02 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-09-13 05:02 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-09-13 05:02 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-13 05:02 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-13 04:41 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2014-09-13 04:41 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-13 04:41 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-09-13 04:41 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-13 04:41 - 2014-06-11 23:52 - 00986560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-09-13 04:41 - 2014-06-03 02:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-09-13 04:41 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2014-09-13 04:41 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2014-09-13 04:41 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2014-09-13 04:41 - 2014-06-03 01:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-13 04:41 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-13 04:41 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-13 04:40 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-09-13 04:40 - 2014-09-04 18:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-09-13 04:40 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2014-09-13 04:40 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-13 04:40 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-09-13 04:40 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2014-09-13 04:40 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-13 04:40 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-09-13 04:40 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-09-13 04:40 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-13 04:40 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-13 04:40 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-13 04:14 - 2014-10-09 08:25 - 00000954 _____ () C:\Windows\SysWOW64\cchservice.err
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-09 07:36 - 2012-11-12 07:00 - 00001308 _____ () C:\Windows\SysWOW64\excltmp~.dat
2014-10-09 07:34 - 2012-11-09 09:38 - 01781057 _____ () C:\Windows\WindowsUpdate.log
2014-10-09 07:30 - 2012-12-04 09:15 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-09 07:30 - 2009-07-13 20:51 - 00080587 _____ () C:\Windows\setupact.log
2014-10-09 07:27 - 2009-07-13 20:45 - 00031248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 07:27 - 2009-07-13 20:45 - 00031248 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 07:26 - 2012-11-24 11:15 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7D3B24E8-C69F-4FA6-A815-5B94CC02650C}
2014-10-09 07:22 - 2012-04-05 12:12 - 00734248 _____ () C:\Windows\System32\perfh010.dat
2014-10-09 07:22 - 2012-04-05 12:12 - 00148110 _____ () C:\Windows\System32\perfc010.dat
2014-10-09 07:22 - 2012-04-05 11:59 - 00739984 _____ () C:\Windows\System32\perfh00C.dat
2014-10-09 07:22 - 2012-04-05 11:59 - 00150868 _____ () C:\Windows\System32\perfc00C.dat
2014-10-09 07:22 - 2012-04-05 11:46 - 00701946 _____ () C:\Windows\System32\perfh007.dat
2014-10-09 07:22 - 2012-04-05 11:46 - 00151034 _____ () C:\Windows\System32\perfc007.dat
2014-10-09 07:22 - 2009-07-13 21:13 - 03399818 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-10-09 07:20 - 2012-12-04 09:15 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 07:19 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 09:04 - 2013-12-03 06:02 - 02465859 _____ () C:\Windows\IE11_main.log
2014-10-08 08:48 - 2012-11-24 11:39 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-08 07:58 - 2012-11-09 09:50 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F55FBA9-CA19-4EE8-8890-B16A41FC5885}
2014-10-08 07:28 - 2012-11-12 07:00 - 00000000 ___HD () C:\ProgramData\Device
2014-10-08 07:27 - 2012-11-12 07:00 - 00000278 _____ () C:\NET.INI
2014-10-08 07:25 - 2013-06-19 09:08 - 00000000 ____D () C:\Windows\SysWOW64\scurl
2014-10-05 01:05 - 2012-12-02 03:50 - 00000000 ____D () C:\Users\kyra\AppData\Local\CrashDumps
2014-10-05 00:13 - 2013-02-12 07:26 - 00000000 ____D () C:\Users\kyra\Documents\Youcam
2014-10-01 10:39 - 2013-09-19 10:46 - 00038584 _____ () C:\Users\kyra\Downloads\hamburger-mit-geschmolzenem-kaese.html
2014-09-27 05:37 - 2012-12-04 09:15 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-14 23:06 - 2010-11-20 19:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-09-14 13:46 - 2014-05-07 11:01 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-09-14 13:46 - 2013-06-19 09:08 - 00000000 ____D () C:\Windows\tray
2014-09-14 13:46 - 2013-06-19 09:08 - 00000000 ____D () C:\Windows\SysWOW64\wdrv
2014-09-14 13:46 - 2013-06-19 09:08 - 00000000 ____D () C:\Windows\SysWOW64\cc32
2014-09-14 13:46 - 2012-04-05 11:45 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-09-14 13:46 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-14 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-14 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-14 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\MUI
2014-09-14 13:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-09-14 04:07 - 2009-07-13 20:45 - 00342504 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-09-13 05:10 - 2013-03-31 01:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 05:07 - 2014-02-28 12:11 - 03334622 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 04:13 - 2013-04-01 07:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-13 04:13 - 2013-04-01 07:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2013-05-27 09:43:13
Restore point made on: 2013-05-27 11:00:38
Restore point made on: 2013-05-28 11:02:01
Restore point made on: 2013-05-29 10:04:24
Restore point made on: 2013-05-30 10:05:03
Restore point made on: 2013-06-01 01:22:03
Restore point made on: 2013-06-01 03:01:06
Restore point made on: 2013-06-01 06:58:20
Restore point made on: 2013-06-06 09:31:07
Restore point made on: 2013-06-08 07:21:44
Restore point made on: 2013-06-13 11:00:34
Restore point made on: 2013-06-18 08:41:35
Restore point made on: 2013-06-19 07:43:47
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 3689.37 MB
Available physical RAM: 2936.57 MB
Total Pagefile: 3687.52 MB
Available Pagefile: 2932.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:275.35 GB) (Free:199.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Recovery) (Fixed) (Total:22.45 GB) (Free:2.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: () (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1D199EA1)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=275.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 12B85C0E)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
LastRegBack: 2013-03-27 10:41
==================== End Of Log ============================
Herzlichen Dank für die Hilfestellung Gruss |
Baum-Darstellung