Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner 'TR/Crypt.XPACK.Gen'

Trojaner 'TR/Crypt.XPACK.Gen'


Plagegeister aller Art und deren Bekämpfung: Trojaner 'TR/Crypt.XPACK.Gen'

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 22.05.2015, 17:11   #1
Parim
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Liebe Trojaner Bord Community,

ich habe mir ein gebrauchtes Netbook gekauft, um am Wochenende rausfahren zu können. Dieses war zurückgesetzt worden. Es hat ein Windows Starter Programm. Allerdings habe ich keine CD davon. Es ist schon drauf.

Als Schreibprogramm habe ich ich mir open office runtergeladen.
Firefox für das Internet und als Virenschutz gestern AVIRA.
Jetzt habe ich gerade folgende Meldung bekommen:

Der Zugriff auf die Datei 'C:\Users\Petra\...\Firefox_37.0.1_einrichten.exe' mit dem Virus oder dem unerwünschten Programm 'TR/Crypt.XPACK.Gen' wurde blockiert.

Ausserdem steht unten die Meldung, dass mein Firefox zu langsam arbeitet.

Was kann, soll ich jetzt machen. Ich habe noch keine Erfahrung, weil ich das noch nie gemacht habe.

Bisher befinden sich kaum Daten von mir auf dem PC. Ich habe lediglich fünf ODT Dateien, in die ich was reingeschrieben habe und die ich gerne behalten möchte. Ich traue mich aber nicht, sie auf einen Stick zu ziehen, weil ich fürchte, dann den Virus mitzunehmen. Wäre es eine Lösung, die Dateien mir selbst per Mail zuzusenden? Oder sende ich dann den Virus auch mit.

Muss ich überhaupt die Dateien runterziehen, bevor ich angeleitet, durch Sie, den Virus entferne?

Neben dem Netbook habe ich noch mein Notebook zur Verfügung. Zum Glück habe ich die beiden noch nie miteinander verbunden. Beim Notebook hängt sich neuerdings Firefox immer auf, wenn ich eine Seite anklicke. Vielleicht ist das auch ein Virus, aber dass sollte man lieber extra behandeln. Da sind auch viele Daten drauf an denen ich hänge.

Ich danke Ihnen schon mal im Voraus
Parim

Alt 22.05.2015, 17:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 22.05.2015, 22:38   #3
Parim
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Hallo schrauber,
ersteinmal vielen Dank für die schnelle Antwort. Ich hoffe es klappt jetzt mit meiner Antwort.
Ich habe den Scan laufen lassen und die Dateien liegen auf dem Desktop. Muss ich sie erst öffnen um sie zu senden, oder kann ich sie einfach so reinkopieren?

Sorry schrauber,
ich habe erst jetzt den Button für die direkte Antwort entdeckt. Bin heute das erste Mal hier unterwegs. Irgendwie aufgeregt und mit Freude was zu lernen.
Vorher hatte ich den Antworten Button unter deiner Mail benutzt. Nun weiß ich gar nicht, ob das angekommen ist.
Hatte die Scan-Ergebnis-Datein noch nicht mitgesandt, weil ich nicht weiß, ob ich sie vorher öffnen muss oder sie einfach so, mit pacet und copy hier reinkopieren kann.

Hallo schrauber,
bervor ich gleich ins Bette gehe, kopiere ich mal die Ergebnisse des Scan.

FRST Editor:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by Petra (administrator) on PETRA-PC on 22-05-2015 18:44:28
Running from C:\Users\Petra\Desktop
Loaded Profiles: Petra (Available Profiles: Petra)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
() C:\Windows\System32\AsusService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\SHE\SuperHybridEngine.exe
(ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-11] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-07] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [141848 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe [173592 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe [150552 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2015-05-14] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\...\RunOnce: [RunCanonMsetUp] => C:\Program Files\Canon\IJ_MSetup4\MCDCHK2.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-02]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1209219964-1995288155-3218319295-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1209219964-1995288155-3218319295-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default\Extensions\abs@avira.com [2015-05-21]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 18:44 - 2015-05-22 18:46 - 00010846 _____ () C:\Users\Petra\Desktop\FRST.txt
2015-05-22 18:43 - 2015-05-22 18:44 - 00000000 ____D () C:\FRST
2015-05-22 18:40 - 2015-05-22 18:40 - 01147392 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe
2015-05-22 18:36 - 2015-05-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-05-22 18:30 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\windows\system32\CNMLMBA.DLL
2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ____D () C:\windows\system32\STRING
2015-05-22 18:29 - 2012-03-28 17:00 - 00366592 _____ (CANON INC.) C:\windows\system32\CNMNPPM.DLL
2015-05-22 18:29 - 2012-03-28 17:00 - 00035840 _____ (CANON INC.) C:\windows\system32\CNMNPUI.DLL
2015-05-22 18:28 - 2015-05-22 18:36 - 00000000 ____D () C:\Program Files\Canon
2015-05-22 18:26 - 2015-05-22 18:27 - 31423648 _____ () C:\Users\Petra\Downloads\mast-win-ip7200-1_0-mcd.exe
2015-05-21 22:53 - 2011-02-12 07:35 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\FXSCOVER.exe
2015-05-21 22:49 - 2015-04-20 04:55 - 01081344 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-21 22:49 - 2015-04-20 04:55 - 00811520 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-21 22:49 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-21 22:49 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2015-05-21 22:47 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-21 22:45 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2015-05-21 22:42 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-05-21 22:39 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-05-21 22:35 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-05-21 22:35 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-05-21 22:35 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2015-05-21 22:35 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-05-21 22:35 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-05-21 00:46 - 2015-05-21 00:46 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2015-05-21 00:40 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2015-05-21 00:34 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-05-21 00:34 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-05-21 00:33 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2015-05-21 00:33 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-05-21 00:33 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-05-21 00:33 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-05-21 00:33 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-05-21 00:33 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2015-05-21 00:33 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2015-05-21 00:33 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-05-21 00:33 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-05-21 00:33 - 2012-04-26 06:45 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\rdpwsx.dll
2015-05-21 00:33 - 2012-04-26 06:41 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\rdrmemptylst.exe
2015-05-21 00:32 - 2012-11-23 04:48 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2015-05-21 00:32 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2015-05-21 00:32 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2015-05-21 00:27 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\mfc42u.dll
2015-05-21 00:27 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\mfc42.dll
2015-05-21 00:23 - 2015-05-21 00:23 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-21 00:23 - 2011-02-23 06:47 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-05-21 00:23 - 2011-02-23 06:47 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-05-21 00:23 - 2011-02-23 06:47 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-05-21 00:23 - 2011-02-23 06:47 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2015-05-21 00:22 - 2015-05-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\ProgramData\Avira
2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\Program Files\Avira
2015-05-21 00:21 - 2015-05-21 00:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-21 00:21 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2015-05-21 00:20 - 2015-05-21 00:20 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\Petra\Downloads\avira_de_av_555d0838735c5__ws.exe
2015-05-21 00:20 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-21 00:20 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-21 00:20 - 2015-02-03 05:16 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-21 00:20 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-05-21 00:20 - 2015-02-03 05:16 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-21 00:20 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-21 00:20 - 2015-02-03 05:12 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-05-21 00:20 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-05-21 00:20 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-05-21 00:20 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-05-21 00:20 - 2015-02-03 05:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-21 00:20 - 2015-02-03 05:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-21 00:20 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-05-21 00:20 - 2015-02-03 05:08 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-21 00:20 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-21 00:20 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-05-21 00:20 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-05-21 00:20 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-21 00:20 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-05-21 00:20 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-05-21 00:20 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-05-21 00:19 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-05-21 00:19 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-05-21 00:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-05-21 00:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-05-21 00:18 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-05-21 00:18 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-05-20 23:56 - 2015-05-21 00:00 - 00004856 _____ () C:\windows\system32\TmInstall.log
2015-05-20 23:50 - 2015-05-21 00:09 - 00000000 ____D () C:\Users\Petra\AppData\Local\AviraResume
2015-05-20 23:17 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-20 22:50 - 2015-05-20 22:50 - 00000000 ____D () C:\Users\Petra\Documents\Fax
2015-05-20 22:49 - 2015-05-20 22:49 - 00001200 _____ () C:\Users\Petra\Desktop\iP7200 series _3B8506000000 - Verknüpfung.lnk
2015-05-20 22:39 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-05-20 22:39 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-05-16 19:24 - 2015-05-22 18:43 - 00000000 ____D () C:\Users\Petra\Documents\HA ASA 4-13
2015-05-14 04:55 - 2015-05-14 04:55 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\OpenOffice
2015-05-14 04:52 - 2015-05-14 04:52 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-05-14 04:52 - 2015-05-14 04:52 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-05-14 04:51 - 2015-05-14 04:51 - 00000000 ____D () C:\Program Files\OpenOffice 4
2015-05-14 04:45 - 2015-05-14 04:46 - 00000000 ____D () C:\Users\Petra\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-05-14 04:33 - 2015-05-14 04:39 - 164858324 _____ () C:\Users\Petra\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-05-14 04:24 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-14 04:24 - 2015-05-14 04:24 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-14 04:24 - 2015-05-14 04:24 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Mozilla
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Local\Mozilla
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-14 04:21 - 2015-05-14 04:21 - 00243664 _____ () C:\Users\Petra\Downloads\Firefox Setup Stub 38.0.exe
2015-05-14 03:18 - 2015-05-14 03:18 - 00982696 _____ () C:\Users\Petra\Downloads\Firefox_37.0.1_einrichten.exe
2015-05-14 03:15 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-05-14 03:15 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-05-14 03:15 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-05-14 03:15 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-05-14 03:14 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-05-14 03:14 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-05-14 03:14 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-05-14 03:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-05-14 03:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-05-14 03:04 - 2015-05-14 03:04 - 00000059 _____ () C:\windows\system32\ȼ
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\windows\ConfigSetRoot
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boingo
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\GoBoingo
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\Program Files\Boingo
2015-05-14 03:03 - 2010-05-28 04:27 - 00005576 _____ () C:\windows\Language.ini
2015-05-14 03:01 - 2015-05-14 03:01 - 00001158 _____ () C:\Users\Public\Desktop\eBay.lnk
2015-05-14 03:01 - 2015-05-14 03:01 - 00001108 _____ () C:\Users\Public\Desktop\E-Manual.lnk
2015-05-14 02:59 - 2015-05-14 02:59 - 00000000 ____D () C:\windows\system32\Atheros_L1e
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\SRSLabs
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\RTCOM
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\Program Files\Elantech
2015-05-14 02:57 - 2015-05-14 02:58 - 00002119 _____ () C:\RHDSetup.log
2015-05-14 02:57 - 2015-05-14 02:58 - 00000000 ___HD () C:\Program Files\Temp
2015-05-14 02:57 - 2015-05-14 02:57 - 00000000 ____D () C:\Program Files\Realtek
2015-05-14 02:57 - 2010-04-27 10:57 - 03583008 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 01775136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkPgExt.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 01083936 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSndMgr.cpl
2015-05-14 02:57 - 2010-04-27 10:57 - 00367136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApoApi.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 00058400 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoInst.dll
2015-05-14 02:57 - 2010-04-27 10:12 - 03084256 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHDA.sys
2015-05-14 02:57 - 2010-04-27 07:50 - 00299424 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO.dll
2015-05-14 02:57 - 2010-04-06 08:58 - 00000008 _____ () C:\windows\system32\Drivers\rtkhdaud.dat
2015-05-14 02:57 - 2010-03-22 08:22 - 01247776 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll
2015-05-14 02:57 - 2010-01-26 05:38 - 00145760 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTACap.dll
2015-05-14 02:57 - 2009-12-30 11:58 - 00004692 _____ () C:\windows\system32\Drivers\SamSfPa.dat
2015-05-14 02:57 - 2009-12-15 12:26 - 00357576 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG32A.dll
2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT32.dll
2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA32.dll
2015-05-14 02:57 - 2009-11-17 12:13 - 00096160 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTARen.dll
2015-05-14 02:56 - 2015-05-21 00:17 - 00063568 _____ () C:\Users\Petra\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-14 02:56 - 2015-05-21 00:11 - 00000000 ____D () C:\Users\Petra\AppData\Local\Windows Live
2015-05-14 02:56 - 2015-05-20 23:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Adobe
2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Local\Adobe
2015-05-14 02:56 - 2015-05-14 03:03 - 00001413 _____ () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-14 02:56 - 2015-05-14 03:03 - 00000000 ____D () C:\Users\Petra\AppData\Local\VirtualStore
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Startmenü
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Netzwerkumgebung
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Druckumgebung
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Musik
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Bilder
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Local\Verlauf
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 ____D () C:\Users\Petra
2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\Documents\Asus WebStorage
2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\ASUS WebStorage
2015-05-14 02:56 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Macromedia
2015-05-14 02:56 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\E-Cam
2015-05-14 02:56 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-14 02:56 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Petra\Documents\Bluetooth Exchange Folder
2015-05-14 02:56 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\InstallShield
2015-05-14 02:56 - 2009-07-14 06:53 - 00000020 ___SH () C:\Users\Petra\ntuser.ini
2015-05-14 02:56 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 02:56 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-14 02:54 - 2015-05-14 02:54 - 00000000 __SHD () C:\Recovery
2015-05-08 06:33 - 2014-06-28 02:21 - 00391640 __RSH () C:\bootmgr
2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default\Desktop\Trend Micro Titanium.lnk
2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default User\Desktop\Trend Micro Titanium.lnk
2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\Documents\Asus WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ASUS WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\Documents\Asus WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ASUS WebStorage
2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live
2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live
2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\E-Cam
2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\E-Cam
2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\Documents\Bluetooth Exchange Folder
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Broadcom
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\Documents\Bluetooth Exchange Folder
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Broadcom
2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\InstallShield
2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\InstallShield
2015-05-08 05:37 - 2015-05-22 18:21 - 01320220 _____ () C:\windows\WindowsUpdate.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 17:18 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-05-22 17:00 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 17:00 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 16:44 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-22 16:44 - 2009-07-14 06:39 - 00053795 _____ () C:\windows\setupact.log
2015-05-22 16:44 - 2009-07-14 06:33 - 00284480 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\nl-NL
2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\it-IT
2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\fr-FR
2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-05-22 15:12 - 2011-02-16 17:44 - 00692768 _____ () C:\windows\system32\perfh013.dat
2015-05-22 15:12 - 2011-02-16 17:44 - 00133360 _____ () C:\windows\system32\perfc013.dat
2015-05-22 15:12 - 2011-02-16 17:39 - 00691422 _____ () C:\windows\system32\perfh010.dat
2015-05-22 15:12 - 2011-02-16 17:39 - 00127758 _____ () C:\windows\system32\perfc010.dat
2015-05-22 15:12 - 2009-07-27 12:11 - 03971856 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-22 15:10 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\LogFiles
2015-05-22 13:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-21 22:21 - 2011-04-02 04:30 - 00415588 _____ () C:\windows\PFRO.log
2015-05-20 23:52 - 2011-04-02 05:07 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-20 23:07 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-05-17 09:01 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\WCN
2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\MUI
2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\com
2015-05-14 03:03 - 2011-04-02 04:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-14 03:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 03:01 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Asus
2015-05-14 02:59 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\restore
2015-05-14 02:58 - 2011-04-02 04:44 - 00014676 _____ () C:\windows\DPINST.LOG
2015-05-14 02:57 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-05-14 02:54 - 2009-07-27 12:56 - 00000000 ____D () C:\windows\panther
2015-05-14 02:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\Recovery
2015-05-08 06:33 - 2009-07-14 06:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG
2015-05-08 06:33 - 2009-07-14 06:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template
2015-05-08 05:38 - 2009-07-27 11:57 - 00008134 _____ () C:\windows\TSSysprep.log
2015-05-08 05:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-08 05:35 - 2009-07-14 06:34 - 00004822 _____ () C:\windows\DtcInstall.log

==================== Files in the root of some directories =======

2011-04-02 04:49 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\MSETUP4.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-17 08:49

Addition Editor:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-05-2015 01
Ran by Petra at 2015-05-22 18:47:23
Running from C:\Users\Petra\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1209219964-1995288155-3218319295-500 - Administrator - Disabled)
Gast (S-1-5-21-1209219964-1995288155-3218319295-501 - Limited - Disabled)
Petra (S-1-5-21-1209219964-1995288155-3218319295-1000 - Administrator - Enabled) => C:\Users\Petra

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
ASUS WebStorage (HKLM\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Avira (HKLM\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.3 (HKLM\...\Eee Docking_is1) (Version: 3.8.3 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0011 - ASUS)
EeeSplendid (Version: 5.1.2.0011 - ASUS) Hidden
ETDWare PS/2-x86 7.0.5.13_WHQL (HKLM\...\Elantech) (Version: 7.0.5.13 - ELAN Microelectronics Corp.)
FontResizer (HKLM\...\InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}) (Version: 1.01.0011 - ASUSTek)
FontResizer (Version: 1.01.0011 - ASUSTek) Hidden
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM\...\{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1) (Version: 6.2.0.3 - Oberon Media, Inc.)
Hotkey Service (HKLM\...\{71C0E38E-09F2-4386-9977-404D4F6640CD}) (Version: 1.37 - AsusTek Computer Inc.)
InstantOn (HKLM\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 1.0.2 - ASUS)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LiveUpdate (HKLM\...\{38E5A3B1-ADF1-47E0-8024-76310A30EB36}) (Version: 1.28 - AsusTek Computer Inc.)
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla)
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Raccolta foto di Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0159 - REALTEK Semiconductor Corp.)
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.17 - AsusTek Computer)
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

14-05-2015 04:46:27 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
14-05-2015 04:49:33 OpenOffice 4.1.1 wird installiert
17-05-2015 08:56:34 Sprachpaketdeinstallation
21-05-2015 22:28:23 Windows Update
22-05-2015 15:12:32 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2011-04-02 04:53 - 2010-12-07 18:19 - 00224680 _____ () C:\windows\system32\AsusService.exe
2015-05-07 16:37 - 2015-05-07 16:37 - 00245760 _____ () C:\Program Files\Avira\Launcher\System.ComponentModel.Composition.dll
2010-09-02 13:08 - 2010-09-02 13:08 - 00118784 _____ () C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll
2009-03-02 04:08 - 2009-03-02 04:08 - 00003584 _____ () C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.PropSheetExtensionHelper.dll
2011-03-11 03:05 - 2011-03-11 03:05 - 00181664 _____ () C:\Program Files\Asus\LiveUpdate\Parser.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F1B2F891-6884-44D8-886F-4B0BAC21F0DC}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A5AC6AF6-5D38-4B99-88B2-7778481F3F22}] => (Allow) LPort=2869
FirewallRules: [{33B61685-5528-4B59-BB27-250624D17D8D}] => (Allow) LPort=1900
FirewallRules: [{6ADDE698-A413-4F88-A103-6CDF853ED581}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FA4570A9-B65F-4A0D-BCBF-39C158A5C94C}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{B4843F82-6626-495B-8345-8F60E29A66F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9354BC56-8D1B-4114-B4CC-D94DA8C86A92}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 03:03:39 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3420) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.

Error: (05/14/2015 02:59:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
Generatordaten werden gesammelt

Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {fff6282d-29e8-49b1-825c-36115f2a4ee8}


System errors:
=============
Error: (05/22/2015 06:42:47 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (05/22/2015 06:42:05 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (05/22/2015 06:40:58 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (05/22/2015 06:35:34 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (05/22/2015 04:46:56 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (05/22/2015 04:44:35 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "PETRA-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (05/22/2015 04:44:35 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{22D51E9B-6C03-4622-813E-07960C180CE7} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (05/22/2015 04:44:29 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "PETRA-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.25
registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (05/22/2015 04:41:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (05/22/2015 04:39:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB3046306)


Microsoft Office:
=========================
Error: (05/14/2015 03:03:39 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3420WindowsMail0:

Error: (05/14/2015 02:59:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
Generatordaten werden gesammelt

Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {fff6282d-29e8-49b1-825c-36115f2a4ee8}


==================== Memory info ===========================

Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz
Percentage of memory in use: 81%
Total physical RAM: 1014.18 MB
Available physical RAM: 187.1 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 812.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100 GB) (Free:74.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.87 GB) (Free:117.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 3DA54736)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=117.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)

Liebe Grüße
Parim
__________________
Alt 23.05.2015, 19:49   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.05.2015, 22:35   #5
Parim
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Hallo Schrauber,

ich weiß nicht wie ich das mit der # machen soll. Wenn ich, wie jetzt, im Antwortenmodus bin, sehe ich keine Raute.
Wenn ich nicht im Antwortenmodus bin, sehe ich rechts in der Ecke von deiner Antwort eine Raute und daneben eine Zahl. Die Zahl kann ich anklicken, aber die Raute nicht. Habe ich dich falsch verstanden oder mache ich was falsch?

LG und Danke,
Parim

Hallo Schrauber,
hier kommen die Antworten der ganzen Scans. Diesmal mit Rauteklick.
Ich konnte das Bild gar nicht sehen, wenn ich mit dem kleinen Netbook auf Trojaner-Board gegangen bin. Als ich mit dem Notebook reingegangen bin, habe ich es gesehen.

Gruß
Parim

[CODE] Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 27.05.2015
Suchlauf-Zeit: 20:02:08
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.27.04
Rootkit Datenbank: v2015.05.24.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Petra

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 303544
Verstrichene Zeit: 1 Std, 1 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.BundleInstaller.A, C:\Users\Petra\Downloads\Firefox_37.0.1_einrichten.exe, In Quarantäne, [4b551880f2985fd74934e36cd032c040],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)[/CODE

Code:
ATTFilter
# AdwCleaner v4.205 - Bericht erstellt 27/05/2015 um 22:11:14
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Starter Service Pack 1 (x86)
# Benutzername : Petra - PETRA-PC
# Gestarted von : C:\Users\Petra\Downloads\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v38.0.1 (x86 de)


*************************

AdwCleaner[R0].txt - [839 Bytes] - [27/05/2015 22:07:47]
AdwCleaner[S0].txt - [760 Bytes] - [27/05/2015 22:11:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [818  Bytes] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.1 (05.27.2015:1)
OS: Windows 7 Starter x86
Ran by Petra on 27.05.2015 at 22:33:10,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.05.2015 at 22:38:09,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[CODE]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by Petra (administrator) on PETRA-PC on 27-05-2015 22:41:14
Running from C:\Users\Petra\Desktop
Loaded Profiles: Petra (Available Profiles: Petra)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-11] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-07] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [141848 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe [173592 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe [150552 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2015-05-14] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-02]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default\Extensions\abs@avira.com [2015-05-27]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 22:38 - 2015-05-27 22:38 - 00000595 _____ () C:\Users\Petra\Desktop\JRT.txt
2015-05-27 22:33 - 2015-05-27 22:33 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PETRA-PC-Windows-7-Starter-(32-bit).dat
2015-05-27 22:33 - 2015-05-27 22:33 - 00000000 ____D () C:\RegBackup
2015-05-27 22:32 - 2015-05-27 22:32 - 02946603 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
2015-05-27 22:15 - 2015-05-27 22:15 - 00000897 _____ () C:\Users\Petra\Desktop\AdwCleaner[S0].txt
2015-05-27 22:07 - 2015-05-27 22:11 - 00000000 ____D () C:\AdwCleaner
2015-05-27 22:06 - 2015-05-27 22:06 - 02222592 _____ () C:\Users\Petra\Downloads\AdwCleaner_4.205.exe
2015-05-27 21:26 - 2015-05-27 21:26 - 00001320 _____ () C:\Users\Petra\Desktop\mbam.txt
2015-05-27 20:01 - 2015-05-27 21:23 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 20:00 - 2015-05-27 20:00 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-27 20:00 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-27 20:00 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-27 20:00 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-27 19:55 - 2015-05-27 19:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-27 19:41 - 2015-05-27 19:41 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-05-23 00:02 - 2015-05-23 00:07 - 00009451 _____ () C:\windows\IE11_main.log
2015-05-22 18:47 - 2015-05-22 18:49 - 00017270 _____ () C:\Users\Petra\Desktop\Addition.txt
2015-05-22 18:44 - 2015-05-27 22:41 - 00009581 _____ () C:\Users\Petra\Desktop\FRST.txt
2015-05-22 18:43 - 2015-05-27 22:41 - 00000000 ____D () C:\FRST
2015-05-22 18:40 - 2015-05-22 18:40 - 01147392 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe
2015-05-22 18:36 - 2015-05-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-05-22 18:30 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\windows\system32\CNMLMBA.DLL
2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ____D () C:\windows\system32\STRING
2015-05-22 18:29 - 2012-03-28 17:00 - 00366592 _____ (CANON INC.) C:\windows\system32\CNMNPPM.DLL
2015-05-22 18:29 - 2012-03-28 17:00 - 00035840 _____ (CANON INC.) C:\windows\system32\CNMNPUI.DLL
2015-05-22 18:28 - 2015-05-22 18:36 - 00000000 ____D () C:\Program Files\Canon
2015-05-22 18:26 - 2015-05-22 18:27 - 31423648 _____ () C:\Users\Petra\Downloads\mast-win-ip7200-1_0-mcd.exe
2015-05-21 22:53 - 2011-02-12 07:35 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\FXSCOVER.exe
2015-05-21 22:49 - 2015-04-20 04:55 - 01081344 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-21 22:49 - 2015-04-20 04:55 - 00811520 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-21 22:49 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-21 22:49 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2015-05-21 22:47 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-21 22:45 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2015-05-21 22:42 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-05-21 22:39 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-05-21 22:35 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-05-21 22:35 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-05-21 22:35 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2015-05-21 22:35 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-05-21 22:35 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-05-21 00:46 - 2015-05-21 00:46 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2015-05-21 00:40 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2015-05-21 00:34 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-05-21 00:34 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-05-21 00:33 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2015-05-21 00:33 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-05-21 00:33 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-05-21 00:33 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-05-21 00:33 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-05-21 00:33 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2015-05-21 00:33 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2015-05-21 00:33 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-05-21 00:33 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-05-21 00:33 - 2012-04-26 06:45 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\rdpwsx.dll
2015-05-21 00:33 - 2012-04-26 06:41 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\rdrmemptylst.exe
2015-05-21 00:32 - 2012-11-23 04:48 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2015-05-21 00:32 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2015-05-21 00:32 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2015-05-21 00:27 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-05-21 00:27 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-21 00:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-05-21 00:27 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-21 00:27 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-21 00:27 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-21 00:27 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-05-21 00:27 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-05-21 00:27 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\mfc42u.dll
2015-05-21 00:27 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\mfc42.dll
2015-05-21 00:23 - 2015-05-21 00:23 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-21 00:23 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2015-05-21 00:23 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2015-05-21 00:23 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2015-05-21 00:23 - 2012-11-29 00:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-05-21 00:23 - 2011-02-23 06:47 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-05-21 00:23 - 2011-02-23 06:47 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-05-21 00:23 - 2011-02-23 06:47 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-05-21 00:23 - 2011-02-23 06:47 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2015-05-21 00:22 - 2015-05-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\ProgramData\Avira
2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\Program Files\Avira
2015-05-21 00:21 - 2015-05-21 00:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-21 00:21 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-05-21 00:21 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-05-21 00:21 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2015-05-21 00:20 - 2015-05-21 00:20 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\Petra\Downloads\avira_de_av_555d0838735c5__ws.exe
2015-05-21 00:20 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-21 00:20 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-21 00:20 - 2015-02-03 05:16 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-21 00:20 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-05-21 00:20 - 2015-02-03 05:16 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-21 00:20 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-21 00:20 - 2015-02-03 05:12 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-05-21 00:20 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-05-21 00:20 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-05-21 00:20 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-05-21 00:20 - 2015-02-03 05:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-21 00:20 - 2015-02-03 05:09 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-21 00:20 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-05-21 00:20 - 2015-02-03 05:08 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-21 00:20 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-21 00:20 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-05-21 00:20 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-05-21 00:20 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-21 00:20 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-05-21 00:20 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-05-21 00:20 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-05-21 00:19 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-05-21 00:19 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-05-21 00:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-05-21 00:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-05-21 00:18 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-05-21 00:18 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-05-20 23:56 - 2015-05-21 00:00 - 00004856 _____ () C:\windows\system32\TmInstall.log
2015-05-20 23:50 - 2015-05-21 00:09 - 00000000 ____D () C:\Users\Petra\AppData\Local\AviraResume
2015-05-20 23:17 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-20 22:50 - 2015-05-20 22:50 - 00000000 ____D () C:\Users\Petra\Documents\Fax
2015-05-20 22:49 - 2015-05-20 22:49 - 00001200 _____ () C:\Users\Petra\Desktop\iP7200 series _3B8506000000 - Verknüpfung.lnk
2015-05-20 22:39 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-05-20 22:39 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-05-16 19:24 - 2015-05-22 23:56 - 00000000 ____D () C:\Users\Petra\Documents\HA ASA 4-13
2015-05-14 04:55 - 2015-05-14 04:55 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\OpenOffice
2015-05-14 04:52 - 2015-05-14 04:52 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-05-14 04:52 - 2015-05-14 04:52 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-05-14 04:51 - 2015-05-14 04:51 - 00000000 ____D () C:\Program Files\OpenOffice 4
2015-05-14 04:45 - 2015-05-14 04:46 - 00000000 ____D () C:\Users\Petra\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-05-14 04:33 - 2015-05-14 04:39 - 164858324 _____ () C:\Users\Petra\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-05-14 04:24 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-14 04:24 - 2015-05-14 04:24 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-14 04:24 - 2015-05-14 04:24 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Mozilla
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Local\Mozilla
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-14 04:21 - 2015-05-14 04:21 - 00243664 _____ () C:\Users\Petra\Downloads\Firefox Setup Stub 38.0.exe
2015-05-14 03:15 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-05-14 03:15 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-05-14 03:15 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-05-14 03:15 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-05-14 03:14 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-05-14 03:14 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-05-14 03:14 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-05-14 03:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-05-14 03:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-05-14 03:04 - 2015-05-14 03:04 - 00000059 _____ () C:\windows\system32\ȼ
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\windows\ConfigSetRoot
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boingo
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\GoBoingo
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\Program Files\Boingo
2015-05-14 03:03 - 2010-05-28 04:27 - 00005576 _____ () C:\windows\Language.ini
2015-05-14 03:01 - 2015-05-14 03:01 - 00001108 _____ () C:\Users\Public\Desktop\E-Manual.lnk
2015-05-14 02:59 - 2015-05-14 02:59 - 00000000 ____D () C:\windows\system32\Atheros_L1e
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\SRSLabs
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\RTCOM
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\Program Files\Elantech
2015-05-14 02:57 - 2015-05-14 02:58 - 00002119 _____ () C:\RHDSetup.log
2015-05-14 02:57 - 2015-05-14 02:58 - 00000000 ___HD () C:\Program Files\Temp
2015-05-14 02:57 - 2015-05-14 02:57 - 00000000 ____D () C:\Program Files\Realtek
2015-05-14 02:57 - 2010-04-27 10:57 - 03583008 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 01775136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkPgExt.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 01083936 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSndMgr.cpl
2015-05-14 02:57 - 2010-04-27 10:57 - 00367136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApoApi.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 00058400 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoInst.dll
2015-05-14 02:57 - 2010-04-27 10:12 - 03084256 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHDA.sys
2015-05-14 02:57 - 2010-04-27 07:50 - 00299424 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO.dll
2015-05-14 02:57 - 2010-04-06 08:58 - 00000008 _____ () C:\windows\system32\Drivers\rtkhdaud.dat
2015-05-14 02:57 - 2010-03-22 08:22 - 01247776 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll
2015-05-14 02:57 - 2010-01-26 05:38 - 00145760 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTACap.dll
2015-05-14 02:57 - 2009-12-30 11:58 - 00004692 _____ () C:\windows\system32\Drivers\SamSfPa.dat
2015-05-14 02:57 - 2009-12-15 12:26 - 00357576 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG32A.dll
2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT32.dll
2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA32.dll
2015-05-14 02:57 - 2009-11-17 12:13 - 00096160 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTARen.dll
2015-05-14 02:56 - 2015-05-21 00:17 - 00063568 _____ () C:\Users\Petra\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-14 02:56 - 2015-05-21 00:11 - 00000000 ____D () C:\Users\Petra\AppData\Local\Windows Live
2015-05-14 02:56 - 2015-05-20 23:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Adobe
2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Local\Adobe
2015-05-14 02:56 - 2015-05-14 03:03 - 00001413 _____ () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-14 02:56 - 2015-05-14 03:03 - 00000000 ____D () C:\Users\Petra\AppData\Local\VirtualStore
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Startmenü
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Netzwerkumgebung
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Druckumgebung
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Musik
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Bilder
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Local\Verlauf
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 ____D () C:\Users\Petra
2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\Documents\Asus WebStorage
2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\ASUS WebStorage
2015-05-14 02:56 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Macromedia
2015-05-14 02:56 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\E-Cam
2015-05-14 02:56 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-14 02:56 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Petra\Documents\Bluetooth Exchange Folder
2015-05-14 02:56 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\InstallShield
2015-05-14 02:56 - 2009-07-14 06:53 - 00000020 ___SH () C:\Users\Petra\ntuser.ini
2015-05-14 02:56 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 02:56 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-14 02:54 - 2015-05-14 02:54 - 00000000 __SHD () C:\Recovery
2015-05-08 06:33 - 2014-06-28 02:21 - 00391640 __RSH () C:\bootmgr
2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default\Desktop\Trend Micro Titanium.lnk
2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default User\Desktop\Trend Micro Titanium.lnk
2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\Documents\Asus WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ASUS WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\Documents\Asus WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ASUS WebStorage
2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live
2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live
2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\E-Cam
2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\E-Cam
2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\Documents\Bluetooth Exchange Folder
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Broadcom
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\Documents\Bluetooth Exchange Folder
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Broadcom
2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\InstallShield
2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\InstallShield
2015-05-08 05:37 - 2015-05-27 22:34 - 01904613 _____ () C:\windows\WindowsUpdate.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 22:22 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 22:22 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 22:13 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-27 22:13 - 2009-07-14 06:39 - 00053963 _____ () C:\windows\setupact.log
2015-05-27 22:12 - 2011-04-02 04:30 - 00416556 _____ () C:\windows\PFRO.log
2015-05-27 21:07 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-05-27 19:53 - 2011-02-16 17:44 - 00702604 _____ () C:\windows\system32\perfh013.dat
2015-05-27 19:53 - 2011-02-16 17:44 - 00136692 _____ () C:\windows\system32\perfc013.dat
2015-05-27 19:53 - 2011-02-16 17:39 - 00700520 _____ () C:\windows\system32\perfh010.dat
2015-05-27 19:53 - 2011-02-16 17:39 - 00130896 _____ () C:\windows\system32\perfc010.dat
2015-05-27 19:53 - 2009-07-27 12:11 - 04060570 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-27 19:53 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-05-22 21:19 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-05-22 16:44 - 2009-07-14 06:33 - 00284480 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\nl-NL
2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\it-IT
2015-05-22 16:40 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\fr-FR
2015-05-22 15:10 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\LogFiles
2015-05-22 13:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-20 23:52 - 2011-04-02 05:07 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-20 23:07 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\WCN
2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\MUI
2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\com
2015-05-14 03:03 - 2011-04-02 04:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-14 03:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 03:01 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Asus
2015-05-14 02:59 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\restore
2015-05-14 02:58 - 2011-04-02 04:44 - 00014676 _____ () C:\windows\DPINST.LOG
2015-05-14 02:57 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-05-14 02:54 - 2009-07-27 12:56 - 00000000 ____D () C:\windows\panther
2015-05-14 02:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\Recovery
2015-05-08 06:33 - 2009-07-14 06:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG
2015-05-08 06:33 - 2009-07-14 06:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template
2015-05-08 05:38 - 2009-07-27 11:57 - 00008134 _____ () C:\windows\TSSysprep.log
2015-05-08 05:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-08 05:35 - 2009-07-14 06:34 - 00004822 _____ () C:\windows\DtcInstall.log

==================== Files in the root of some directories =======

2011-04-02 04:49 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Petra\AppData\Local\Temp\Quarantine.exe
C:\Users\Petra\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-17 08:49

==================== End of log ============================[CODE]

Geändert von Parim (27.05.2015 um 22:31 Uhr)

Alt 28.05.2015, 19:54   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


IN dem Screenshot ist doch die Schnell-Antwortenbox unterhalb dieses Themas zu sehen. Dort ist oben bei den ganzen Auswahlelementen eine Raute dabei



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> Trojaner 'TR/Crypt.XPACK.Gen'

Alt 29.05.2015, 22:11   #7
Parim
 
Trojaner 'TR/Crypt.XPACK.Gen' - Icon22

Trojaner 'TR/Crypt.XPACK.Gen'


Hallo Schrauber,
vielen Dank für die Hilfe. Heute versuche ich es mal richtig zu machen, mit der Raute.

LG
Parim
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=47a63949400f1a4dad7c70dda77b564c
# engine=24089
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-29 08:07:07
# local_time=2015-05-29 10:07:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 636203 184561217 0 0
# scanned=4671
# found=0
# cleaned=0
# scan_time=610
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=47a63949400f1a4dad7c70dda77b564c
# engine=24089
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-29 08:30:32
# local_time=2015-05-29 10:30:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 66 85 637609 184562623 0 0
# scanned=7611
# found=0
# cleaned=0
# scan_time=733
Code:
ATTFilter
 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (38.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Avira Antivirus sched.exe  
 Avira Antivirus avshadow.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-05-2015 01
Ran by Petra (administrator) on PETRA-PC on 29-05-2015 22:51:56
Running from C:\Users\Petra\Desktop
Loaded Profiles: Petra (Available Profiles: Petra)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
() C:\Windows\System32\AsusService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(ASUSTek Computer Inc.) C:\Program Files\Asus\Eee Docking\Eee Docking.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\SHE\SuperHybridEngine.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotkeyService.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [EeeSplendidAgent] => C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HotkeyMon] => C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] => C:\Program Files\ASUS\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SuperHybridEngine] => C:\Program Files\ASUS\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [LiveUpdate] => C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe [1095080 2011-03-11] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [CapsHook] => C:\Program Files\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [Eee Docking] => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [414384 2011-01-07] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [141848 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe [173592 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe [150552 2010-05-10] (Intel Corporation)
HKLM-x32\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2015-05-14] ()
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-02]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll [2010-09-02] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKU\S-1-5-21-1209219964-1995288155-3218319295-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\3ysgaq2s.default\Extensions\abs@avira.com [2015-05-29]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] ()
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2015-04-16] (Avira GmbH)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 22:47 - 2015-05-29 22:47 - 00000895 _____ () C:\Users\Petra\Desktop\checkup.txt
2015-05-29 22:34 - 2015-05-29 22:34 - 00852639 _____ () C:\Users\Petra\Downloads\SecurityCheck.exe
2015-05-29 21:32 - 2015-05-29 21:32 - 00000000 ____D () C:\Program Files\ESET
2015-05-29 21:30 - 2015-05-29 21:31 - 02347384 _____ (ESET) C:\Users\Petra\Downloads\esetsmartinstaller_deu.exe
2015-05-29 20:34 - 2015-05-29 20:34 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-05-29 20:34 - 2015-05-29 20:34 - 00000000 ____D () C:\windows\system32\appraiser
2015-05-28 01:28 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-28 00:56 - 2015-01-09 01:44 - 00419936 _____ () C:\windows\system32\locale.nls
2015-05-28 00:02 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2015-05-28 00:02 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2015-05-28 00:02 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2015-05-28 00:02 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2015-05-28 00:02 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2015-05-28 00:02 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2015-05-28 00:02 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2015-05-28 00:02 - 2012-06-02 16:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-05-27 23:59 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2015-05-27 23:59 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2015-05-27 23:59 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2015-05-27 23:59 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2015-05-27 23:57 - 2012-03-01 07:46 - 00019824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fs_rec.sys
2015-05-27 23:57 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\wmi.dll
2015-05-27 22:48 - 2015-05-27 22:48 - 00052030 _____ () C:\Users\Petra\Desktop\FRST II.txt
2015-05-27 22:38 - 2015-05-27 22:38 - 00000595 _____ () C:\Users\Petra\Desktop\JRT.txt
2015-05-27 22:33 - 2015-05-27 22:33 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PETRA-PC-Windows-7-Starter-(32-bit).dat
2015-05-27 22:33 - 2015-05-27 22:33 - 00000000 ____D () C:\RegBackup
2015-05-27 22:32 - 2015-05-27 22:32 - 02946603 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
2015-05-27 22:15 - 2015-05-27 22:15 - 00000897 _____ () C:\Users\Petra\Desktop\AdwCleaner[S0].txt
2015-05-27 22:07 - 2015-05-27 22:11 - 00000000 ____D () C:\AdwCleaner
2015-05-27 22:06 - 2015-05-27 22:06 - 02222592 _____ () C:\Users\Petra\Downloads\AdwCleaner_4.205.exe
2015-05-27 21:26 - 2015-05-27 21:26 - 00001320 _____ () C:\Users\Petra\Desktop\mbam.txt
2015-05-27 20:09 - 2015-02-25 05:03 - 00514560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-05-27 20:01 - 2015-05-27 21:23 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 20:00 - 2015-05-27 20:00 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-27 20:00 - 2015-05-27 20:00 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-27 20:00 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-27 20:00 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-27 20:00 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-27 19:55 - 2015-05-27 19:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Petra\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-27 19:41 - 2015-05-27 19:41 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-05-23 00:02 - 2015-05-27 23:43 - 00018399 _____ () C:\windows\IE11_main.log
2015-05-22 18:47 - 2015-05-22 18:49 - 00017270 _____ () C:\Users\Petra\Desktop\Addition.txt
2015-05-22 18:44 - 2015-05-29 22:51 - 00010640 _____ () C:\Users\Petra\Desktop\FRST.txt
2015-05-22 18:43 - 2015-05-29 22:52 - 00000000 ____D () C:\FRST
2015-05-22 18:40 - 2015-05-22 18:40 - 01147392 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe
2015-05-22 18:36 - 2015-05-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-05-22 18:35 - 2015-05-22 18:35 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\windows\system32\CanonIJ Uninstaller Information
2015-05-22 18:31 - 2015-05-22 18:31 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-05-22 18:30 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\windows\system32\CNMLMBA.DLL
2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-05-22 18:29 - 2015-05-22 18:29 - 00000000 ____D () C:\windows\system32\STRING
2015-05-22 18:29 - 2012-03-28 17:00 - 00366592 _____ (CANON INC.) C:\windows\system32\CNMNPPM.DLL
2015-05-22 18:29 - 2012-03-28 17:00 - 00035840 _____ (CANON INC.) C:\windows\system32\CNMNPUI.DLL
2015-05-22 18:28 - 2015-05-22 18:36 - 00000000 ____D () C:\Program Files\Canon
2015-05-22 18:26 - 2015-05-22 18:27 - 31423648 _____ () C:\Users\Petra\Downloads\mast-win-ip7200-1_0-mcd.exe
2015-05-22 18:20 - 2015-01-09 04:48 - 00635904 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-05-22 18:20 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-05-22 18:20 - 2015-01-09 04:48 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-05-22 18:16 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2015-05-22 18:16 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\certenc.dll
2015-05-22 18:15 - 2015-02-03 05:12 - 01011200 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-05-22 18:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2015-05-22 18:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2015-05-22 18:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2015-05-22 18:15 - 2014-07-09 03:29 - 00006144 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2015-05-22 18:15 - 2014-07-09 03:29 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2015-05-22 18:15 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2015-05-22 18:15 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-22 18:15 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-22 18:15 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-05-22 18:15 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2015-05-22 18:15 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2015-05-22 18:15 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-05-22 18:15 - 2011-12-30 07:27 - 00478720 _____ (Microsoft Corporation) C:\windows\system32\timedate.cpl
2015-05-22 18:14 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-22 18:14 - 2014-11-11 03:32 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-05-22 18:14 - 2013-10-04 03:58 - 00152576 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2015-05-22 18:14 - 2013-10-04 03:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2015-05-22 18:14 - 2012-08-22 19:16 - 00712048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-05-22 18:14 - 2012-07-04 21:45 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys
2015-05-22 18:14 - 2011-04-29 04:46 - 00311808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2015-05-22 18:14 - 2011-04-29 04:46 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2015-05-22 18:14 - 2011-04-29 04:46 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2015-05-22 18:13 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-05-22 18:13 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-05-22 18:13 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-05-22 18:13 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-05-22 18:13 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-05-22 18:13 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-05-22 18:13 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-05-22 18:13 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-05-22 18:13 - 2015-01-28 01:36 - 01167520 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-05-22 18:13 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll
2015-05-22 18:13 - 2011-06-16 06:33 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\xmllite.dll
2015-05-22 18:13 - 2011-02-18 07:39 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\prevhost.exe
2015-05-22 18:12 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-05-22 18:12 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-05-22 18:12 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2015-05-22 18:12 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2015-05-22 18:12 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2015-05-22 18:12 - 2011-03-03 07:38 - 00132608 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2015-05-22 18:12 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\dnscacheugc.exe
2015-05-22 18:11 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-05-22 18:11 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2015-05-22 18:11 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2015-05-22 18:10 - 2014-10-04 03:42 - 03221504 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-05-22 18:10 - 2014-10-04 03:42 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-05-22 18:10 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\oleacc.dll
2015-05-22 18:10 - 2011-05-24 12:44 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\umpnpmgr.dll
2015-05-22 18:08 - 2015-03-04 06:16 - 00249784 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-05-22 18:08 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-05-22 18:08 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2015-05-22 18:08 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll
2015-05-22 18:06 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-05-22 18:06 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2015-05-22 18:05 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-22 18:05 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-22 18:05 - 2015-03-17 06:59 - 01306112 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-22 18:05 - 2015-03-17 06:57 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-22 18:05 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-22 18:05 - 2015-03-17 06:56 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-22 18:05 - 2015-03-17 06:56 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-22 18:05 - 2015-03-17 06:56 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-22 18:05 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-22 18:05 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-05-22 18:05 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2015-05-22 18:05 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2015-05-22 18:05 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2015-05-22 18:04 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2015-05-22 18:04 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2015-05-22 18:04 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2015-05-22 18:04 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-05-22 18:04 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-05-22 18:04 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2015-05-22 17:55 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2015-05-22 17:44 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2015-05-22 17:44 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\windows\system32\psisdecd.dll
2015-05-22 17:44 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\psisrndr.ax
2015-05-22 17:43 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-05-22 17:43 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-05-22 17:43 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2015-05-22 17:43 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-05-22 17:43 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2015-05-22 17:43 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2015-05-22 17:43 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2015-05-22 17:43 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2015-05-22 17:43 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2015-05-22 17:43 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2015-05-22 17:43 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2015-05-22 17:43 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2015-05-22 17:43 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2015-05-22 17:43 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2015-05-22 17:43 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2015-05-22 17:43 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2015-05-22 17:43 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\netevent.dll
2015-05-22 17:43 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2015-05-22 17:43 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2015-05-22 17:43 - 2012-08-21 22:12 - 00245760 _____ (Microsoft Corporation) C:\windows\system32\OxpsConverter.exe
2015-05-22 17:42 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-22 17:42 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-22 17:42 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-22 17:42 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-22 17:42 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-22 17:42 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-22 17:42 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-22 17:42 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-22 17:42 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-22 17:42 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2015-05-22 17:42 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-22 17:42 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-22 17:42 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-22 17:42 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-22 17:42 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-22 17:42 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2015-05-22 17:42 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2015-05-22 17:42 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2015-05-22 17:42 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2015-05-22 17:42 - 2011-07-09 04:30 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-05-22 17:42 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-05-22 17:42 - 2011-04-27 04:17 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-05-22 17:42 - 2011-04-27 04:17 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-05-22 17:41 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-22 17:41 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-22 17:41 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-22 17:41 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-22 17:40 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\netapi32.dll
2015-05-22 17:40 - 2012-07-04 23:14 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\browser.dll
2015-05-22 17:40 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\browcli.dll
2015-05-21 22:55 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-05-21 22:54 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\cdosys.dll
2015-05-21 22:54 - 2011-05-04 06:34 - 01549312 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2015-05-21 22:54 - 2011-05-04 06:32 - 01401344 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2015-05-21 22:54 - 2011-05-04 06:32 - 00666624 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2015-05-21 22:54 - 2011-05-04 06:32 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2015-05-21 22:54 - 2011-05-04 06:32 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2015-05-21 22:54 - 2011-05-04 06:32 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2015-05-21 22:54 - 2011-05-04 06:28 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2015-05-21 22:54 - 2011-05-04 06:28 - 00164352 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2015-05-21 22:54 - 2011-05-04 06:28 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2015-05-21 22:53 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-05-21 22:53 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2015-05-21 22:53 - 2011-02-12 07:35 - 00191488 _____ (Microsoft Corporation) C:\windows\system32\FXSCOVER.exe
2015-05-21 22:49 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-21 22:49 - 2015-04-20 04:55 - 01081344 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-21 22:49 - 2015-04-20 04:55 - 00811520 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-21 22:49 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-21 22:49 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-21 22:49 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-21 22:49 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-21 22:49 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-21 22:49 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-21 22:49 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-21 22:49 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-21 22:49 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-21 22:49 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-21 22:49 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-21 22:49 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-05-21 22:49 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-05-21 22:49 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2015-05-21 22:48 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\windows\system32\sbe.dll
2015-05-21 22:48 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2015-05-21 22:48 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\mpg2splt.ax
2015-05-21 22:47 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-21 22:47 - 2013-10-04 03:49 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2015-05-21 22:47 - 2013-10-04 03:17 - 00177152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2015-05-21 22:46 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-05-21 22:46 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-05-21 22:46 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-05-21 22:45 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2015-05-21 22:42 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-05-21 22:39 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-05-21 22:35 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-05-21 00:46 - 2015-05-21 00:46 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Avira
2015-05-21 00:46 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-05-21 00:42 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2015-05-21 00:42 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2015-05-21 00:42 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2015-05-21 00:41 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\windows\system32\Wpc.dll
2015-05-21 00:41 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\windows\system32\gameux.dll
2015-05-21 00:41 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\windows\system32\fpb.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\windows\system32\oflc-nz.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\windows\system32\pegibbfc.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\windows\system32\csrr.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\windows\system32\cob-au.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\windows\system32\usk.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\windows\system32\grb.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-pt.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi.rs
2015-05-21 00:41 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\windows\system32\djctq.rs
2015-05-21 00:40 - 2015-04-16 15:23 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-05-21 00:40 - 2015-04-16 15:23 - 00028520 _____ (Avira GmbH) C:\windows\system32\Drivers\ssmdrv.sys
2015-05-21 00:40 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\windows\system32\cero.rs
2015-05-21 00:40 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\windows\system32\esrb.rs
2015-05-21 00:40 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\windows\system32\oflc.rs
2015-05-21 00:40 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\windows\system32\pegi-fi.rs
2015-05-21 00:38 - 2014-12-19 04:43 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-05-21 00:38 - 2014-12-11 19:47 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-05-21 00:37 - 2015-03-25 05:00 - 03088384 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-05-21 00:37 - 2015-03-25 05:00 - 02020864 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-05-21 00:37 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-05-21 00:37 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-05-21 00:37 - 2015-03-25 05:00 - 00131584 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-05-21 00:37 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-05-21 00:37 - 2015-03-25 05:00 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-05-21 00:37 - 2015-03-25 05:00 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-05-21 00:37 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-05-21 00:37 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-05-21 00:37 - 2015-03-25 05:00 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-05-21 00:37 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-21 00:37 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-21 00:37 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-21 00:37 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-21 00:37 - 2014-11-26 05:32 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-05-21 00:37 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2015-05-21 00:36 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-05-21 00:36 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-05-21 00:36 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-05-21 00:36 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\msvcrt.dll
2015-05-21 00:36 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2015-05-21 00:36 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\windows\system32\odbcjt32.dll
2015-05-21 00:36 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\odbctrac.dll
2015-05-21 00:36 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\odbccp32.dll
2015-05-21 00:36 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\odbccu32.dll
2015-05-21 00:36 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\odbccr32.dll
2015-05-21 00:35 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-21 00:35 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2015-05-21 00:35 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\synceng.dll
2015-05-21 00:35 - 2012-03-17 09:27 - 00056176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys
2015-05-21 00:34 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-05-21 00:34 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-05-21 00:34 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-05-21 00:34 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-21 00:34 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-05-21 00:34 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2015-05-21 00:34 - 2013-10-12 04:01 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2015-05-21 00:34 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2015-05-21 00:34 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2015-05-21 00:33 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2015-05-21 00:33 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-05-21 00:33 - 2014-07-17 03:39 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-05-21 00:33 - 2014-07-17 03:39 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2015-05-21 00:33 - 2014-07-17 03:03 - 00184320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2015-05-21 00:33 - 2014-07-17 03:02 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-05-21 00:33 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-05-21 00:33 - 2012-04-26 06:45 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\rdpwsx.dll
2015-05-21 00:33 - 2012-04-26 06:41 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\rdrmemptylst.exe
2015-05-21 00:33 - 2012-01-04 10:58 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\ntshrui.dll
2015-05-21 00:32 - 2012-11-23 04:48 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2015-05-21 00:32 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2015-05-21 00:32 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2015-05-21 00:31 - 2013-07-12 12:08 - 00146816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2015-05-21 00:31 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2015-05-21 00:27 - 2014-12-06 05:50 - 00242688 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-05-21 00:27 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-05-21 00:27 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-05-21 00:27 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-05-21 00:27 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-21 00:27 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-21 00:27 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-05-21 00:27 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-05-21 00:27 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\mfc42u.dll
2015-05-21 00:27 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\windows\system32\mfc42.dll
2015-05-21 00:23 - 2015-05-21 00:23 - 00001169 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-21 00:23 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2015-05-21 00:23 - 2012-11-29 00:57 - 00047720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2015-05-21 00:23 - 2012-11-29 00:57 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2015-05-21 00:23 - 2012-11-29 00:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-05-21 00:23 - 2011-02-23 06:47 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2015-05-21 00:22 - 2015-05-21 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\ProgramData\Avira
2015-05-21 00:22 - 2015-05-21 00:39 - 00000000 ____D () C:\Program Files\Avira
2015-05-21 00:21 - 2015-05-21 00:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-21 00:21 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-05-21 00:21 - 2014-12-19 03:34 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-05-21 00:21 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2015-05-21 00:21 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2015-05-21 00:20 - 2015-05-21 00:20 - 04737144 _____ (Avira Operations GmbH & Co. KG) C:\Users\Petra\Downloads\avira_de_av_555d0838735c5__ws.exe
2015-05-21 00:20 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-05-21 00:20 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 02135040 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-05-21 00:20 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-05-21 00:20 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-05-21 00:20 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-05-21 00:20 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-05-21 00:20 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-05-21 00:20 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-05-21 00:20 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-05-21 00:20 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-05-21 00:20 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-05-21 00:20 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-05-21 00:20 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-05-21 00:20 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2015-05-21 00:19 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2015-05-21 00:19 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-05-21 00:19 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2015-05-21 00:19 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2015-05-21 00:18 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-05-21 00:18 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-05-21 00:18 - 2014-12-08 04:46 - 00308224 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-05-21 00:18 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-05-20 23:56 - 2015-05-21 00:00 - 00004856 _____ () C:\windows\system32\TmInstall.log
2015-05-20 23:50 - 2015-05-21 00:09 - 00000000 ____D () C:\Users\Petra\AppData\Local\AviraResume
2015-05-20 23:17 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-20 22:50 - 2015-05-20 22:50 - 00000000 ____D () C:\Users\Petra\Documents\Fax
2015-05-20 22:49 - 2015-05-20 22:49 - 00001200 _____ () C:\Users\Petra\Desktop\iP7200 series _3B8506000000 - Verknüpfung.lnk
2015-05-20 22:48 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll
2015-05-20 22:48 - 2012-02-17 06:13 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdtcp.sys
2015-05-20 22:39 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-05-20 22:39 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-05-20 22:39 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-05-16 19:24 - 2015-05-22 23:56 - 00000000 ____D () C:\Users\Petra\Documents\HA ASA 4-13
2015-05-14 04:55 - 2015-05-14 04:55 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\OpenOffice
2015-05-14 04:52 - 2015-05-14 04:52 - 00001074 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-05-14 04:52 - 2015-05-14 04:52 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-05-14 04:51 - 2015-05-14 04:51 - 00000000 ____D () C:\Program Files\OpenOffice 4
2015-05-14 04:45 - 2015-05-14 04:46 - 00000000 ____D () C:\Users\Petra\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-05-14 04:33 - 2015-05-14 04:39 - 164858324 _____ () C:\Users\Petra\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-05-14 04:24 - 2015-05-20 23:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-14 04:24 - 2015-05-14 04:24 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-14 04:24 - 2015-05-14 04:24 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Mozilla
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\Users\Petra\AppData\Local\Mozilla
2015-05-14 04:24 - 2015-05-14 04:24 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-14 04:21 - 2015-05-14 04:21 - 00243664 _____ () C:\Users\Petra\Downloads\Firefox Setup Stub 38.0.exe
2015-05-14 03:04 - 2015-05-14 03:04 - 00000059 _____ () C:\windows\system32\ȼ
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\windows\ConfigSetRoot
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boingo
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\ProgramData\GoBoingo
2015-05-14 03:03 - 2015-05-14 03:03 - 00000000 ____D () C:\Program Files\Boingo
2015-05-14 03:03 - 2010-05-28 04:27 - 00005576 _____ () C:\windows\Language.ini
2015-05-14 03:01 - 2015-05-14 03:01 - 00001108 _____ () C:\Users\Public\Desktop\E-Manual.lnk
2015-05-14 02:59 - 2015-05-14 02:59 - 00000000 ____D () C:\windows\system32\Atheros_L1e
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\SRSLabs
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\windows\system32\RTCOM
2015-05-14 02:58 - 2015-05-14 02:58 - 00000000 ____D () C:\Program Files\Elantech
2015-05-14 02:57 - 2015-05-14 02:58 - 00002119 _____ () C:\RHDSetup.log
2015-05-14 02:57 - 2015-05-14 02:58 - 00000000 ___HD () C:\Program Files\Temp
2015-05-14 02:57 - 2015-05-14 02:57 - 00000000 ____D () C:\Program Files\Realtek
2015-05-14 02:57 - 2010-04-27 10:57 - 03583008 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 01775136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkPgExt.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 01083936 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSndMgr.cpl
2015-05-14 02:57 - 2010-04-27 10:57 - 00367136 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApoApi.dll
2015-05-14 02:57 - 2010-04-27 10:57 - 00058400 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoInst.dll
2015-05-14 02:57 - 2010-04-27 10:12 - 03084256 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHDA.sys
2015-05-14 02:57 - 2010-04-27 07:50 - 00299424 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO.dll
2015-05-14 02:57 - 2010-04-06 08:58 - 00000008 _____ () C:\windows\system32\Drivers\rtkhdaud.dat
2015-05-14 02:57 - 2010-03-22 08:22 - 01247776 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll
2015-05-14 02:57 - 2010-01-26 05:38 - 00145760 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTACap.dll
2015-05-14 02:57 - 2009-12-30 11:58 - 00004692 _____ () C:\windows\system32\Drivers\SamSfPa.dat
2015-05-14 02:57 - 2009-12-15 12:26 - 00357576 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00168648 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00076488 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL32A.dll
2015-05-14 02:57 - 2009-12-15 12:26 - 00062664 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG32A.dll
2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT32.dll
2015-05-14 02:57 - 2009-12-11 03:55 - 00293584 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA32.dll
2015-05-14 02:57 - 2009-11-17 12:13 - 00096160 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTARen.dll
2015-05-14 02:56 - 2015-05-29 20:48 - 00064024 _____ () C:\Users\Petra\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-14 02:56 - 2015-05-21 00:11 - 00000000 ____D () C:\Users\Petra\AppData\Local\Windows Live
2015-05-14 02:56 - 2015-05-20 23:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Adobe
2015-05-14 02:56 - 2015-05-14 03:04 - 00000000 ____D () C:\Users\Petra\AppData\Local\Adobe
2015-05-14 02:56 - 2015-05-14 03:03 - 00001413 _____ () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-14 02:56 - 2015-05-14 03:03 - 00000000 ____D () C:\Users\Petra\AppData\Local\VirtualStore
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Startmenü
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Netzwerkumgebung
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Druckumgebung
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Musik
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\Documents\Eigene Bilder
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 _SHDL () C:\Users\Petra\AppData\Local\Verlauf
2015-05-14 02:56 - 2015-05-14 02:56 - 00000000 ____D () C:\Users\Petra
2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\Documents\Asus WebStorage
2015-05-14 02:56 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\ASUS WebStorage
2015-05-14 02:56 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Macromedia
2015-05-14 02:56 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\E-Cam
2015-05-14 02:56 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-14 02:56 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Petra\Documents\Bluetooth Exchange Folder
2015-05-14 02:56 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\InstallShield
2015-05-14 02:56 - 2009-07-14 06:53 - 00000020 ___SH () C:\Users\Petra\ntuser.ini
2015-05-14 02:56 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 02:56 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-14 02:54 - 2015-05-14 02:54 - 00000000 __SHD () C:\Recovery
2015-05-08 06:33 - 2014-06-28 02:21 - 00391640 __RSH () C:\bootmgr
2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2015-05-08 05:38 - 2011-04-02 05:09 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default\Desktop\Trend Micro Titanium.lnk
2015-05-08 05:38 - 2011-04-02 05:08 - 00001441 _____ () C:\Users\Default User\Desktop\Trend Micro Titanium.lnk
2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-08 05:38 - 2011-04-02 05:08 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\Documents\Asus WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default\AppData\Roaming\ASUS WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\Documents\Asus WebStorage
2015-05-08 05:38 - 2011-04-02 05:05 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\ASUS WebStorage
2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-08 05:38 - 2011-04-02 04:54 - 00057560 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Windows Live
2015-05-08 05:38 - 2011-04-02 04:54 - 00000000 ____D () C:\Users\Default User\AppData\Local\Windows Live
2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-05-08 05:38 - 2011-04-02 04:52 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\E-Cam
2015-05-08 05:38 - 2011-04-02 04:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\E-Cam
2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-08 05:38 - 2011-04-02 04:49 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Park
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\Documents\Bluetooth Exchange Folder
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default\AppData\Local\Broadcom
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\Documents\Bluetooth Exchange Folder
2015-05-08 05:38 - 2011-04-02 04:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\Broadcom
2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default\AppData\Roaming\InstallShield
2015-05-08 05:38 - 2011-04-02 04:41 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\InstallShield
2015-05-08 05:37 - 2015-05-29 22:02 - 01875453 _____ () C:\windows\WindowsUpdate.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 22:03 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-05-29 21:00 - 2011-02-16 17:44 - 00702604 _____ () C:\windows\system32\perfh013.dat
2015-05-29 21:00 - 2011-02-16 17:44 - 00136692 _____ () C:\windows\system32\perfc013.dat
2015-05-29 21:00 - 2011-02-16 17:39 - 00700520 _____ () C:\windows\system32\perfh010.dat
2015-05-29 21:00 - 2011-02-16 17:39 - 00130896 _____ () C:\windows\system32\perfc010.dat
2015-05-29 21:00 - 2009-07-27 12:11 - 04036802 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-29 20:57 - 2009-07-14 06:39 - 00054926 _____ () C:\windows\setupact.log
2015-05-29 20:56 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 20:56 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-29 20:43 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-29 20:38 - 2009-07-14 06:33 - 00286688 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-29 20:34 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\tracing
2015-05-29 20:34 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\AppCompat
2015-05-29 20:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-29 20:33 - 2011-02-16 17:44 - 00000000 ____D () C:\windows\system32\Drivers\nl-NL
2015-05-29 20:33 - 2011-02-16 17:39 - 00000000 ____D () C:\windows\system32\Drivers\it-IT
2015-05-29 20:33 - 2011-02-16 17:34 - 00000000 ____D () C:\windows\system32\Drivers\fr-FR
2015-05-29 20:33 - 2011-02-16 17:29 - 00000000 ____D () C:\windows\system32\Drivers\de-DE
2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\nl-NL
2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\it-IT
2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\fr-FR
2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-05-29 20:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-27 22:12 - 2011-04-02 04:30 - 00416556 _____ () C:\windows\PFRO.log
2015-05-22 21:19 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-05-22 15:10 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\LogFiles
2015-05-22 13:23 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-20 23:52 - 2011-04-02 05:07 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-05-20 23:07 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\FxsTmp
2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\WCN
2015-05-17 09:00 - 2009-07-14 06:56 - 00000000 ____D () C:\windows\system32\Printing_Admin_Scripts
2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\MUI
2015-05-17 09:00 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\com
2015-05-14 03:03 - 2011-04-02 04:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-14 03:03 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-14 03:01 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Asus
2015-05-14 02:59 - 2009-07-14 06:52 - 00000000 ____D () C:\windows\system32\restore
2015-05-14 02:58 - 2011-04-02 04:44 - 00014676 _____ () C:\windows\DPINST.LOG
2015-05-14 02:57 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-05-14 02:54 - 2009-07-27 12:56 - 00000000 ____D () C:\windows\panther
2015-05-14 02:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\Recovery
2015-05-08 06:33 - 2009-07-14 06:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG
2015-05-08 06:33 - 2009-07-14 06:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template
2015-05-08 05:38 - 2009-07-27 11:57 - 00008134 _____ () C:\windows\TSSysprep.log
2015-05-08 05:38 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-08 05:35 - 2009-07-14 06:34 - 00004822 _____ () C:\windows\DtcInstall.log

==================== Files in the root of some directories =======

2011-04-02 04:49 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe

Some files in TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Petra\AppData\Local\Temp\Quarantine.exe
C:\Users\Petra\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-17 08:49

==================== End of log ============================
Ich hoffe, dass mein Netbook jetzt sauber ist. Habe eine externe Festplatte und einen Stick angeschlossen. Man kann ja nie wissen. Wenn das hier fertig ist, muss ich noch mal mein Notebook untersuchen, weil andauernd Firefox einfriert oder sich schließt, wenn ich etwas anklicke. Aber ich müsste mit diesem Problem woanders hin, hier bei Trojaner-Board. Oder?

Nochmal LG
Parim

Alt 30.05.2015, 14:19   #8
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Flash Player und Adobe Reader updaten.

Poste mal FRST Logs von dem Laptop, ich schau mal


Für diesen Rechner hier:


Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.


Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
 Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2015, 23:21   #9
Parim
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Hallo Schrauber,

das Folgende verstehe ich nicht:

Falls Defogger verwendet wurde:
Falls Combofix verwendet wurde:

Was soll ich machen? Wer hat das verwendet? Woher weiß ich das?

Zu dem Anderen:
Eine Spende bekommt ihr auf jeden Fall, denn was wären wir Laien ohne eure wunderbare ehrenamtliche Hilfe? Außerdem macht es irgendwie auch Spaß, den PC mit eurer Unterstützung zu untersuchen. Auch wenn ich von den Ergebnissen nur Bahnhof verstehe. Also eigentlich nicht nur, denn ich habe die rote Markierung auch gelesen und die Aktualisierungen gleich vorgestern noch vorgenommen.

Nur heute weiß ich nicht, was ich eigentlich machen soll.

LG
Parim

Alt 31.05.2015, 14:07   #10
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Haben wir nicht benutzt, kannst gleich Delfix nutzen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.06.2015, 20:41   #11
Parim
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Hallo Schrauber,
meinst du jetzt ist alles wieder ok mit meinem Netbook? Habe Delfix benutzt und nun weiß ich nicht weiter.

Kann ich die langen "Ergebnisfahnen", die ich hier produziert hatte, weil ich das mit der Raute anfangs nicht begriff, einfach Löschen? Dann muss ich nicht immer so viel scrollen.

Heute habe ich bei meinem Notebook mal ein FRST gemacht. Es ist wahnsinnig langsam geworden und Firefox friert öfter mal ein, wenn ich auf manche Seiten klicke.

Jetzt erst mal das Ergebnis des FRST.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Petra (administrator) on PETRA-PC on 02-06-2015 21:09:14
Running from C:\Users\Petra\Downloads
Loaded Profiles: Petra (Available Profiles: Petra)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Devguru Co., Ltd.) C:\Windows\System32\dgdersvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Microsoft Corporation) C:\Windows\System32\IgrsSvcs.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Petra\Downloads\FRST(1).exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [UpdateP2GShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-09-29] (Lenovo (Beijing) Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKU\S-1-5-21-2556273383-626926974-2087105738-1003\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3365176 2010-11-11] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-05-22]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2556273383-626926974-2087105738-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-30] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-30] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-2556273383-626926974-2087105738-1003 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-2556273383-626926974-2087105738-1003 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default
FF NewTab: google.de
FF SelectedSearchEngine: webssearches
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-30] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-07-19] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-30] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2556273383-626926974-2087105738-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll [2012-10-30] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-05-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-05-14] (Apple Inc.)
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\englische-ergebnisse.xml [2012-08-10]
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\gmx-suche.xml [2012-08-10]
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\google-images.xml [2015-04-14]
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\google-maps.xml [2015-04-14]
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\lastminute.xml [2012-08-10]
FF SearchPlugin: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\searchplugins\webde-suche.xml [2012-08-10]
FF Extension: Avira Browser Safety - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\Extensions\abs@avira.com [2015-05-28]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-01-07]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-11-28]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF HKU\S-1-5-21-2556273383-626926974-2087105738-1003\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\1w0ws23n.default\extensions\cliqz@cliqz.com
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-18]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 dgdersvc; C:\windows\system32\dgdersvc.exe [95568 2010-10-25] (Devguru Co., Ltd.)
R2 FsUsbExService; C:\windows\system32\FsUsbExService.Exe [217088 2010-09-06] (Teruten) [File not signed]
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S3 MSSQL$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S4 SQLAgent$MSSMLBIZ; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 vosr; C:\Users\Petra\AppData\Roaming\VOPackage\VOsrv.exe [X] <==== ATTENTION <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [107400 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-05] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] () [File not signed]
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [54800 2010-05-15] ()
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-09-01] (Malwarebytes Corporation)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-07] (Avira GmbH)
R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 usbsmi; C:\windows\System32\DRIVERS\SMIksdrv.sys [171776 2009-10-16] (SMI)
R3 wdmirror; C:\windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
S3 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 21:08 - 2015-06-02 21:08 - 01147392 _____ (Farbar) C:\Users\Petra\Downloads\FRST(1).exe
2015-06-02 21:03 - 2015-06-02 21:03 - 00064512 _____ () C:\Users\Petra\Downloads\Projekt 1+2 - Bewertung Muster.xls
2015-06-02 16:19 - 2015-06-02 16:19 - 00000000 ____D () C:\Users\Petra\AppData\Local\GWX
2015-05-30 00:21 - 2015-05-30 00:21 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Petra\Downloads\flashplayer17_ha_install.exe
2015-05-26 20:08 - 2015-05-26 20:40 - 00060416 _____ () C:\Users\Petra\Downloads\RS-GR-Form - ASA 3+4-13.xls
2015-05-26 19:09 - 2015-05-26 22:25 - 00060416 _____ () C:\Users\Petra\Downloads\LF 1+5 - Notenber. 2015  NEU.xls
2015-05-25 22:43 - 2015-05-25 22:43 - 00027136 _____ () C:\Users\Petra\Downloads\LF 5 - Notenberechnung.xls
2015-05-23 00:03 - 2015-05-23 00:03 - 00050176 _____ () C:\Users\Petra\Downloads\ENB 3+4-13 - LF 1 und LF 5(1).xls
2015-05-18 21:08 - 2015-06-02 16:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-18 08:53 - 2015-05-18 08:53 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Petra\Downloads\flashplayer17au_ha_install.exe
2015-05-17 20:44 - 2015-05-17 20:44 - 00050176 _____ () C:\Users\Petra\Downloads\ENB 3+4-13 - LF 1 und LF 5.xls
2015-05-17 20:39 - 2015-05-17 20:39 - 00000000 ____D () C:\Users\Petra\6.0
2015-05-17 20:38 - 2015-05-17 20:39 - 00000000 ____D () C:\Users\Petra\.tfo6
2015-05-17 20:38 - 2015-05-17 20:38 - 00000000 ____D () C:\Users\Petra\.thinkfree
2015-05-14 08:58 - 2015-05-14 08:58 - 00018944 _____ () C:\Users\Petra\Downloads\Bewertung LF 5 Hausarbeit.xls
2015-05-14 03:46 - 2015-05-14 03:46 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-14 03:46 - 2015-05-14 03:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-14 03:45 - 2015-05-14 03:46 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-05-14 03:45 - 2015-05-14 03:46 - 00000000 ____D () C:\Program Files\iTunes
2015-05-14 03:45 - 2015-05-14 03:45 - 00000000 ____D () C:\Program Files\iPod
2015-05-14 03:35 - 2015-05-14 03:35 - 00001815 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-05-13 18:47 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 17:06 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-05-13 17:06 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-05-13 17:06 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-05-13 17:06 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-05-13 17:06 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-05-13 17:06 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-05-13 17:06 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-05-13 17:06 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-05-13 17:06 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-05-13 17:06 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-05-13 17:06 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-05-13 17:06 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-05-13 17:06 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-05-13 17:06 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-05-13 17:06 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-05-13 17:06 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-05-13 17:06 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-05-13 17:06 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-05-13 17:06 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-05-13 17:06 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-05-13 17:06 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-05-13 17:06 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-05-13 17:06 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-05-13 17:06 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-05-13 17:06 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-05-13 17:06 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-05-13 17:06 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-05-13 17:06 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-05-13 17:06 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-05-13 17:06 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-05-13 17:06 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-05-13 17:05 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-05-13 17:05 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-05-13 17:05 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-05-13 17:05 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-05-13 17:05 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-05-13 17:05 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-05-13 17:05 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-05-13 17:05 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-05-13 17:05 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-05-13 17:05 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-05-13 17:05 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-05-13 17:05 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-05-13 17:05 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-05-13 17:05 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-05-13 17:05 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-05-13 17:05 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-05-13 17:05 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-05-13 17:05 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-05-13 17:05 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-05-13 17:05 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 17:05 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-05-13 17:05 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-05-13 17:05 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-05-13 17:05 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-05-13 17:05 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-05-13 17:05 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-05-13 17:05 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-05-13 17:05 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-05-13 17:05 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-05-13 17:05 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-05-13 17:05 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-05-13 17:05 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-05-13 17:05 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-05-13 17:04 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-05-13 17:04 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-05-13 17:04 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-05-13 17:04 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-05-13 17:04 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-05-13 17:04 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-05-13 17:04 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-05-13 01:11 - 2015-05-13 01:28 - 446874704 _____ () C:\Users\Petra\Downloads\Leschs Kosmos - Die Macht der Musik - Magie und Manipulation [HD].mp4
2015-05-12 22:48 - 2015-05-12 22:53 - 145381283 _____ () C:\Users\Petra\Downloads\Der Marshmallow-Test von Walter Mischel (Sternstunde Philosophie, 22.3.2015).flv
2015-05-12 22:18 - 2015-05-12 22:38 - 532047035 _____ () C:\Users\Petra\Downloads\Der Marshmallow-Test von Walter Mischel (Sternstunde Philosophie, 22.3.2015)(1).mp4
2015-05-12 22:10 - 2015-05-12 22:15 - 161218075 _____ () C:\Users\Petra\Downloads\Der Marshmallow-Test von Walter Mischel (Sternstunde Philosophie, 22.3.2015).mp4
2015-05-11 22:45 - 2015-05-11 22:45 - 00007597 _____ () C:\Users\Petra\AppData\Local\Resmon.ResmonCfg
2015-05-09 10:32 - 2015-05-09 10:33 - 13367515 _____ () C:\Users\Petra\Downloads\Meditation verändert das Gehirn.mp4.mp4
2015-05-09 10:05 - 2015-05-09 10:12 - 174710232 _____ () C:\Users\Petra\Downloads\Terra X Supertalent Mensch Geistesgiganten.mp4
2015-05-09 09:54 - 2015-05-09 10:02 - 202037109 _____ () C:\Users\Petra\Downloads\Doku 2014 Supertalent Mensch - Körperbeherrscher [Dokumentation Deutsch].mp4
2015-05-06 20:30 - 2015-05-06 20:30 - 00001170 _____ () C:\Users\Public\Desktop\FinanzmanagerV8.lnk
2015-05-06 20:30 - 2015-05-06 20:30 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\AckiSoft
2015-05-06 20:30 - 2015-05-06 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinanzmanagerV8
2015-05-06 20:30 - 2015-05-06 20:30 - 00000000 ____D () C:\Program Files\AckiSoft
2015-05-06 20:25 - 2015-05-06 20:29 - 97187572 _____ (AckiSoft ) C:\Users\Petra\Downloads\FinanzmanagerV8-Setup.exe
2015-05-06 20:10 - 2015-05-06 20:10 - 07281664 _____ () C:\Users\Petra\Downloads\MyMicroBalance_3.0.3_DE.msi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 21:09 - 2014-04-18 23:37 - 00017456 _____ () C:\Users\Petra\Downloads\FRST.txt
2015-06-02 21:09 - 2014-04-18 23:37 - 00000000 ____D () C:\FRST
2015-06-02 21:08 - 2013-02-20 00:41 - 00000000 ____D () C:\Users\Petra\Documents\Gitarre
2015-06-02 21:01 - 2013-06-19 14:15 - 00000000 ____D () C:\Users\Petra\Documents\D&B
2015-06-02 20:54 - 2012-08-23 19:27 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-06-02 19:29 - 2009-07-14 06:34 - 00018512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 19:29 - 2009-07-14 06:34 - 00018512 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 16:22 - 2010-05-15 05:32 - 01295933 _____ () C:\windows\WindowsUpdate.log
2015-06-02 16:18 - 2013-01-30 04:33 - 00119557 _____ () C:\windows\setupact.log
2015-06-02 16:18 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-06-01 07:16 - 2010-01-18 19:03 - 01812226 _____ () C:\windows\system32\PerfStringBackup.INI
2015-05-31 01:19 - 2012-01-07 22:52 - 00000000 ____D () C:\Users\Petra\Documents\Lied Texte
2015-05-30 23:36 - 2013-04-29 21:30 - 00000000 ____D () C:\Users\Petra\AppData\Roaming\vlc
2015-05-30 00:22 - 2012-08-23 19:27 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2015-05-30 00:22 - 2011-06-13 22:19 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-30 00:21 - 2010-09-14 08:31 - 00000000 ____D () C:\Users\Petra\AppData\Local\Adobe
2015-05-25 22:30 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-05-22 20:05 - 2010-09-11 16:50 - 00000000 ____D () C:\Users\Petra\Documents\OneNote-Notizbücher
2015-05-21 00:48 - 2015-04-05 22:19 - 00000000 ___SD () C:\windows\system32\GWX
2015-05-19 15:10 - 2013-08-07 21:06 - 00320918 _____ () C:\windows\PFRO.log
2015-05-19 15:10 - 2012-05-04 17:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-18 12:38 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2015-05-17 20:39 - 2010-09-11 14:47 - 00000000 ____D () C:\Users\Petra
2015-05-14 09:34 - 2009-07-29 12:50 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 06:14 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-05-14 03:45 - 2014-08-18 18:12 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-05-14 03:45 - 2010-12-12 21:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-14 03:36 - 2011-12-25 14:02 - 00000000 ____D () C:\Program Files\QuickTime
2015-05-14 03:35 - 2011-12-25 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-05-14 03:27 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2015-05-14 03:09 - 2009-07-14 06:33 - 00433808 _____ () C:\windows\system32\FNTCACHE.DAT
2015-05-14 03:06 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2015-05-14 03:06 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-05-13 18:48 - 2010-01-18 18:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 18:44 - 2013-08-16 00:14 - 00000000 ____D () C:\windows\system32\MRT
2015-05-13 18:34 - 2010-09-12 21:52 - 137310008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-05-13 18:27 - 2010-09-15 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 18:27 - 2010-01-18 19:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 13:40 - 2015-04-12 16:07 - 00000000 ____D () C:\Users\Petra\Documents\Bewerbungen 2015
2015-05-07 16:59 - 2013-08-07 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 16:57 - 2013-08-07 21:13 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-05-07 16:57 - 2013-08-07 21:13 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-05-07 16:57 - 2013-08-07 21:13 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2015-05-06 21:30 - 2014-02-09 01:17 - 00000000 ____D () C:\Users\Petra\MediathekView
2015-05-03 21:28 - 2014-06-14 00:47 - 00086528 ___SH () C:\Users\Petra\Thumbs.db

==================== Files in the root of some directories =======

2014-04-18 21:14 - 2014-04-18 21:15 - 0000322 _____ () C:\Users\Petra\AppData\Roaming\aps.uninstall.scan.results
2012-04-15 15:04 - 2014-11-02 20:54 - 0007168 _____ () C:\Users\Petra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-18 21:11 - 2014-04-18 21:11 - 1097384 _____ (AnyProtect.com) C:\Users\Petra\AppData\Local\nsfE1B8.tmp
2015-05-11 22:45 - 2015-05-11 22:45 - 0007597 _____ () C:\Users\Petra\AppData\Local\Resmon.ResmonCfg
2011-01-13 22:40 - 2011-12-16 00:38 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Files to move or delete:
====================
C:\Users\Petra\X16-42929_W2MM3-DVRRH-3CY23-482JG-WWTGW.exe


Some files in TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\avgnt.exe
C:\Users\Petra\AppData\Local\Temp\BackupSetup.exe
C:\Users\Petra\AppData\Local\Temp\FileSystemView.dll
C:\Users\Petra\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Petra\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Petra\AppData\Local\Temp\Mobogenie_Setup_2.1.23_515.exe
C:\Users\Petra\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Petra\AppData\Local\Temp\ochelper.exe
C:\Users\Petra\AppData\Local\Temp\Quarantine.exe
C:\Users\Petra\AppData\Local\Temp\uninstall.exe
C:\Users\Petra\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Petra\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Petra\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 10:11

==================== End of log ============================
Liebe Grüße
Parim

Alt 03.06.2015, 11:54   #12
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Einfach das Cleanup durchführen wie oben beschrieben, dann ist der Rechner fertig.

Logs kann man nachträglich nicht löschen.

Addition.txt fehlt noch vom Laptop
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.06.2015, 20:30   #13
Parim
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Hallo Schrauber,

du hast geschrieben: "Addition.txt fehlt noch vom Laptop" meinst du das Netbook oder das Notebook. Was ich dir gestern geschickt hatte war vom Notebook.

LG
Parim

Alt 04.06.2015, 11:13   #14
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Den neuen Rechner, den wir jetzt machen, da haste ne FRST.txt gepostet, ich brauch aber noch die Addition.txt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.06.2015, 20:14   #15
Parim
 
Trojaner 'TR/Crypt.XPACK.Gen' - Standard

Trojaner 'TR/Crypt.XPACK.Gen'


Hallo Schrauber,
hier kommt die Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014 01
Ran by Petra at 2014-04-18 23:38:57
Running from C:\Users\Petra\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bing Bar (HKLM\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
Business Contact Manager for Microsoft Outlook 2010 (Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Business Contact Manager für Microsoft Outlook 2010 (HKLM\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.4.0 - Conexant)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
DMUninstaller (HKLM\...\DMUninstaller) (Version:  - ) <==== ATTENTION
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.1015 - Lenovo)
ElsterFormular für Privatanwender (HKLM\...\ElsterFormular für Privatanwender 12.0.0.5880p) (Version: 12.0.0.5880p - Landesfinanzdirektion Thüringen)
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.3.1.5 - Lenovo)
Foxit Reader 5.1 (HKLM\...\Foxit Reader_is1) (Version: 5.1.4.104 - Foxit Corporation)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Freeven Pro 1.3 (HKLM\...\Freeven Pro 1.3) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kies (HKLM\...\InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}) (Version: 1.5.3 - Ihr Firmenname)
Kies (Version: 1.5.3 - Ihr Firmenname) Hidden
Lenovo EasyCamera (HKLM\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
MediaPlayerplus (HKLM\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 Language Pack - deu (HKLM\...\{742D41A9-B3BF-3A65-806E-F8372FB3E492}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{1C2B3CEA-482E-4453-B3E2-C9731337828A}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft® Office Language Pack 2010 – Deutsch (Business Contact Manager für Microsoft Outlook 2010) (Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKLM\...\MyFreeCodec) (Version:  - )
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
OutlookAddInNet3Setup (HKLM\...\{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}) (Version: 1.0.0 - Samsung)
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
Samsung PC Studio 3 (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80601 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1600.0 - SAMSUNG Electronics Co., Ltd.)
Scribus 1.4.0rc1 (HKLM\...\Scribus 1.4.0) (Version: 1.4.0rc1 - The Scribus Team)
Service Pack 1 für SQL Server 2008 (KB 968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{877B3198-1C6B-4A9A-8D28-BE4F6040987F}) (Version: 10.1.2531.0 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VO Package (HKLM\...\VOPackage) (Version: 1.0.0.0 - )
webssearches uninstaller (HKLM\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

12-03-2014 20:17:21 Geplanter Prüfpunkt
12-03-2014 23:15:48 Windows Update
19-03-2014 01:09:04 Windows Update
26-03-2014 19:56:12 Geplanter Prüfpunkt
03-04-2014 15:13:48 Geplanter Prüfpunkt
10-04-2014 20:06:06 Geplanter Prüfpunkt
10-04-2014 22:38:19 Windows Update
17-04-2014 15:35:21 Installed Java 7 Update 55
18-04-2014 19:10:57 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C619C25-3594-4CF4-98D4-BFCB38687419} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {5F491368-7C6B-4E12-A4AA-5F7D162ED1B3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {6C7B3B26-8FB3-4AF4-957D-53E3446E114A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {6D5A1B58-0188-4D07-B2B9-94D67EF3C52A} - System32\Tasks\SUPERAntiSpyware Scheduled Task 838c08ba-a7ce-410e-8ab3-8dd08dfca0f4 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {93C36170-3734-4CA1-9399-73FFF6B60CF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C0856EAC-112A-471A-849B-345D0E3A65E3} - System32\Tasks\f7ad95ee-5d85-4b26-b76f-25e90ce6de26-5 => C:\Program Files\Freeven Pro 1.3\f7ad95ee-5d85-4b26-b76f-25e90ce6de26-5.exe [2014-04-18] (Freeven)
Task: {F3403976-F602-400B-86E2-39F142140EA4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {FC9D6715-0845-45F3-87D2-9106B3C2A8B3} - System32\Tasks\SUPERAntiSpyware Scheduled Task 3acab02a-3688-4eaf-854d-29a38cee6ff3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\f7ad95ee-5d85-4b26-b76f-25e90ce6de26-5.job => C:\Program Files\Freeven Pro 1.3\f7ad95ee-5d85-4b26-b76f-25e90ce6de26-5.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3acab02a-3688-4eaf-854d-29a38cee6ff3.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 838c08ba-a7ce-410e-8ab3-8dd08dfca0f4.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2013-08-07 21:13 - 2013-08-07 21:02 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-12-25 21:33 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2014-04-15 13:05 - 2014-04-15 13:05 - 00355328 _____ () C:\Users\Petra\AppData\Roaming\VOPackage\VOsrv.exe
2010-05-15 05:42 - 2008-12-20 05:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-05-15 05:42 - 2008-12-20 05:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2014-03-14 16:06 - 2014-03-14 16:06 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2014-03-14 16:00 - 2014-03-14 16:00 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
2014-03-29 12:40 - 2014-03-29 12:41 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-12 20:54 - 2014-03-12 20:54 - 16276872 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files\AVG\AVG2012\avgtray.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 09:10:49 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0001b3fb-912b-46da-bd4a-72c809414b11}

Error: (03/27/2014 00:42:09 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000c3873
ID des fehlerhaften Prozesses: 0xac0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (03/04/2014 10:01:51 PM) (Source: Application Hang) (User: )
Description: Programm OUTLOOK.EXE, Version 14.0.7113.5000 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4a4

Startzeit: 01cf37e32752683a

Endzeit: 30

Anwendungspfad: C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE

Berichts-ID: c7ef3825-a3d7-11e3-afdc-88ae1d2590b4

Error: (03/02/2014 08:18:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.18222, Zeitstempel: 0x51f1d731
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0015f211
ID des fehlerhaften Prozesses: 0x988
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (02/02/2014 01:29:51 AM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 99c

Startzeit: 01cf1fa2d04c9876

Endzeit: 515

Anwendungspfad: C:\windows\Explorer.EXE

Berichts-ID: bac1c727-8b98-11e3-b836-88ae1d2590b4

Error: (01/30/2014 05:20:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 26.0.0.5087, Zeitstempel: 0x52a0d273
Name des fehlerhaften Moduls: xul.dll, Version: 26.0.0.5087, Zeitstempel: 0x52a0d20a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0014e1a8
ID des fehlerhaften Prozesses: 0x64c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (12/17/2013 11:08:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: i_view32.exe, Version: 4.2.8.0, Zeitstempel: 0x4d08e831
Name des fehlerhaften Moduls: VIDEO.DLL, Version: 4.2.8.0, Zeitstempel: 0x4d0634d6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001e3e
ID des fehlerhaften Prozesses: 0xc50
Startzeit der fehlerhaften Anwendung: 0xi_view32.exe0
Pfad der fehlerhaften Anwendung: i_view32.exe1
Pfad des fehlerhaften Moduls: i_view32.exe2
Berichtskennung: i_view32.exe3

Error: (12/14/2013 01:20:52 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00118f87
ID des fehlerhaften Prozesses: 0xb70
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (12/11/2013 04:14:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00118f87
ID des fehlerhaften Prozesses: 0x844
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (12/09/2013 11:41:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00118f87
ID des fehlerhaften Prozesses: 0x618
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


System errors:
=============
Error: (04/18/2014 10:55:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/18/2014 10:55:45 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (04/15/2014 10:39:24 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (04/11/2014 03:26:07 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (03/30/2014 00:52:29 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (02/17/2014 08:51:37 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (02/16/2014 01:40:53 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.

Error: (02/02/2014 00:46:36 AM) (Source: cdrom) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (01/24/2014 08:57:50 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (01/24/2014 08:57:49 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (04/18/2014 09:10:49 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {0001b3fb-912b-46da-bd4a-72c809414b11}

Error: (03/27/2014 00:42:09 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7ntdll.dll6.1.7601.18247521ea91cc0000374000c3873ac001cf49195e0b8f8fC:\windows\Explorer.EXEC:\windows\SYSTEM32\ntdll.dlldd20e7bb-b537-11e3-8fbb-88ae1d2590b4

Error: (03/04/2014 10:01:51 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE14.0.7113.50004a401cf37e32752683a30C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXEc7ef3825-a3d7-11e3-afdc-88ae1d2590b4

Error: (03/02/2014 08:18:27 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1822251f1d731c00000050015f21198801cf36434db09eedC:\windows\Explorer.EXEC:\windows\system32\SHELL32.dll0c0f850a-a237-11e3-9e90-88ae1d2590b4

Error: (02/02/2014 01:29:51 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1756799c01cf1fa2d04c9876515C:\windows\Explorer.EXEbac1c727-8b98-11e3-b836-88ae1d2590b4

Error: (01/30/2014 05:20:36 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a864c01cf1dc48985c8fbC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll1117938b-89c2-11e3-8238-88ae1d2590b4

Error: (12/17/2013 11:08:09 PM) (Source: Application Error)(User: )
Description: i_view32.exe4.2.8.04d08e831VIDEO.DLL4.2.8.04d0634d6c000000500001e3ec5001cefb679a17c07aC:\Program Files\IrfanView\i_view32.exeC:\Program Files\IrfanView\Plugins\VIDEO.DLL5405f6c1-675f-11e3-b8ec-88ae1d2590b4

Error: (12/14/2013 01:20:52 AM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f87b7001cef8452c267daeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll35373e7f-644d-11e3-94ea-88ae1d2590b4

Error: (12/11/2013 04:14:26 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f8784401cef67265b155d1C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll8a4cd2a4-626e-11e3-975f-88ae1d2590b4

Error: (12/09/2013 11:41:43 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f8761801cef51676b25c0bC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dllb122277d-611a-11e3-988f-88ae1d2590b4

Antwort
Seite 1 von 2 1 2

Themen zu Trojaner 'TR/Crypt.XPACK.Gen'
datei, dateien, daten, folge, folgende, gekauft, hängt, internet, langsam, lösung, mail, meldung, notebook, office, schutz, seite, stick, tr/crypt.xpack.gen, trojaner, trojaner 'tr/crypt.xpack.gen', virenschutz, virus, windows, woche, ziehen, zugriff


« Win7: Interpol Browser Sperre und anschließende Probleme mit Avira und Registry | Flash Player macht große Probleme »

Ähnliche Themen: Trojaner 'TR/Crypt.XPACK.Gen'


  1. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  2. Trojaner TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (43)
  3. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  4. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  5. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  6. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)
  7. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  8. Trojaner TR/Vundo.Gen TR/Crypt.XPACK.Gen TR/Crypt.Morphine.Gen
    Log-Analyse und Auswertung - 09.04.2010 (4)
  9. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  10. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  11. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)
  12. TR/Crypt.XPACK.Gen TROJANER
    Plagegeister aller Art und deren Bekämpfung - 25.12.2008 (7)
  13. TR/Crypt.XPACK.Gen Trojaner
    Mülltonne - 25.12.2008 (0)
  14. Trojaner TR/Crypt.XPACK.Gen
    Log-Analyse und Auswertung - 21.12.2008 (3)
  15. Trojaner TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2008 (1)
  16. Trojaner: Crypt.XPACK.Gen
    Log-Analyse und Auswertung - 21.10.2008 (6)
  17. Trojaner TR/Vundo.Gen TR/Crypt.XPACK.Gen TR/Crypt.Morphine.Gen
    Mülltonne - 25.08.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner 'TR/Crypt.XPACK.Gen' - Liebe Trojaner Bord Community, ich habe mir ein gebrauchtes Netbook gekauft, um am Wochenende rausfahren zu können. Dieses war zurückgesetzt worden. Es hat ein Windows Starter Programm. Allerdings habe ich - Trojaner 'TR/Crypt.XPACK.Gen'...
Archiv
Du betrachtest: Trojaner 'TR/Crypt.XPACK.Gen' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125