| |
| |||||||
Log-Analyse und Auswertung: DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
17.08.2015, 18:19
| #1 |
 |  DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Guten Tag, mein Avira Antivir hat mehreren Viren beim letzten Scan gefunden. Wie kann ich diese nun entfernen? Ich habe hier mal die geforderten Logs. FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
durchgeführt von Büro (Administrator) auf BÜRO-PC (17-08-2015 17:11:00)
Gestartet von C:\Users\Büro\Downloads
Geladene Profile: Büro (Verfügbare Profile: Büro)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(GEAR Software) C:\Windows\SysWOW64\gearsec.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Dropbox, Inc.) C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAC8SWK.EXE
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\wkssb.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WkDetect.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dropbox, Inc.) C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2007-09-06] (CANON INC.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111080 2012-04-14] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-20] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-08-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [WorksFUD] => C:\Program Files (x86)\Microsoft Works\wkfud.exe [24576 2000-07-12] (Microsoft® Corporation)
HKLM-x32\...\Run: [Microsoft Works Portfolio] => C:\Program Files (x86)\Microsoft Works\WksSb.exe [311350 2000-07-12] (Microsoft® Corporation)
HKLM-x32\...\Run: [Microsoft Works Update Detection] => C:\Program Files (x86)\Microsoft Works\WkDetect.exe [28739 2000-07-22] (Microsoft® Corporation)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-03-07] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573576 2012-12-10] (Ask)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\...\Run: [Dropbox Update] => C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen in Microsoft Works-Kalender.lnk [2012-10-07]
ShortcutTarget: Erinnerungen in Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-09-30]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2012-09-29]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-11-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=121845&tt=gc_&babsrc=HP_ss_din2g&mntrId=204CDC85DE4A97C9
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=repair&q=
URLSearchHook: HKU\S-1-5-21-1632624160-964472687-1313652209-1002 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1632624160-964472687-1313652209-1002 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1632624160-964472687-1313652209-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=204CDC85DE4A97C9
SearchScopes: HKU\S-1-5-21-1632624160-964472687-1313652209-1002 -> {4F24AB64-CF5D-41A8-9B83-F0383ADB3746} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=A4AACB73-20E9-4807-B4AA-B6D2A45057F3&apn_sauid=410B9794-3E0B-46BF-85CF-3EDA8283A8F9
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-15] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-17] (Google Inc.)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll [2013-05-20] (Delta-search.com)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-12-10] (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-15] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-12-10] (Ask)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll [2013-05-20] (Delta-search.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-1632624160-964472687-1313652209-1002 -> Kein Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - Keine Datei
Toolbar: HKU\S-1-5-21-1632624160-964472687-1313652209-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2B0B9D70-1506-4A19-9DCD-D0CED68DA08A}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{60D2D7B7-D7BF-45F4-8531-EAD4B3ADE94A}: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default
FF NewTab: hxxp://www.delta-search.com/?affID=121845&tt=gc_&babsrc=NT_ss&mntrId=204CDC85DE4A97C9
FF SearchEngineOrder.1: Delta Search
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=A4AACB73-20E9-4807-B4AA-B6D2A45057F3&apn_ptnrs=U3&apn_sauid=410B9794-3E0B-46BF-85CF-3EDA8283A8F9&apn_dtid=OSJ000YYDE&&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-28] ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-12-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-12-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\user.js [2013-05-30]
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\searchplugins\askcom.xml [2012-12-15]
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\searchplugins\babylon.xml [2013-05-30]
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\searchplugins\BrowserDefender.xml [2013-07-10]
FF SearchPlugin: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\searchplugins\delta.xml [2013-05-30]
FF Extension: Avira Browser Safety - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\abs@avira.com [2015-06-02]
FF Extension: Delta Toolbar - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\ffxtlbr@delta.com [2013-05-30]
FF Extension: Ask Toolbar - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\toolbar@ask.com [2012-12-15]
FF Extension: Print a Tree - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\{d8a25ef6-8a9c-459b-a8b1-7a2b0504190a} [2013-05-30]
FF Extension: Adblock Plus - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-03]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll Keine Datei
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll Keine Datei
CHR Plugin: (Default Plug-in) - default_plugin Keine Datei
CHR Profile: C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DealPly Shopping) - C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggpkhijoeadmdfmlbdepfbngmhaldci [2013-05-30]
CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx [2013-05-30]
CHR HKU\S-1-5-21-1632624160-964472687-1313652209-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx [2013-05-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Büro\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2012-12-10]
CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx [2013-05-30]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Büro\AppData\Roaming\BabSolution\CR\Delta.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-05] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 gearsec; C:\Windows\SysWOW64\gearsec.exe [49152 2002-09-02] (GEAR Software) [Datei ist nicht signiert]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-07-16] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [Datei ist nicht signiert]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [Datei ist nicht signiert]
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-08-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-08-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-21] (Avira Operations GmbH & Co. KG)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [9440 2003-03-20] (GEAR Software) [Datei ist nicht signiert]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S1 mckhetwt; \??\C:\Windows\system32\drivers\mckhetwt.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-17 17:11 - 2015-08-17 17:11 - 00027368 _____ C:\Users\Büro\Downloads\FRST.txt
2015-08-17 17:10 - 2015-08-17 17:11 - 00000000 ____D C:\FRST
2015-08-17 17:10 - 2015-08-17 17:10 - 02173440 _____ (Farbar) C:\Users\Büro\Downloads\FRST64.exe
2015-08-17 17:08 - 2015-08-17 17:08 - 00000470 _____ C:\Users\Büro\Downloads\defogger_disable.log
2015-08-17 17:08 - 2015-08-17 17:08 - 00000000 _____ C:\Users\Büro\defogger_reenable
2015-08-17 17:07 - 2015-08-17 17:07 - 00050477 _____ C:\Users\Büro\Downloads\Defogger.exe
2015-08-17 13:06 - 2015-08-17 13:06 - 00000000 ____D C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-17 13:03 - 2015-08-17 13:03 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1632624160-964472687-1313652209-1002Core1d0d8dc5784d418.job
2015-08-17 12:52 - 2015-08-17 12:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0d8dac8c261f9.job
2015-08-01 13:55 - 2015-08-01 13:55 - 00000000 ____H C:\Users\Büro\AppData\Local\BITF48F.tmp
2015-08-01 13:55 - 2015-08-01 13:55 - 00000000 _____ C:\Users\Büro\AppData\Local\{C630AAEB-8C79-41B3-9A7E-5CE35D47870D}
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-17 17:08 - 2012-09-29 11:48 - 00000000 ____D C:\Users\Büro
2015-08-17 16:58 - 2012-09-29 11:44 - 01746606 _____ C:\Windows\WindowsUpdate.log
2015-08-17 16:36 - 2013-05-30 16:46 - 00000000 ____D C:\Users\Büro\AppData\Roaming\Printatree
2015-08-17 14:22 - 2012-11-01 17:59 - 00000000 ___RD C:\Users\Büro\Dropbox
2015-08-17 14:21 - 2012-11-01 17:51 - 00000000 ____D C:\Users\Büro\AppData\Roaming\Dropbox
2015-08-17 14:20 - 2012-11-01 17:21 - 00000000 ____D C:\Users\Büro\AppData\Local\HTC MediaHub
2015-08-17 14:17 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 14:17 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-17 14:07 - 2009-07-14 06:51 - 00207586 _____ C:\Windows\setupact.log
2015-08-17 14:07 - 2009-07-14 06:45 - 00394736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-17 14:06 - 2010-11-21 05:47 - 00464972 _____ C:\Windows\PFRO.log
2015-08-17 14:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-17 13:09 - 2013-01-10 21:36 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-08-17 13:09 - 2011-07-18 23:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-08-17 13:00 - 2012-09-30 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-17 12:57 - 2013-03-30 14:21 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-17 12:57 - 2013-03-30 14:21 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-17 12:52 - 2015-05-20 20:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d09329a09fca16.job
2015-08-07 17:55 - 2015-06-13 12:24 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-08-07 17:55 - 2014-08-16 11:58 - 00000000 ____D C:\ProgramData\Package Cache
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-01 13:55 - 2015-08-01 13:55 - 0000000 ____H () C:\Users\Büro\AppData\Local\BITF48F.tmp
2015-08-01 13:55 - 2015-08-01 13:55 - 0000000 _____ () C:\Users\Büro\AppData\Local\{C630AAEB-8C79-41B3-9A7E-5CE35D47870D}
Einige Dateien in TEMP:
====================
C:\Users\Büro\AppData\Local\Temp\20150118113614782jniverify.dll
C:\Users\Büro\AppData\Local\Temp\APNStub.exe
C:\Users\Büro\AppData\Local\Temp\AskSLib.dll
C:\Users\Büro\AppData\Local\Temp\avgnt.exe
C:\Users\Büro\AppData\Local\Temp\COMAP.EXE
C:\Users\Büro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvhfcha.dll
C:\Users\Büro\AppData\Local\Temp\FileSystemView.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2013-09-07 10:35
==================== Ende von Ergebnis ============================
Ich habe die Logs von Addition und GMER in den Anhang getan, da es zu viele Zeichen waren. Vielen dank im Vorraus für eure Hilfe. MfG Blackhunter |
|
17.08.2015, 19:11
| #2 |
| /// the machine /// TB-Ausbilder    | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
17.08.2015, 19:43
| #3 |
| | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Hier sind die anderen Logs
__________________Addition Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-17 17:35:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 ST1000DM rev.CC4G 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\BRO~1\AppData\Local\Temp\pwldqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c61401 2 bytes JMP 752bb21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c61419 2 bytes JMP 752bb346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c61431 2 bytes JMP 75338f29 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c6144a 2 bytes CALL 7529489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c614dd 2 bytes JMP 75338822 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c614f5 2 bytes JMP 753389f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c6150d 2 bytes JMP 75338718 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c61525 2 bytes JMP 75338ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c6153d 2 bytes JMP 752afca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c61555 2 bytes JMP 752b68ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c6156d 2 bytes JMP 75338fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c61585 2 bytes JMP 75338b42 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c6159d 2 bytes JMP 753386dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c615b5 2 bytes JMP 752afd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c615cd 2 bytes JMP 752bb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c616b2 2 bytes JMP 75338ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c616bd 2 bytes JMP 75338671 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:3360] 000007fefb132bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:1508] 000007feeec75648
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:2772] 000007fef5715124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:808] 000007feeebd6590
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:3056] 000007feeec75648
---- Processes - GMER 2.1 ----
Library c:\users\bro~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvhfcha.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-08-17 12:21:05) 00000000748f0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 0000000063ba0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icuin55.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (ICU I18N DLL/The ICU Project)(2015-08-17 11:06:26) 000000004a900000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icuuc55.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (ICU Common DLL/The ICU Project)(2015-08-17 11:06:26) 00000000059c0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icudt55.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (ICU Data DLL/The ICU Project)(2015-08-17 11:06:26) 000000005c660000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 00000000634f0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 00000000630b0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 0000000066c60000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005a440000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000062e60000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000625c0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5WebChannel.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-08-17 11:06:26) 0000000074910000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000748c0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000066b60000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 00000000664f0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 00000000660a0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 0000000062d70000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 0000000066060000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-03-04 21:45:30) 0000000065fb0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-03-04 21:45:30) 0000000061e70000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-08-17 11:06:27) 0000000062910000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-03-04 21:45:30) 0000000065e20000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-17 17:35:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 ST1000DM rev.CC4G 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\BRO~1\AppData\Local\Temp\pwldqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c61401 2 bytes JMP 752bb21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c61419 2 bytes JMP 752bb346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c61431 2 bytes JMP 75338f29 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c6144a 2 bytes CALL 7529489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c614dd 2 bytes JMP 75338822 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c614f5 2 bytes JMP 753389f8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c6150d 2 bytes JMP 75338718 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c61525 2 bytes JMP 75338ae2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c6153d 2 bytes JMP 752afca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c61555 2 bytes JMP 752b68ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c6156d 2 bytes JMP 75338fe3 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c61585 2 bytes JMP 75338b42 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c6159d 2 bytes JMP 753386dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c615b5 2 bytes JMP 752afd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c615cd 2 bytes JMP 752bb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c616b2 2 bytes JMP 75338ea4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe[2720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c616bd 2 bytes JMP 75338671 C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:3360] 000007fefb132bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:1508] 000007feeec75648
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:2772] 000007fef5715124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:808] 000007feeebd6590
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4088:3056] 000007feeec75648
---- Processes - GMER 2.1 ----
Library c:\users\bro~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvhfcha.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-08-17 12:21:05) 00000000748f0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 0000000063ba0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icuin55.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (ICU I18N DLL/The ICU Project)(2015-08-17 11:06:26) 000000004a900000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icuuc55.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (ICU Common DLL/The ICU Project)(2015-08-17 11:06:26) 00000000059c0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\icudt55.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (ICU Data DLL/The ICU Project)(2015-08-17 11:06:26) 000000005c660000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 00000000634f0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 00000000630b0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 0000000066c60000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000005a440000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000062e60000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000625c0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5WebChannel.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-08-17 11:06:26) 0000000074910000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000748c0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 0000000066b60000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 00000000664f0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 00000000660a0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 0000000062d70000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-07-16 12:50:44) 0000000066060000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-03-04 21:45:30) 0000000065fb0000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-03-04 21:45:30) 0000000061e70000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-08-17 11:06:27) 0000000062910000
Library C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe [5096](2015-03-04 21:45:30) 0000000065e20000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
18.08.2015, 11:59
| #4 |
| /// the machine /// TB-Ausbilder | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? und die Addition.txt? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.08.2015, 19:20
| #5 |
| | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Ah entschuldige, habe ausversehen zweimal das selbe Kopiert. Hier ist nun die Addition. Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-08-2015
durchgeführt von Büro (2015-08-17 17:12:15)
Gestartet von C:\Users\Büro\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1632624160-964472687-1313652209-500 - Administrator - Disabled)
Büro (S-1-5-21-1632624160-964472687-1313652209-1002 - Administrator - Enabled) => C:\Users\Büro
Gast (S-1-5-21-1632624160-964472687-1313652209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1632624160-964472687-1313652209-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
ALDI SÜD Mah Jong (HKLM-x32\...\ALDI SÜD Mah Jong) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{7296C445-3261-4BDD-D1DC-2AE5171F660E}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.14.0 - Ask.com) <==== ACHTUNG
Ask Toolbar Updater (HKU\S-1-5-21-1632624160-964472687-1313652209-1002\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ACHTUNG
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camera Support Core Library (x32 Version: 7.3.0.4 - Canon) Hidden
Camera Window DS (x32 Version: 5.3.1 - Canon) Hidden
Camera Window DVC (x32 Version: 5.4.4 - Canon) Hidden
Camera Window MC (x32 Version: 5.4.3 - Canon) Hidden
Canon Camera Support Core Library (HKLM-x32\...\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}) (Version: 7.3.0.4 - Canon)
Canon Camera WIA Driver (x32 Version: 5.6 - Canon) Hidden
Canon Camera Window DC_DV 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}) (Version: 5.4.4 - Canon)
Canon Camera Window DSLR 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}) (Version: 5.3.1 - Canon)
Canon Camera Window MC 5 for ZoomBrowser EX (HKLM-x32\...\InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}) (Version: 5.4.3 - Canon)
Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber (HKLM-x32\...\InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}) (Version: 5.6 - Canon)
CANON iMAGE GATEWAY Task (x32 Version: 1.0.0.23 - Canon) Hidden
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{93973C6B-F862-4C16-84D1-7B675D650103}) (Version: 1.0.0.23 - Canon)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}) (Version: 1.4.0 - Canon Inc.)
Canon LBP5050 (HKLM\...\Canon LBP5050) (Version: - )
Canon PhotoRecord (HKLM-x32\...\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}) (Version: 02.02.03002 - Cisra)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}) (Version: 2.2 - Canon)
Canon Utilities Digital Photo Professional 2.0 (HKLM-x32\...\InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}) (Version: 2.0 - Canon)
Canon Utilities Digital Photo Professional 2.0 (x32 Version: 2.0 - Canon) Hidden
Canon Utilities EOS Capture 1.5 (HKLM-x32\...\InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}) (Version: 1.5 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}) (Version: 3.1.16 - Canon)
Canon ZoomBrowser EX (G) (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 5.05.0000 - Canon)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05182 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05182 - Cisco Systems, Inc.) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.2715_43927 - CyberLink Corp.)
CyberLink PhotoDirector 2011 (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2430 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2813 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4002.02 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.2715a - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.5310 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.4013 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dealply (HKU\S-1-5-21-1632624160-964472687-1313652209-1002\...\Dealply) (Version: - ) <==== ACHTUNG
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ACHTUNG
Delta toolbar (HKLM-x32\...\delta) (Version: 1.8.21.5 - Delta) <==== ACHTUNG
Dropbox (HKU\S-1-5-21-1632624160-964472687-1313652209-1002\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.3.20141106 - Landesfinanzdirektion Thüringen)
EOS Capture 1.5 (x32 Version: 1.5 - Canon) Hidden
FoneSync (HKLM-x32\...\FoneSync) (Version: - )
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.0.008 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{7477F26F-CC6A-4F68-8C9D-496DBFF45E05}) (Version: 1.1.48.0 - HTC)
Indeo® software (HKLM-x32\...\Indeo® software) (Version: - )
Internet Library (x32 Version: 1.4.0 - Canon Inc.) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AutoRoute 2001 (HKLM-x32\...\{4D719053-5593-11D3-8F25-0060085C1758}) (Version: 8.00.14.1500 - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM-x32\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.0 - Microsoft Corporation)
Microsoft Picture It! Foto 2001 (HKLM-x32\...\{D28FDA7D-15C6-48A2-9868-6BCB28BE6254}) (Version: 5.0.0.0000 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2000 SR-1 (HKLM-x32\...\{00170407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Word in Works Suite-Add-In (HKLM-x32\...\{C5DB5FBF-F037-4BEE-A110-257E89EDD8BB}) (Version: 1.0.0.0000 - Microsoft Corporation)
Microsoft Works 2001-Setup-Start (HKLM-x32\...\Works2001Setup) (Version: - )
Microsoft Works 6.0 (HKLM-x32\...\{D0AC6844-79D4-11D4-AFEE-00C04F443448}) (Version: 06.00.0000 - Microsoft Corporation)
MixMeister Pro 4 (HKLM-x32\...\{55D08777-EFAA-41AD-942A-5A2CD4B580F3}) (Version: 4 - MixMeister Technology LLC)
MixMeister Pro 5 (HKLM-x32\...\{4920CF11-4A79-4D8D-B643-58E0611FC106}) (Version: 5.0.2.0 - MixMeister Technology LLC)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.2.0 (x86 de)) (Version: 24.2.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version: - Markement GmbH)
PhotoStitch (x32 Version: 3.1.16 - Canon) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Printatree (HKU\S-1-5-21-1632624160-964472687-1313652209-1002\...\Printatree) (Version: - ) <==== ACHTUNG
Qtrax Player (HKLM-x32\...\{89505A66-35F0-4401-B3AD-D077051F8698}) (Version: 01.001.0001 - Qtrax)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RAW Image Task 2.2 (x32 Version: 2.2 - Canon) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
Ulead VideoStudio SE DVD (HKLM-x32\...\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}) (Version: 10.0 - Ulead Systems)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
watchmi (HKLM-x32\...\{F0559C5E-7912-4391-B1A0-6B975F0E5064}) (Version: 3.0.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile®-Gerätehandbuch (HKLM-x32\...\Windows Mobile Device Handbook) (Version: 1.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Works Suite-Betriebssystem-Pack (x32 Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works-Synchronisierung (x32 Version: 1.0.0.0000 - Firmenname) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1632624160-964472687-1313652209-1002_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
03-05-2015 15:24:51 Windows Update
15-05-2015 00:05:52 Windows Update
20-05-2015 22:35:43 Windows Update
16-07-2015 14:51:01 Windows Update
17-08-2015 12:53:17 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1F230574-BC3C-48C4-88F7-8D3A15C6E905} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ACHTUNG
Task: {22ACDA38-99E1-41A7-9211-42E8117DB60F} - \Dealply -> Keine Datei <==== ACHTUNG
Task: {551888D5-DD0D-4320-A734-2AD1F9A952D7} - \DealPlyUpdate -> Keine Datei <==== ACHTUNG
Task: {6E30DE69-3820-4951-ABAE-02585199A759} - System32\Tasks\EPUpdater => C:\Users\Büro\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ACHTUNG
Task: {76BA5E2D-444B-45EF-BC46-D6BAEA89B3A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
Task: {7D186EDD-DF2F-4974-A780-6249DE4C77D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8D8A17FE-9F17-4BFA-9CA3-A649D0B569CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-28] (Adobe Systems Incorporated)
Task: {8E48E34C-A303-4C3D-B6AC-DF120889D935} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-12-10] () <==== ACHTUNG
Task: {90D89E2D-16F4-4A9C-AA4D-79CB01C1F8FC} - System32\Tasks\Printatree => C:\Users\BRO~1\AppData\Roaming\PRINTA~1\PRINTA~1.EXE
Task: {DECDCB42-4094-42D6-86E7-5AE39D6F7B7C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-12] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1632624160-964472687-1313652209-1002Core1d0d8dc5784d418.job => C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf99042cc4a591.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cffe76d8de539e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d001bdce49fc10.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d063e72613acb4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d09329a09fca16.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0d8dac8c261f9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Printatree.job => C:\Users\BRO~1\AppData\Roaming\PRINTA~1\PRINTA~1.EXE
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2012-05-05 00:41 - 2012-05-05 00:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-10-08 17:40 - 2012-10-08 17:40 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-01-31 11:24 - 2012-01-31 11:24 - 00070144 _____ () C:\Program Files (x86)\watchmi\TvdService.exe
2012-09-29 11:46 - 2012-09-29 11:46 - 00059904 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\3.0.0.8__f722db7bec59a14b\Tvd.Remote.dll
2012-09-29 11:46 - 2012-09-29 11:46 - 00034304 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Tools\3.0.0.8__f722db7bec59a14b\Tvd.Tools.dll
2012-09-29 11:46 - 2012-09-29 11:46 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\FingerPrint\1.0.0.0__a62e68e935d72fa6\FingerPrint.dll
2012-09-29 11:46 - 2012-09-29 11:46 - 00079360 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Reporting\3.0.0.8__f722db7bec59a14b\Tvd.Reporting.dll
2012-09-29 11:46 - 2012-09-29 11:46 - 00153088 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Aprico\3.0.0.8__f722db7bec59a14b\Tvd.Aprico.dll
2012-10-18 00:30 - 2012-10-18 00:30 - 00168864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-01-31 11:24 - 2012-01-31 11:24 - 01070592 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2012-01-31 11:24 - 2012-01-31 11:24 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2012-05-05 00:40 - 2012-05-05 00:40 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-05-05 00:47 - 2012-05-05 00:47 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-15 20:25 - 2014-08-15 20:25 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-18 00:28 - 2012-10-18 00:28 - 00024496 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2012-10-18 00:28 - 2012-10-18 00:28 - 00466256 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2012-10-18 00:28 - 2012-10-18 00:28 - 00043944 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2012-10-18 00:28 - 2012-10-18 00:28 - 00035776 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2012-10-18 00:29 - 2012-10-18 00:29 - 00079808 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2012-10-18 00:31 - 2012-10-18 00:31 - 00223152 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2012-04-14 03:08 - 2012-04-14 03:08 - 00623080 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2012-04-14 03:18 - 2012-04-14 03:18 - 00016360 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-08-17 14:21 - 2015-08-17 14:21 - 00071168 _____ () c:\users\bro~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvhfcha.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00012800 _____ () C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00779776 _____ () C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-17 13:06 - 2015-08-05 22:49 - 00056320 _____ () C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 23:45 - 2015-08-05 22:49 - 00012288 _____ () C:\Users\Büro\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-01-19 17:27 - 2015-01-19 17:27 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Büro\Documents\Ihre Bestellung 613275987.eml:OECustomProperty
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{85832019-5E10-4687-9BE8-ECC6260C4DFB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3F0CB73A-4640-4B7B-A0AC-524E66E23823}] => (Allow) LPort=2869
FirewallRules: [{D63C74F5-9DCE-4F49-A501-D838905BB8A3}] => (Allow) LPort=1900
FirewallRules: [{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C0B4056E-B896-435C-BBE5-FF8029F17959}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{B575D541-B8B4-41AB-A7CB-52FD9909F1C2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{D3159457-6735-4773-9245-DDF1EEB77A96}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{CF7B8919-428C-405D-A724-C505B59E1B70}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{F434872A-64ED-4BF9-8C76-D8A5585960F2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{A3055C3F-8C26-4ADC-B9C6-A26531A500A0}] => (Allow) LPort=56923
FirewallRules: [{3C890B7D-0133-4775-9702-835F4A2ED725}] => (Allow) LPort=51124
FirewallRules: [{6F4C2D89-2473-4931-A902-1AF25D351098}] => (Allow) LPort=52837
FirewallRules: [{8208773B-0149-41E3-A1C8-CE320EE6B158}] => (Allow) LPort=65164
FirewallRules: [{DB74497B-D7A6-4DA4-873A-63FD3D641F24}] => (Allow) LPort=64965
FirewallRules: [{A04A649E-329D-48C1-843E-3DCBF19F8E76}] => (Allow) LPort=57718
FirewallRules: [{F21BD707-DD58-4BBC-A0E5-72ADF23154EB}] => (Allow) LPort=63474
FirewallRules: [{B6523B80-5243-4868-98A2-ACA308446AC7}] => (Allow) LPort=62302
FirewallRules: [{6E1A0C77-22D4-4D6F-B63E-7E43BAE2D9DE}] => (Allow) LPort=64082
FirewallRules: [{2DE613C2-D97C-44C4-A346-C49D0B63C667}] => (Allow) LPort=63632
FirewallRules: [{3D439357-E4EC-484B-A2CC-11B73B97AC94}] => (Allow) LPort=63533
FirewallRules: [{AFF43B2B-F6DA-4433-AB1E-210A964E772B}] => (Allow) LPort=62269
FirewallRules: [{78D91F3E-F0B8-4752-8679-66E3BFD66FB4}] => (Allow) LPort=58767
FirewallRules: [{3A7F6AD0-731C-4756-9424-E6A7C6F9443C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{387D5754-9C7B-4C14-AD6F-2BAA549C0620}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28B5B571-A611-46BD-B696-EFE2E647A576}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1C7F2442-05B0-47B7-AE6A-C3A53498AEA8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1150010-3DCA-435D-83F1-9E41DF2CE548}] => (Allow) LPort=53902
FirewallRules: [{E1C2AF95-8240-4DC4-AF75-DD60956BE1F6}] => (Allow) LPort=58188
FirewallRules: [{F9F6A2DA-D8FA-4872-AB39-50DD76259020}] => (Allow) LPort=60993
FirewallRules: [{0BD79E50-E86F-4335-AD7B-F19781E2BB00}] => (Allow) LPort=51740
FirewallRules: [{C33C3C82-85E9-4974-B475-A4747DF93691}] => (Allow) LPort=55102
FirewallRules: [{511BB291-DB0E-4530-A120-19C972A584A6}] => (Allow) LPort=62049
FirewallRules: [{2457F07F-BAB7-4B4E-9130-934BD8656FE4}] => (Allow) LPort=55147
FirewallRules: [{99E5BE07-3A10-4636-B91D-A30CA490A968}] => (Allow) LPort=64638
FirewallRules: [{BE59E5F5-CA33-438B-AC55-A93B7A61646F}] => (Allow) LPort=63703
FirewallRules: [{A31F3ABA-2C3E-4417-941F-6D3C40596CF4}] => (Allow) LPort=56301
FirewallRules: [{AD40C879-C4AC-4378-8919-5B319C067F23}] => (Allow) LPort=61943
FirewallRules: [{8529F798-BED0-4CED-86B0-E1243C6F2C4D}] => (Allow) LPort=61773
FirewallRules: [{327F0821-7596-4B7C-8EB4-1DBB76B3D5B3}] => (Allow) LPort=50324
FirewallRules: [{6E224E04-42F8-41C0-98E8-8C0FB27AE8FB}] => (Allow) LPort=64875
FirewallRules: [{AD7313C0-A9C5-41FB-A8D8-AFD39D3F0EF5}] => (Allow) LPort=65187
FirewallRules: [{9FE1C98A-BDCD-47E9-BDED-36189AA1872C}] => (Allow) LPort=50489
FirewallRules: [{0AD21553-1D28-49ED-87FB-3E9DE14F2E90}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{19DEFE30-D749-4318-B4E1-15D2B8991494}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{6F724B9F-E129-4D54-B0B5-FD51C049C7CD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{B5171D15-850E-487A-9FF3-C91887641909}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{961C829D-D5A6-4DAF-9238-5E1B7FA731B7}] => (Allow) LPort=55322
FirewallRules: [{312963F0-E3DB-48A8-98FD-C22AD7AE5FED}] => (Allow) LPort=55763
FirewallRules: [{E8662B6B-B0E2-43A5-B38D-046A4E2D6C94}] => (Allow) LPort=62988
FirewallRules: [{170EF856-0B64-41D4-9184-89E523D2E218}] => (Allow) LPort=50646
FirewallRules: [{C8BA98B3-9988-490D-A8E0-9026656C85E6}] => (Allow) LPort=53827
FirewallRules: [{E15B3EB3-B60F-4914-AB51-7D2ACC397CE9}] => (Allow) LPort=56894
FirewallRules: [{D46AADD3-7EF3-4DF2-8777-4D3265F14317}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{0993DED8-D05A-4296-A822-97F0CE635B4D}] => (Allow) C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{34DFE617-4241-4A91-BD86-70628F004D63}] => (Allow) C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B633C5D0-258C-45BC-9915-3A8718192FC5}] => (Allow) LPort=65118
FirewallRules: [{A5C08B49-7394-48E5-9876-93448FB7C27B}] => (Allow) LPort=55791
FirewallRules: [{C18EC860-56F6-4511-A478-4F856365E445}] => (Allow) LPort=58547
FirewallRules: [{0207ADEF-F591-433A-83C9-23D69D1D77F9}] => (Allow) LPort=52701
FirewallRules: [{1756335E-5198-49FF-9158-E7760E78C8CC}] => (Allow) LPort=65223
FirewallRules: [{EEA40D73-C388-4A36-9283-F7063582CF0C}] => (Allow) LPort=58666
FirewallRules: [{C11FA132-5E23-4BE0-92F9-50B0B74A89A9}] => (Allow) LPort=53200
FirewallRules: [{A044FB01-FADF-4209-BC7A-B2AE45FFA647}] => (Allow) LPort=54997
FirewallRules: [{D77A82B8-F5FA-43EB-B9B5-A3C1EF3E7325}] => (Allow) LPort=58630
FirewallRules: [{2F4B5367-4C4B-495F-9351-ADFACAAE1574}] => (Allow) LPort=54308
FirewallRules: [{D3A25460-1A2C-4C39-9CE1-4DB4B9C85476}] => (Allow) LPort=60258
FirewallRules: [{EBAB63B9-259A-45A7-B4C0-68CE88984A15}] => (Allow) LPort=60286
FirewallRules: [{70C7D261-7B35-4475-A0F7-DA9455A64962}] => (Allow) LPort=58149
FirewallRules: [{5AFF8B5B-0C2F-44AC-9C25-D5320EF596D7}] => (Allow) LPort=60956
FirewallRules: [{736CF09E-F7E1-4FD3-983D-EB97ECC96EE5}] => (Allow) LPort=63531
FirewallRules: [{6E605262-6D25-44C6-BD80-C39FF0399F53}] => (Allow) LPort=55732
FirewallRules: [{09725065-75E9-4C96-9A51-00AE563A6E1D}] => (Allow) LPort=60801
FirewallRules: [{C63E00F8-2D4E-4DE1-BCAF-24DCCB284741}] => (Allow) LPort=57626
FirewallRules: [{7112A00D-5BEB-461A-AABB-1133DA487286}] => (Allow) LPort=56786
FirewallRules: [{9020BEA4-78BD-44E7-9A81-727CDDEFE9A4}] => (Allow) LPort=64627
FirewallRules: [{33E57380-3881-499A-A16C-6E3F81A19236}] => (Allow) LPort=58881
FirewallRules: [{D7F789EE-C920-499A-AC06-DC6D8E53EA66}] => (Allow) LPort=57340
FirewallRules: [TCP Query User{5DD458A5-D5EF-4320-A80D-A5BD7064216A}C:\users\büro\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\büro\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BA50A9D8-71A2-4F7C-B755-44DF36B6D210}C:\users\büro\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\büro\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{959F6EC2-C324-4A7F-87CA-96A7BD7DE7BD}] => (Allow) LPort=50652
FirewallRules: [{CE2C4FEA-79D2-40E6-8A5C-1E47BC1BD8BF}] => (Allow) LPort=59519
FirewallRules: [{FABC000F-07B2-4416-A7CC-6CD5A382D678}] => (Allow) LPort=59300
FirewallRules: [{8D795055-639F-4EF9-8F13-A455CACEC05F}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{4D0323E0-8FD0-417E-9E9F-62CD6D73D114}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{91955CBE-244E-4506-98BE-953EDF1CEEFA}] => (Allow) LPort=26675
FirewallRules: [{B4B2FA03-0C47-477D-BBCC-7D8E63DC14C5}] => (Allow) LPort=51188
FirewallRules: [{41B57EA4-CF56-4A07-99F2-841C8CB815BE}] => (Allow) LPort=60786
FirewallRules: [{99597CBF-201C-4914-AF3F-2033774D8153}] => (Allow) LPort=51462
FirewallRules: [{19B045D3-0D45-4064-82B4-58C50CB05BB4}] => (Allow) LPort=56492
FirewallRules: [{642050D4-8FD5-4F86-9700-68D00E3B38E5}] => (Allow) LPort=61248
FirewallRules: [{57D49AEE-36C6-4FB2-8BDF-450F8EDBC7E0}] => (Allow) LPort=62486
FirewallRules: [{497E469F-46A3-4957-961E-B65D1F1F8893}] => (Allow) LPort=58935
FirewallRules: [{A0899417-F146-4BC5-B05C-FBBB68608BD5}] => (Allow) LPort=57079
FirewallRules: [{A9FE08FD-BEE8-4A1B-B085-0846BBD25E52}] => (Allow) LPort=60994
FirewallRules: [{2F1CC132-1E11-4A39-9D7B-EDD0B4540B24}] => (Allow) LPort=65217
FirewallRules: [{58C47874-0E99-4D5C-A967-B6561A42DF92}] => (Allow) LPort=60243
FirewallRules: [{374A45BD-0376-4BC4-A196-E5138A4290EF}] => (Allow) LPort=60858
FirewallRules: [{DA5B2BF5-43E0-48FF-919D-33466F120012}] => (Allow) LPort=50687
FirewallRules: [{4A379CD7-771D-4067-86A3-62A88EB6B265}] => (Allow) LPort=52236
FirewallRules: [{B370200D-DA90-41E7-9DE9-A4825D7FB90E}] => (Allow) LPort=50769
FirewallRules: [{CC3AE06B-E321-462C-8338-791B2AE35A9B}] => (Allow) LPort=53737
FirewallRules: [{8F49E761-9D9C-46BD-9F2B-1ECFB9664220}] => (Allow) LPort=64842
FirewallRules: [{AC6B76B0-6AEF-4B28-AADA-8233575C5670}] => (Allow) LPort=53125
FirewallRules: [{CCAA1FEF-6D81-4561-9D66-FEE741529DE9}] => (Allow) LPort=49707
FirewallRules: [{A39006E8-DB11-4A43-AA23-702EB32D4069}] => (Allow) LPort=63091
FirewallRules: [{88157809-244B-4A97-8609-301387F50BB8}] => (Allow) LPort=57005
FirewallRules: [{80CCE67C-D99A-4423-90E4-C30ED27441CE}] => (Allow) LPort=63105
FirewallRules: [{64BC4F52-F1F0-4DE1-9612-E585D99D9DEB}] => (Allow) LPort=52286
FirewallRules: [{98540F46-D469-48A9-8DBE-CA6659E4C9C7}] => (Allow) LPort=65002
FirewallRules: [{813EBC12-31FA-41FF-A707-F1D3D5E27053}] => (Allow) LPort=64469
FirewallRules: [{0BE05EF2-5A64-4BEC-8BA2-E2B6460FC353}] => (Allow) LPort=55781
FirewallRules: [{E6C0EE55-9CB4-477B-B0E3-63235B1D711D}] => (Allow) LPort=55917
FirewallRules: [{1A0262A5-FFC8-426A-A0E5-7F058B1F1455}] => (Allow) LPort=64367
FirewallRules: [{1381487E-0643-4FAB-B48F-4557C990812D}] => (Allow) LPort=61308
FirewallRules: [{BB38FE5B-57BF-45D5-BC36-9667691AF172}] => (Allow) LPort=51281
FirewallRules: [{B29D51E9-0EC9-42F1-A852-BBCC6BCEEB98}] => (Allow) LPort=65085
FirewallRules: [{025C0023-D95D-46E8-90BA-11FF5F45FF52}] => (Allow) LPort=64541
FirewallRules: [{1A198788-E911-424D-BFCB-DE620436299A}] => (Allow) LPort=62240
FirewallRules: [{569AEBED-58FE-403F-A189-6296D3C65E29}] => (Allow) LPort=64119
FirewallRules: [{6024220B-85ED-40C6-906C-638D9189409B}] => (Allow) LPort=60868
FirewallRules: [{BA351056-A4A1-41D1-AFC6-6C8B7AEF7C10}] => (Allow) LPort=57172
FirewallRules: [{09607D53-6B3D-4E31-9CF7-BEFD3947F9A3}] => (Allow) LPort=53055
FirewallRules: [{F979D43A-A2FE-4754-9AD5-0F409DBFB8A9}] => (Allow) LPort=60854
FirewallRules: [{5E23CEE4-69D9-4146-9386-D788B4D459F5}] => (Allow) LPort=49535
FirewallRules: [{A850F07D-FEC9-4617-A19F-E8CABF838D7C}] => (Allow) LPort=59946
FirewallRules: [{B48358CE-BFF4-4D23-B20D-722FE295EB59}] => (Allow) LPort=52615
FirewallRules: [{F5C61088-51CC-413D-AE6B-CA8EC7C214AA}] => (Allow) LPort=59072
FirewallRules: [{BDF7A06C-CF9A-4A7D-B495-F1A4020E96BF}] => (Allow) LPort=62997
FirewallRules: [{0197575B-2E36-41D0-A548-04715B3A8482}] => (Allow) LPort=63158
FirewallRules: [{E65F04FF-F021-4ADC-85E4-5A9CDD10FA4C}] => (Allow) LPort=54437
FirewallRules: [{15BBA213-9CCD-48E1-A95E-5AF138EF433D}] => (Allow) LPort=53151
FirewallRules: [{A82A84AF-C691-4738-97CE-66B1026C87F3}] => (Allow) LPort=49194
FirewallRules: [{039F9D8B-C8BB-406E-BB69-779A5CDA0FBB}] => (Allow) LPort=59869
FirewallRules: [{8711706E-70E0-4036-BD53-CA76B317744D}] => (Allow) LPort=58545
FirewallRules: [{652EEFB1-300E-42C4-92E4-7B577CD1FEAB}] => (Allow) LPort=59238
FirewallRules: [{A3D97D49-509C-4429-BF5D-6247B5D50232}] => (Allow) LPort=49352
FirewallRules: [{0EB0856E-84FE-47BB-BA5C-C5FE89C308CD}] => (Allow) LPort=56105
FirewallRules: [{47967DA9-5777-4B82-B3D9-12BED86BE57F}] => (Allow) LPort=53396
FirewallRules: [{3732767B-D245-46F4-B630-04045E50130E}] => (Allow) LPort=64122
FirewallRules: [{406C6272-A08E-4F0D-8E12-FAD5F25B390D}] => (Allow) LPort=53106
FirewallRules: [{1638C129-0724-41AA-8825-F319377DB055}] => (Allow) LPort=64013
FirewallRules: [{80BE9710-7872-46DD-9659-4F3E13C54B04}] => (Allow) LPort=53268
FirewallRules: [{63E40C06-0767-4AB4-A109-054684DD185E}] => (Allow) LPort=55807
FirewallRules: [{7189DB96-C8A1-46A9-A25A-E02AFD1644CD}] => (Allow) LPort=55206
FirewallRules: [{6E4A7724-9073-45A1-B907-D9B1ADF6F98B}] => (Allow) LPort=50699
FirewallRules: [{E30EDE42-CF9C-44EE-B05D-48B7AA64C72D}] => (Allow) LPort=62077
FirewallRules: [{962C460F-3A7E-4CF8-8463-D4604FFD16D2}] => (Allow) LPort=50706
FirewallRules: [{D3F846D0-490A-481C-B924-27D03C9C58DE}] => (Allow) LPort=63179
FirewallRules: [{A057C61F-A5D6-4F54-AA46-2720B43E431A}] => (Allow) LPort=58752
FirewallRules: [{7BBDEAA0-3902-4EDC-B057-730523211612}] => (Allow) LPort=58642
FirewallRules: [{8415B02F-285A-4D17-AD47-7B2C40F08C0A}] => (Allow) LPort=57652
FirewallRules: [{557F37D3-557C-41E1-8938-96D8E8CA674E}] => (Allow) LPort=59975
FirewallRules: [{BEB52F03-ABBD-4E03-92D5-7EDB6F2FDFF7}] => (Allow) LPort=56052
FirewallRules: [{389CB32B-DE10-4A50-A94F-A5E452CB71E7}] => (Allow) LPort=57736
FirewallRules: [{A429AF80-B7CE-44F6-A26C-2221AD752371}] => (Allow) LPort=56122
FirewallRules: [{D6459CD4-2043-423C-9758-A8E88CD10819}] => (Allow) LPort=53446
FirewallRules: [{A8497F51-110D-484A-88A7-6F2E244F9E6D}] => (Allow) LPort=64357
FirewallRules: [{A46F2284-0838-41AF-8518-A2DEAA528453}] => (Allow) LPort=53451
FirewallRules: [{981C492D-3400-4512-9FED-BE28D65A265F}] => (Allow) LPort=55299
FirewallRules: [{B7D668B6-1A08-4744-95FB-84F885985E2D}] => (Allow) LPort=50476
FirewallRules: [{D2AC4F8E-C254-4CA1-AB5D-644500783500}] => (Allow) LPort=63983
FirewallRules: [{FEF7758A-1ACD-4C1C-B760-67C663B36252}] => (Allow) LPort=62195
FirewallRules: [{E5C5EE05-7294-48D9-AB67-867A98A2F378}] => (Allow) LPort=52579
FirewallRules: [{C5CE0E3D-9AAF-4E3C-B1D9-30B4860E6F3B}] => (Allow) LPort=57097
FirewallRules: [{62686868-72E2-4999-908A-6B06880E5A54}] => (Allow) LPort=50955
FirewallRules: [{4DFEFECC-9090-4FD6-9DD0-60DC0DF24153}] => (Allow) LPort=57304
FirewallRules: [{93612505-41CA-4BD2-98AA-8F1583AA3D71}] => (Allow) LPort=49990
FirewallRules: [{B9C535C3-410A-4108-9393-E868CB72D772}] => (Allow) LPort=50151
FirewallRules: [{8B01D9DD-8C83-40AE-AAB4-623547CB9E07}] => (Allow) LPort=50784
FirewallRules: [{CD24373B-B9BF-4F2D-8A71-BAC5224CE73E}] => (Allow) LPort=64452
FirewallRules: [{FCE0A837-FBEC-4602-A4FC-6019388BE3E4}] => (Allow) LPort=51269
FirewallRules: [{74D3C60C-14B6-4762-9CF0-42D3B182C69D}] => (Allow) LPort=52898
FirewallRules: [{57ECBC65-B3D6-448F-95A6-C4B46DD0EF40}] => (Allow) LPort=59385
FirewallRules: [{3728296F-9E80-4476-8005-E0835D6485B3}] => (Allow) LPort=54939
FirewallRules: [{648B24D6-910D-4F6F-9765-B56B724528EB}] => (Allow) LPort=59781
FirewallRules: [{C04CD17A-6DD6-4B59-964A-35F523BE91B0}] => (Allow) LPort=55289
FirewallRules: [{4417D24F-CB3D-43D2-B7A7-5AAE7200AB7D}] => (Allow) LPort=55682
FirewallRules: [{8112AA35-66DE-47E6-8DA9-5005E24C9C16}] => (Allow) LPort=52305
FirewallRules: [{60F34746-7025-4570-9364-F6245B03FE7F}] => (Allow) LPort=62698
FirewallRules: [{F14FF709-A380-4985-931A-650A04EDF12F}] => (Allow) LPort=62646
FirewallRules: [{1323DBDA-6219-49A1-9ECA-9C1601EB8957}] => (Allow) LPort=64841
FirewallRules: [{5E4197BA-FFD1-4D73-99CA-0792DB4DBE42}] => (Allow) LPort=52014
FirewallRules: [{D8E09083-EADE-4F0E-98C0-23CE9918B525}] => (Allow) LPort=63800
FirewallRules: [{3E148A60-2C2A-4B9E-B74D-7E46B0EF05DD}] => (Allow) LPort=63817
FirewallRules: [{27C5E68F-AFE4-4B46-82BF-2A9B93EC04CD}] => (Allow) LPort=54097
FirewallRules: [{F51A29F1-C949-4572-BFD2-F716B765EA33}] => (Allow) LPort=59097
FirewallRules: [{555F984F-9A3B-41F9-9C5C-503534D1CB9B}] => (Allow) LPort=59497
FirewallRules: [{085D5823-651C-4D71-A530-F7246962DFE5}] => (Allow) LPort=62551
FirewallRules: [{F1921939-1A62-491C-B0E9-60EA65EDD5D3}] => (Allow) LPort=50421
FirewallRules: [{E18EE008-EE02-4DC9-8FCF-73DB05A26A34}] => (Allow) LPort=54551
FirewallRules: [{91BB50B3-D1E2-4D0C-983E-7F8B10FEDFF4}] => (Allow) LPort=60864
FirewallRules: [{DCE11CAD-BA7C-4AA1-9E9F-BEACE684D1B7}] => (Allow) LPort=50831
FirewallRules: [{DBC2223D-D3BA-486D-9599-C94BBDEEB20B}] => (Allow) LPort=57996
FirewallRules: [{68873BC7-AC76-4D3A-A366-F04E698B316E}] => (Allow) LPort=49664
FirewallRules: [{72285F3E-7DBC-436E-862C-934E0C635ED4}] => (Allow) LPort=63259
FirewallRules: [{9EBFE5D4-EC99-4369-BD8C-DBC11ADEE982}] => (Allow) LPort=52314
FirewallRules: [{FA7B09BD-81E1-4313-84BC-442BE22F396E}] => (Allow) LPort=64281
FirewallRules: [{EAD8D20B-ABF0-4D86-9D04-434DC449AB47}] => (Allow) LPort=62029
FirewallRules: [{2ED276FB-D4E2-4DE0-9214-0DE7F4F48C49}] => (Allow) LPort=61709
FirewallRules: [{C7F17D31-9064-4EE4-9D69-918BBB0028A4}] => (Allow) LPort=56657
FirewallRules: [{4A636CCB-228A-4CBC-B12C-6C79C245B9DA}] => (Allow) LPort=63096
FirewallRules: [{4302E636-5F96-4B7C-9222-D99878E20EBD}] => (Allow) LPort=53379
FirewallRules: [{A7B232E4-F5A9-42ED-820C-77692E93B302}] => (Allow) LPort=51930
FirewallRules: [{CD5437D9-8A58-433D-85DE-D7A8C4C13B1E}] => (Allow) LPort=61955
FirewallRules: [{7BA2B130-4792-47F4-B658-69CCDE35D128}] => (Allow) LPort=54965
FirewallRules: [{5DD52F9F-2F11-4F2A-A1E1-28B37264CC4C}] => (Allow) LPort=54979
FirewallRules: [{F0F6C68B-2AA8-4D89-B5B2-2B2D3FF4048E}] => (Allow) LPort=61871
FirewallRules: [{AFD643D8-0D86-40FD-8CD6-2A0A1A24D030}] => (Allow) LPort=64515
FirewallRules: [{B94A4AFF-61CD-409A-8784-A0A17F8F5925}] => (Allow) LPort=56383
FirewallRules: [{DFF1B65C-0BB5-45BB-978E-FE8AD18ED590}] => (Allow) LPort=58475
FirewallRules: [{073A1528-B52B-41D2-9EE8-E3594A165212}] => (Allow) LPort=58786
FirewallRules: [{D9CD4C48-EC68-4C69-B681-A2A5AF5AE7D1}] => (Allow) LPort=59337
FirewallRules: [{4FCA05C1-F63D-4AA0-9420-C973F36A5C1A}] => (Allow) LPort=52922
FirewallRules: [{22C1E716-CA0C-407C-B21A-DC9355F2B054}] => (Allow) LPort=61284
FirewallRules: [{ABA8F729-1D9D-4723-8A57-DDC880162BDB}] => (Allow) LPort=51313
FirewallRules: [{DEDC6570-8884-41B5-AD72-ACBC6962087F}] => (Allow) LPort=49810
FirewallRules: [{2122C3F8-3637-4ECC-A3A1-BA849C1E3B9B}] => (Allow) LPort=62038
FirewallRules: [{EE7F41CF-583C-4D84-9F52-284611B02828}] => (Allow) LPort=53970
FirewallRules: [{9B9D8FBC-7808-46DB-9539-FD8027C8F720}] => (Allow) LPort=53245
FirewallRules: [{4C4DE00B-B801-4285-960A-905D5BE2FC1E}] => (Allow) LPort=60955
FirewallRules: [{0D8D1122-6CCA-4B63-A98A-A7FF52F36E04}] => (Allow) LPort=65345
FirewallRules: [{B06ACE35-3EB2-4A07-BA72-7BFF772D0F51}] => (Allow) LPort=64017
FirewallRules: [{5695F656-A893-4FAE-908C-A3CE8E4763CD}] => (Allow) LPort=57032
FirewallRules: [{698E801F-7FBA-49BE-B240-41A31DCA86F2}] => (Allow) LPort=61723
FirewallRules: [{D1FDA69B-742F-4BDF-BB56-96F55C51DF8D}] => (Allow) LPort=64263
FirewallRules: [{9DA195C7-C90A-4E90-A81E-CEFAF5668B0E}] => (Allow) LPort=50210
FirewallRules: [{6A2EAAA5-5E2F-4CA1-8F4E-E131F9E0B529}] => (Allow) LPort=60911
FirewallRules: [{1A568779-D794-4EEA-A536-41413B386559}] => (Allow) LPort=60132
FirewallRules: [{F44E1ED0-703B-4DC9-B3DF-43E861F5FDCF}] => (Allow) LPort=50976
FirewallRules: [{2F9105BC-4A7E-4233-81EA-20E05DDC1C9D}] => (Allow) LPort=63377
FirewallRules: [{87B8D032-4117-4B3C-B209-D12DCA9A5842}] => (Allow) LPort=56358
FirewallRules: [{CD04614C-C87B-4093-927A-AD18B822D831}] => (Allow) LPort=52505
FirewallRules: [{8F6AAA83-DB21-461B-9F2C-4B1611E11183}] => (Allow) LPort=54877
FirewallRules: [{2F53491B-057B-4C56-9AD2-A8456BEF1AC2}] => (Allow) LPort=62188
FirewallRules: [{2E6A2448-3D8D-4902-A9FB-F660FA355971}] => (Allow) LPort=57468
FirewallRules: [{E559CE4B-5EB3-4870-B651-15E37EBC613D}] => (Allow) LPort=59298
FirewallRules: [{144C452F-E9F3-4B86-8DFC-CB6467F35E34}] => (Allow) LPort=54524
FirewallRules: [{C7409C5F-75EE-4EA0-987D-4B983A6BD0C8}] => (Allow) LPort=58270
FirewallRules: [{211057C1-6C23-489A-9AC2-754ED0CEE4BB}] => (Allow) LPort=50384
FirewallRules: [{3B4542BD-D6BC-4E97-BC4C-8C446D12C806}] => (Allow) LPort=60806
FirewallRules: [{A8C70480-3A3D-493F-8106-FFCDF6C0D96C}] => (Allow) LPort=57696
FirewallRules: [{7E840B0B-3B9F-41F2-A115-F34108020944}] => (Allow) LPort=64530
FirewallRules: [{FA615AE2-EB9F-4A35-B6B3-403361E14C93}] => (Allow) LPort=52645
FirewallRules: [{7C87402C-AFBA-4354-9833-F938D609111E}] => (Allow) LPort=59187
FirewallRules: [{5C2D4673-8306-45E2-BA86-7DBDF365BB77}] => (Allow) LPort=51886
FirewallRules: [{CF373EA7-6108-43E4-A051-4B55CC0998A9}] => (Allow) LPort=61993
FirewallRules: [{372C36E3-86D9-48E8-B7CA-825A4EFDE135}] => (Allow) LPort=61640
FirewallRules: [{1BB9031E-06CB-491A-80EC-393406D2AB3B}] => (Allow) LPort=64565
FirewallRules: [{5343C437-BBE7-4446-A0B4-EEEA2511C499}] => (Allow) LPort=49729
FirewallRules: [{B8F852F1-D376-441B-882D-060D26F25FA6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{17562AAD-F0A7-465C-A812-4ED4A021087F}] => (Allow) LPort=54857
FirewallRules: [{44E46182-A424-4EC3-B74E-36F72802FAC6}] => (Allow) LPort=56691
FirewallRules: [{1EE5734E-47E3-4543-8149-D2827078E688}] => (Allow) LPort=60007
FirewallRules: [{58A636DB-0FF4-4A92-AB57-953A52FF2A3A}] => (Allow) LPort=63593
FirewallRules: [{A313C0BA-CCAE-4FE1-9E66-CFFF4DB35947}] => (Allow) LPort=54996
FirewallRules: [{A080CE6F-258C-4A02-83E5-3178D867C5B9}] => (Allow) LPort=58199
FirewallRules: [{A9797BF1-0F18-45CA-B56D-8B455E807B91}] => (Allow) LPort=54099
FirewallRules: [{C946D27C-5BFE-45AF-A050-2B8FA33D7E0C}] => (Allow) LPort=55829
FirewallRules: [{49FB6FC7-A423-46B5-9B02-B4A80F902A8C}] => (Allow) LPort=58108
FirewallRules: [{FA72E75B-D857-4C40-B2F6-69D0A9A2C467}] => (Allow) LPort=57126
FirewallRules: [{10BD37BF-157B-4845-A4A7-3F1E0275DB32}] => (Allow) LPort=57022
FirewallRules: [{273B466A-0F7D-444D-A77A-14CC00B906A4}] => (Allow) LPort=61614
FirewallRules: [{80EFE6E6-3BCF-4FAC-AE67-9F9353B3AAC9}] => (Allow) LPort=61805
FirewallRules: [{F8C9EAA5-6864-4394-885C-181996640A9E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A67273D5-7DBD-4AC0-8CB3-A76872D21B2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{31D09529-DBAA-4642-B4EC-54B45D040A5B}] => (Allow) LPort=63291
FirewallRules: [{64823DEB-F64F-45F0-B334-C94B2483BCA6}] => (Allow) LPort=60945
FirewallRules: [{2508B4FF-FEA2-473E-8C37-01ADB42FA29A}] => (Allow) LPort=63639
FirewallRules: [{2FA1E745-5B0D-4358-ABE9-0F7FCD90C69F}] => (Allow) LPort=61606
FirewallRules: [{EB31C4C5-967C-40B3-B9A2-44131B357194}] => (Allow) LPort=52222
FirewallRules: [{58006791-BBE2-49C7-8422-F8C5243D4A08}] => (Allow) LPort=51548
FirewallRules: [{20D46E69-8532-4F3A-A5D4-E11A75AE4C43}] => (Allow) LPort=65081
FirewallRules: [{A9878DFA-1F1A-49A5-934B-DD0171FACB9D}] => (Allow) LPort=61134
FirewallRules: [{CB61ED8B-505F-448F-B995-C7B48942FFDF}] => (Allow) LPort=50858
FirewallRules: [{FABAE7E4-79F9-4496-8225-3E4095E9305C}] => (Allow) LPort=64359
FirewallRules: [{D46F5C8F-35C0-4A02-8C4E-E8FE7C8DD282}] => (Allow) LPort=60321
FirewallRules: [{FD5FAFAF-3FC3-4FE1-B9AB-2A2B82FC9C12}] => (Allow) LPort=52900
FirewallRules: [{9BF42016-8882-460C-A6E6-D1ABCE297321}] => (Allow) LPort=58275
FirewallRules: [{98429129-8456-4E0C-BF14-B212ABCEF334}] => (Allow) LPort=56030
FirewallRules: [{A3B16922-90F1-4670-9D5F-EF3B81DA91B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{479B05E6-B77F-4BAD-9F61-170A2B57BD99}] => (Allow) LPort=53563
FirewallRules: [{DC27BCAA-938D-4071-A41A-EFB0933C4EF1}] => (Allow) LPort=53563
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/17/2015 02:08:11 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (08/17/2015 01:23:11 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (08/17/2015 01:23:11 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{4522a079-fe9c-11e1-a7ba-806e6f6e6963} - 00000000000000F8,0x0053c010,00000000001A9FD0,0,000000000051ECF0,4096,[0]).
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (08/17/2015 12:48:50 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (07/16/2015 02:45:56 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (07/08/2015 04:49:56 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/02/2015 08:54:04 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/23/2015 10:32:37 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/20/2015 08:16:55 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/20/2015 08:13:24 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Systemfehler:
=============
Error: (08/17/2015 02:39:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (08/17/2015 01:19:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB3068708)
Error: (08/07/2015 05:52:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/07/2015 05:52:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht.
Error: (08/01/2015 01:55:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:
%%-2147467243
Error: (08/01/2015 01:51:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/01/2015 01:51:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht.
Error: (07/08/2015 04:57:46 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (07/08/2015 04:50:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/08/2015 04:50:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.
Microsoft Office:
=========================
Error: (08/17/2015 02:08:11 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (08/17/2015 01:23:11 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (08/17/2015 01:23:11 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{4522a079-fe9c-11e1-a7ba-806e6f6e6963} - 00000000000000F8,0x0053c010,00000000001A9FD0,0,000000000051ECF0,4096,[0])
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (08/17/2015 12:48:50 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (07/16/2015 02:45:56 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (07/08/2015 04:49:56 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/02/2015 08:54:04 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/23/2015 10:32:37 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/20/2015 08:16:55 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (05/20/2015 08:13:24 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
==================== Speicherinformationen ===========================
Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 70%
Installierter physikalischer RAM: 3545.07 MB
Verfügbarer physikalischer RAM: 1034.71 MB
Summe virtueller Speicher: 7088.35 MB
Verfügbarer virtueller Speicher: 3672.55 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:554.79 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:26.39 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 17AA74B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== Ende von Ergebnis ============================
|
|
19.08.2015, 09:37
| #6 |
| /// the machine /// TB-Ausbilder | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ --> DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? |
|
19.08.2015, 17:51
| #7 |
| | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Hier die Combofix.txt Code:
ATTFilter ComboFix 15-08-18.01 - Büro 19.08.2015 17:15:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3545.1565 [GMT 2:00]
ausgeführt von:: c:\users\Büro\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Büro\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\BRO~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\IsUn0407.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-07-19 bis 2015-08-19 ))))))))))))))))))))))))))))))
.
.
2015-08-19 15:27 . 2015-08-19 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-19 14:50 . 2015-08-19 14:50 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-08-17 19:35 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 19:35 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 15:36 . 2015-08-17 15:36 -------- d-----w- c:\users\Büro\AppData\Local\Diagnostics
2015-08-17 15:10 . 2015-08-17 15:13 -------- d-----w- C:\FRST
2015-08-17 12:36 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
2015-08-17 12:36 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-08-17 12:36 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-17 12:32 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-17 12:32 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2015-08-17 12:32 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2015-08-17 12:32 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2015-08-17 12:32 . 2015-07-16 19:12 4922368 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-17 12:32 . 2015-07-16 19:11 5779456 ----a-w- c:\windows\system32\mstscax.dll
2015-08-17 12:32 . 2015-07-16 19:12 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2015-08-17 12:32 . 2015-07-16 19:12 269824 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-08-17 12:32 . 2015-07-16 19:11 44032 ----a-w- c:\windows\system32\tsgqec.dll
2015-08-17 12:32 . 2015-07-16 19:11 322560 ----a-w- c:\windows\system32\aaclient.dll
2015-08-17 12:31 . 2015-07-09 17:57 193536 ----a-w- c:\windows\system32\notepad.exe
2015-08-17 12:31 . 2015-07-09 17:57 193536 ----a-w- c:\windows\notepad.exe
2015-08-17 12:31 . 2015-07-09 17:42 179712 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-17 12:12 . 2015-04-27 19:23 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-08-17 11:42 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-08-17 11:42 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
2015-08-17 11:42 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-08-17 11:42 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-08-17 11:40 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-08-17 11:40 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-08-01 11:55 . 2015-08-01 11:55 0 ---ha-w- c:\users\Büro\AppData\Local\BITF48F.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-17 10:57 . 2013-03-30 12:21 153256 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-08-17 10:57 . 2013-03-30 12:21 132656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-08-01 11:55 . 2015-08-01 11:55 0 ---ha-w- c:\users\Büro\AppData\Local\BITF48F.tmp
2015-08-01 11:55 . 2015-08-01 11:55 0 ---ha-w- c:\users\Büro\AppData\Local\BITF48F.tmp
2015-07-28 08:59 . 2011-07-18 20:31 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-15 17:54 . 2015-08-17 12:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-25 18:19 . 2015-07-16 13:03 1255424 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-25 18:19 . 2015-07-16 13:03 879104 ----a-w- c:\windows\system32\tdh.dll
2015-05-25 18:19 . 2015-07-16 13:03 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:18 . 2015-07-16 13:03 879104 ----a-w- c:\windows\system32\advapi32.dll
2015-05-25 18:18 . 2015-07-16 13:03 404992 ----a-w- c:\windows\system32\tracerpt.exe
2015-05-25 18:18 . 2015-07-16 13:03 47104 ----a-w- c:\windows\system32\typeperf.exe
2015-05-25 18:18 . 2015-07-16 13:03 43008 ----a-w- c:\windows\system32\relog.exe
2015-05-25 18:18 . 2015-07-16 13:03 104448 ----a-w- c:\windows\system32\logman.exe
2015-05-25 18:18 . 2015-07-16 13:03 19456 ----a-w- c:\windows\system32\diskperf.exe
2015-05-25 18:01 . 2015-07-16 13:03 635392 ----a-w- c:\windows\SysWow64\tdh.dll
2015-05-25 18:01 . 2015-07-16 13:03 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-07-16 13:03 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-05-25 18:00 . 2015-07-16 13:03 40448 ----a-w- c:\windows\SysWow64\typeperf.exe
2015-05-25 18:00 . 2015-07-16 13:03 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe
2015-05-25 18:00 . 2015-07-16 13:03 37888 ----a-w- c:\windows\SysWow64\relog.exe
2015-05-25 18:00 . 2015-07-16 13:03 82944 ----a-w- c:\windows\SysWow64\logman.exe
2015-05-25 18:00 . 2015-07-16 13:03 17408 ----a-w- c:\windows\SysWow64\diskperf.exe
2015-05-25 17:00 . 2015-07-16 13:03 36864 ----a-w- c:\windows\system32\UtcResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-07-02 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2012-04-14 111080]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 630912]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-08-17 730416]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-07-07 998104]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"WorksFUD"="c:\program files (x86)\Microsoft Works\wkfud.exe" [2000-07-12 24576]
"Microsoft Works Portfolio"="c:\program files (x86)\Microsoft Works\WksSb.exe" [2000-07-12 311350]
"Microsoft Works Update Detection"="c:\program files (x86)\Microsoft Works\WkDetect.exe" [2000-07-21 28739]
"UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-03-06 36864]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2014-08-15 707496]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-07-02 134368]
.
c:\users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 39179912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Erinnerungen in Microsoft Works-Kalender.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-7-12 24633]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
watchmi tray.lnk - c:\windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-9-29 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R1 mckhetwt;mckhetwt;c:\windows\system32\drivers\mckhetwt.sys;c:\windows\SYSNATIVE\drivers\mckhetwt.sys [x]
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 gearsec;gearsec;c:\windows\SysWOW64\gearsec.exe;c:\windows\SysWOW64\gearsec.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-17 10:53 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-16 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07 18:12]
.
2013-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2008-01-01 16:25]
.
2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf99042cc4a591.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 12:47]
.
2014-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cffe76d8de539e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 12:47]
.
2015-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d001bdce49fc10.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 12:47]
.
2015-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d063e72613acb4.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 12:47]
.
2015-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d09329a09fca16.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 12:47]
.
2015-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0d8dac8c261f9.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 12:47]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-29 12:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-13 12452968]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://safesearch.avira.com/#web/result?source=repair&q=
uDefault_Search_URL = https://safesearch.avira.com/#web/result?source=repair&q=
mDefault_Search_URL = https://safesearch.avira.com/#web/result?source=repair&q=
mDefault_Page_URL = https://safesearch.avira.com/#web/result?source=repair&q=
mStart Page = https://safesearch.avira.com/#web/result?source=repair&q=
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://safesearch.avira.com/#web/result?source=repair&q=
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 204c3cc0000000000000dc85de4a97c9
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15855
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:47
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121845&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
AddRemove-FoneSync - c:\windows\IsUn0407.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-08-19 17:48:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-08-19 15:48
.
Vor Suchlauf: 7 Verzeichnis(se), 595.742.519.296 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 597.446.344.704 Bytes frei
.
- - End Of File - - F156B06A07E612E9282AFBDFDD21CC3A
4624822E540EC83CD0819525C65846BA
|
|
20.08.2015, 09:09
| #8 |
| /// the machine /// TB-Ausbilder | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.08.2015, 18:11
| #9 |
| | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Die MBAM.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 20.08.2015 Suchlaufzeit: 17:04 Protokolldatei: mbam.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.08.20.04 Rootkit-Datenbank: v2015.08.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Büro Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 397703 Abgelaufene Zeit: 20 Min., 6 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.002 - Bericht erstellt 20/08/2015 um 17:38:48
# Aktualisiert 18/08/2015 von Xplode
# Datenbank : 2015-08-18.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Büro - BÜRO-PC
# Gestarted von : C:\Users\Büro\Downloads\AdwCleaner_5.002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\ProgramData\Ask
[-] Ordner Gelöscht : C:\ProgramData\Babylon
[-] Ordner Gelöscht : C:\ProgramData\Partner
[-] Ordner Gelöscht : C:\Users\Büro\Qtrax
[-] Ordner Gelöscht : C:\Users\Büro\AppData\LocalLow\Delta
[-] Ordner Gelöscht : C:\Users\Büro\AppData\Roaming\Babylon
[-] Ordner Gelöscht : C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
[-] Ordner Gelöscht : C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
***** [ Dateien ] *****
[-] Datei Gelöscht : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\invalidprefs.js
[-] Datei Gelöscht : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\searchplugins\BrowserDefender.xml
[-] Datei Gelöscht : C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\user.js
[-] Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
***** [ Verknüpfungen ] *****
***** [ Geplante Tasks ] *****
[-] Task Gelöscht : Printatree
[-] Task Gelöscht : Scheduled Update for Ask Toolbar
***** [ Registrierungsdatenbank ] *****
[-] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Schlüssel Gelöscht : HKCU\Software\596da8ab76fbf41
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\596da8ab76fbf41
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Schlüssel Gelöscht : HKCU\Software\APN
[-] Schlüssel Gelöscht : HKCU\Software\qtrax
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\APN
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\qtrax
[-] Daten Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Daten Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Daten Wiederhergestellt : HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
***** [ Internetbrowser ] *****
[-] [C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : de.ask.com
[-] [C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : ask.com
[-] [C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : delta-search.com
[-] [C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Gelöscht : babylon.com
*************************
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3917 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by Bro on 20.08.2015 at 17:42:41,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4F24AB64-CF5D-41A8-9B83-F0383ADB3746}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
Successfully deleted: [File] C:\Users\Bro\Appdata\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com
Successfully deleted: [File] C:\Users\Bro\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_hggpkhijoeadmdfmlbdepfbngmhaldci_0.localstorage
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{00D29493-9E76-4688-877D-775CE5A49A75}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{2AFCB732-0190-4592-A09D-521B9C21E3E7}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{46C302B4-7250-4712-AD99-5E2AD951C697}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{4935AB55-49C2-4218-A83E-902D02CD4BF6}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{49438216-B0F2-4EF4-A87A-57D1010D3293}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{5C92A534-ADFC-4364-8B94-741D5B3DC599}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{6356D053-54D6-4726-9FA8-BD4BB47C98BE}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{6C532D0C-598F-4EFC-9F10-44BC78BB9336}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{71F0703B-61FB-4A5B-AAD3-9D100488039A}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{7504D2F0-2035-4574-B90B-216E9191CC16}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{77433583-FE93-4838-A693-45A65E28F042}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{93C631BB-3F05-4702-AE43-C8FF3ADCEC97}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{94914672-BF71-458D-BD04-9B0C221659A1}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{98ACDB04-7B34-4DB2-B9B4-666515BC4688}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{9B3CC8D2-D2F8-42FA-B929-CE5F7222F097}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{9B537950-D654-4C22-8266-655E3B9C2512}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{9E38A4CA-E48C-4432-A48F-C0EE506FD764}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{A2258518-4B22-4F74-B4DA-C611EAA7C55A}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{A487E196-C02C-4FE4-B3C9-4834B137C1C5}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{A644B1E1-9392-41DC-9497-62229FDA1D2A}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{B2FEB34B-705E-47F7-8E90-00D92E18893F}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{B89AA9AD-38E0-46BB-ADC3-74E5DE84A3DA}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{BD40EB5D-9388-4602-89EC-A5FD91E57D2A}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{E43E3200-6113-4739-8D79-6CF2DED541CE}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{EADEACE4-4A4C-4FAF-A14E-696A1B0B7038}
Successfully deleted: [Empty Folder] C:\Users\Bro\Appdata\Local\{F08795F3-BA36-4AA3-95F0-D6093EEAD373}
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Bro\AppData\Roaming\printatree
~~~ FireFox
Successfully deleted the following from C:\Users\Bro\AppData\Roaming\mozilla\firefox\profiles\nvrbpy82.default\prefs.js
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, en);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 204c3cc0000000000000dc85de4a97c9);
user_pref(extensions.delta.instlDay, 15855);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.21.5);
user_pref(extensions.delta.vrsnTs, 1.8.21.516:47:35);
user_pref(extensions.delta.vrsni, 1.8.21.5);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=121845&tt=gc_);
user_pref(extensions.delta_i.srcExt, ss);
Emptied folder: C:\Users\Bro\AppData\Roaming\mozilla\firefox\profiles\nvrbpy82.default\minidumps [67 files]
~~~ Chrome
[C:\Users\Bro\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Bro\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Bro\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Bro\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.08.2015 at 17:46:35,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
durchgeführt von Büro (Administrator) auf BÜRO-PC (20-08-2015 17:51:51)
Gestartet von C:\Users\Büro\Downloads
Geladene Profile: Büro (Verfügbare Profile: Büro)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2007-09-06] (CANON INC.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111080 2012-04-14] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-20] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-08-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [WorksFUD] => C:\Program Files (x86)\Microsoft Works\wkfud.exe [24576 2000-07-12] (Microsoft® Corporation)
HKLM-x32\...\Run: [Microsoft Works Portfolio] => C:\Program Files (x86)\Microsoft Works\WksSb.exe [311350 2000-07-12] (Microsoft® Corporation)
HKLM-x32\...\Run: [Microsoft Works Update Detection] => C:\Program Files (x86)\Microsoft Works\WkDetect.exe [28739 2000-07-22] (Microsoft® Corporation)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-03-07] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\...\Run: [Dropbox Update] => C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen in Microsoft Works-Kalender.lnk [2012-10-07]
ShortcutTarget: Erinnerungen in Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-09-30]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2012-09-29]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-11-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-15] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-17] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-15] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-1632624160-964472687-1313652209-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2B0B9D70-1506-4A19-9DCD-D0CED68DA08A}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{60D2D7B7-D7BF-45F4-8531-EAD4B3ADE94A}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-28] ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-12-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-12-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\abs@avira.com [2015-08-17]
FF Extension: Print a Tree - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\{d8a25ef6-8a9c-459b-a8b1-7a2b0504190a} [2013-05-30]
FF Extension: Adblock Plus - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-03]
FF Extension: Kein Name - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\extensions\{d8a25ef6-8a9c-459b-a8b1-7a2b0504190a} [nicht gefunden]
Chrome:
=======
CHR Profile: C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx <nicht gefunden>
CHR HKU\S-1-5-21-1632624160-964472687-1313652209-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-05] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
S2 gearsec; C:\Windows\SysWOW64\gearsec.exe [49152 2002-09-02] (GEAR Software) [Datei ist nicht signiert]
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-07-16] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [Datei ist nicht signiert]
S2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)
R5 amdsata; C:\Windows\System32\drivers\amdsata.sys [107904 2011-03-11] (Advanced Micro Devices)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] (Advanced Micro Devices)
R5 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [82048 2011-12-12] (Advanced Micro Devices)
R5 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [42624 2011-12-12] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-08-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-08-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-21] (Avira Operations GmbH & Co. KG)
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-04] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-31] (Microsoft Corporation)
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [9440 2003-03-20] (GEAR Software) [Datei ist nicht signiert]
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-15] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-15] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 mckhetwt; \??\C:\Windows\system32\drivers\mckhetwt.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-20 17:51 - 2015-08-20 17:51 - 00000000 ____D C:\Users\Büro\Downloads\FRST-OlderVersion
2015-08-20 17:46 - 2015-08-20 17:46 - 00005804 _____ C:\Users\Büro\Desktop\JRT.txt
2015-08-20 17:42 - 2015-08-20 17:42 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Büro\Downloads\JRT.exe
2015-08-20 17:38 - 2015-08-20 17:38 - 00000000 ____D C:\AdwCleaner
2015-08-20 17:37 - 2015-08-20 17:37 - 01585664 _____ C:\Users\Büro\Downloads\AdwCleaner_5.002.exe
2015-08-20 17:36 - 2015-08-20 17:36 - 00001208 _____ C:\Users\Büro\Desktop\mbam.txt
2015-08-20 17:02 - 2015-08-20 17:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-20 17:02 - 2015-08-20 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-20 17:02 - 2015-08-20 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-20 17:02 - 2015-08-20 17:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-08-20 17:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-20 17:02 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-20 17:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-20 17:00 - 2015-08-20 17:01 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Büro\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-19 18:02 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 18:02 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 18:02 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 18:02 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 17:48 - 2015-08-19 17:48 - 00022953 _____ C:\ComboFix.txt
2015-08-19 17:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-19 17:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-19 17:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-19 17:02 - 2015-08-19 17:49 - 00000000 ____D C:\Qoobox
2015-08-19 17:02 - 2015-08-19 17:45 - 00000000 ____D C:\Windows\erdnt
2015-08-19 17:00 - 2015-08-19 17:01 - 05635271 ____R (Swearware) C:\Users\Büro\Downloads\ComboFix.exe
2015-08-19 16:50 - 2015-08-19 16:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Büro\Downloads\revosetup95.exe
2015-08-19 16:50 - 2015-08-19 16:50 - 00001268 _____ C:\Users\Büro\Desktop\Revo Uninstaller.lnk
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-17 21:35 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 21:35 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 17:51 - 2015-08-20 17:26 - 00000000 ____D C:\Windows\Minidump
2015-08-17 17:51 - 2015-08-17 17:51 - 512876665 _____ C:\Windows\MEMORY.DMP
2015-08-17 17:51 - 2015-08-17 17:51 - 00275768 _____ C:\Windows\Minidump\081715-27877-01.dmp
2015-08-17 17:35 - 2015-08-17 17:35 - 00014457 _____ C:\Users\Büro\Desktop\Gmer.log
2015-08-17 17:15 - 2015-08-17 17:15 - 00380416 _____ C:\Users\Büro\Downloads\Gmer-19357.exe
2015-08-17 17:12 - 2015-08-17 17:13 - 00093297 _____ C:\Users\Büro\Downloads\Addition.txt
2015-08-17 17:11 - 2015-08-20 17:51 - 00021581 _____ C:\Users\Büro\Downloads\FRST.txt
2015-08-17 17:10 - 2015-08-20 17:51 - 02173952 _____ (Farbar) C:\Users\Büro\Downloads\FRST64.exe
2015-08-17 17:10 - 2015-08-20 17:51 - 00000000 ____D C:\FRST
2015-08-17 17:08 - 2015-08-17 17:08 - 00000470 _____ C:\Users\Büro\Downloads\defogger_disable.log
2015-08-17 17:08 - 2015-08-17 17:08 - 00000000 _____ C:\Users\Büro\defogger_reenable
2015-08-17 17:07 - 2015-08-17 17:07 - 00050477 _____ C:\Users\Büro\Downloads\Defogger.exe
2015-08-17 14:37 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-17 14:37 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-17 14:37 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-17 14:37 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-17 14:37 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-17 14:37 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-17 14:37 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-17 14:37 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-17 14:37 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-17 14:37 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-17 14:37 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-17 14:37 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-17 14:37 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-17 14:37 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-17 14:37 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-17 14:37 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-17 14:37 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-17 14:37 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-17 14:37 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-17 14:37 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-17 14:37 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-17 14:37 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-17 14:37 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-17 14:37 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-17 14:37 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-17 14:37 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-17 14:37 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-17 14:37 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-17 14:37 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-17 14:37 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-17 14:37 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-17 14:37 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-17 14:37 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-17 14:37 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-17 14:37 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-17 14:37 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-17 14:37 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-17 14:37 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-17 14:37 - 2015-06-03 22:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-08-17 14:36 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-17 14:36 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-17 14:36 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-17 14:35 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-17 14:35 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-17 14:35 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-17 14:35 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-17 14:35 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-17 14:35 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-17 14:35 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-17 14:35 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-17 14:35 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-17 14:35 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-17 14:35 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-17 14:35 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-17 14:35 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-17 14:35 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-17 14:35 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-17 14:35 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-17 14:35 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-17 14:35 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-17 14:35 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-17 14:35 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-17 14:35 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-17 14:35 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-17 14:35 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-17 14:35 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-17 14:35 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-17 14:35 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-17 14:35 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-17 14:35 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-17 14:35 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-17 14:35 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-17 14:35 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-17 14:35 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-17 14:35 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-17 14:35 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-17 14:35 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-17 14:35 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-17 14:35 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-17 14:35 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-17 14:35 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-17 14:35 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-17 14:35 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-17 14:35 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-17 14:35 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-17 14:35 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-17 14:35 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-17 14:35 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-17 14:35 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-17 14:35 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-17 14:35 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-17 14:35 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-17 14:35 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-17 14:35 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-17 14:35 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-17 14:35 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-17 14:35 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-17 14:35 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-17 14:32 - 2015-07-16 21:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-17 14:32 - 2015-07-16 21:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-17 14:32 - 2015-07-16 21:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-17 14:32 - 2015-07-16 21:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-17 14:32 - 2015-07-16 21:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-17 14:32 - 2015-07-16 21:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-17 14:32 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-17 14:32 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-17 14:32 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-17 14:32 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-17 14:31 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-17 14:31 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-17 14:31 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-17 14:13 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-17 14:13 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-17 14:13 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-17 14:13 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-17 14:13 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-17 14:13 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-17 14:13 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-17 14:13 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-17 14:13 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-08-17 14:13 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-08-17 14:13 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-08-17 14:12 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-17 14:12 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-17 14:12 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-17 14:12 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-17 14:12 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-17 14:12 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-17 14:12 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-17 14:12 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-17 14:12 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-17 14:12 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-17 14:12 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-08-17 14:12 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-17 14:12 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-17 14:12 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-08-17 14:12 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-08-17 14:12 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-17 14:12 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-08-17 14:12 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-08-17 14:12 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-08-17 13:42 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-17 13:42 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-17 13:42 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-17 13:42 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-08-17 13:40 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-17 13:40 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-17 13:06 - 2015-08-17 13:06 - 00000000 ____D C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-17 12:52 - 2015-08-17 12:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0d8dac8c261f9.job
2015-08-01 13:55 - 2015-08-01 13:55 - 00000000 ____H C:\Users\Büro\AppData\Local\BITF48F.tmp
2015-08-01 13:55 - 2015-08-01 13:55 - 00000000 _____ C:\Users\Büro\AppData\Local\{C630AAEB-8C79-41B3-9A7E-5CE35D47870D}
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-20 17:48 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-20 17:48 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-20 17:41 - 2012-11-01 17:59 - 00000000 ___RD C:\Users\Büro\Dropbox
2015-08-20 17:41 - 2012-11-01 17:51 - 00000000 ____D C:\Users\Büro\AppData\Roaming\Dropbox
2015-08-20 17:40 - 2012-11-01 17:21 - 00000000 ____D C:\Users\Büro\AppData\Local\HTC MediaHub
2015-08-20 17:39 - 2010-11-21 05:47 - 00473400 _____ C:\Windows\PFRO.log
2015-08-20 17:39 - 2009-07-14 06:51 - 00208034 _____ C:\Windows\setupact.log
2015-08-20 17:38 - 2012-09-29 11:48 - 00000000 ____D C:\Users\Büro
2015-08-20 17:38 - 2012-09-29 11:44 - 01644247 _____ C:\Windows\WindowsUpdate.log
2015-08-20 17:26 - 2012-09-30 14:32 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-20 17:26 - 2012-09-30 14:32 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-20 17:26 - 2012-09-29 11:48 - 00001425 _____ C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-20 17:26 - 2012-09-29 11:46 - 00002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2015-08-19 17:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-08-19 16:53 - 2012-09-30 13:05 - 00000000 ____D C:\Users\Büro\AppData\Local\Google
2015-08-19 16:41 - 2011-05-16 16:04 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-08-19 16:41 - 2011-05-16 16:04 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-08-19 16:41 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-19 16:31 - 2009-07-14 06:45 - 00394736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-19 16:29 - 2015-05-03 15:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-19 16:29 - 2015-05-03 15:41 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-19 16:29 - 2014-12-19 11:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-19 16:29 - 2014-05-31 12:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-19 16:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-17 21:35 - 2012-07-19 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-17 21:34 - 2012-07-19 01:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-17 21:34 - 2012-07-19 01:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-17 21:27 - 2013-08-17 13:14 - 00000000 ____D C:\Windows\system32\MRT
2015-08-17 13:09 - 2013-01-10 21:36 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-08-17 13:09 - 2011-07-18 23:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-08-17 13:00 - 2012-09-30 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-17 12:57 - 2013-03-30 14:21 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-17 12:57 - 2013-03-30 14:21 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-17 12:52 - 2015-05-20 20:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d09329a09fca16.job
2015-08-07 17:55 - 2015-06-13 12:24 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-08-07 17:55 - 2014-08-16 11:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-28 10:59 - 2011-07-18 22:31 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-01 13:55 - 2015-08-01 13:55 - 0000000 ____H () C:\Users\Büro\AppData\Local\BITF48F.tmp
2015-08-01 13:55 - 2015-08-01 13:55 - 0000000 _____ () C:\Users\Büro\AppData\Local\{C630AAEB-8C79-41B3-9A7E-5CE35D47870D}
Einige Dateien in TEMP:
====================
C:\Users\Büro\AppData\Local\Temp\avgnt.exe
C:\Users\Büro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsikqpm.dll
C:\Users\Büro\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2013-09-07 10:35
==================== Ende von Ergebnis ============================
|
|
21.08.2015, 08:23
| #10 |
| /// the machine /// TB-Ausbilder | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.08.2015, 20:46
| #11 |
| | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=128cb3e45ba32343ac90cf0974f17afe
# end=init
# utc_time=2015-08-21 04:09:24
# local_time=2015-08-21 06:09:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25388
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=128cb3e45ba32343ac90cf0974f17afe
# end=updated
# utc_time=2015-08-21 04:12:11
# local_time=2015-08-21 06:12:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=128cb3e45ba32343ac90cf0974f17afe
# engine=25388
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-21 06:09:34
# local_time=2015-08-21 08:09:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 66612145 191810424 0 0
# scanned=295582
# found=1
# cleaned=0
# scan_time=7042
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\Tools\MEDION MediaPack 2\Setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.006
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 9
Java version 32-bit out of Date!
Adobe Flash Player 11.9.900.117 Flash Player out of Date!
Adobe Reader 10.1.15 Adobe Reader out of Date!
Mozilla Firefox 35.0 Firefox out of Date!
Mozilla Thunderbird 24.2.0 Thunderbird out of Date!
Google Chrome (43.0.2357.65)
Google Chrome (44.0.2403.155)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-08-2015
durchgeführt von Büro (Administrator) auf BÜRO-PC (21-08-2015 20:49:14)
Gestartet von C:\Users\Büro\Downloads
Geladene Profile: Büro (Verfügbare Profile: Büro)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(GEAR Software) C:\Windows\SysWOW64\gearsec.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAC8SWK.EXE
(Dropbox, Inc.) C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\wkssb.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WkDetect.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dropbox, Inc.) C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [406944 2007-09-06] (CANON INC.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111080 2012-04-14] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-20] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-08-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [WorksFUD] => C:\Program Files (x86)\Microsoft Works\wkfud.exe [24576 2000-07-12] (Microsoft® Corporation)
HKLM-x32\...\Run: [Microsoft Works Portfolio] => C:\Program Files (x86)\Microsoft Works\WksSb.exe [311350 2000-07-12] (Microsoft® Corporation)
HKLM-x32\...\Run: [Microsoft Works Update Detection] => C:\Program Files (x86)\Microsoft Works\WkDetect.exe [28739 2000-07-22] (Microsoft® Corporation)
HKLM-x32\...\Run: [UVS10 Preload] => C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-03-07] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-08-15] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\...\Run: [Dropbox Update] => C:\Users\Büro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Erinnerungen in Microsoft Works-Kalender.lnk [2012-10-07]
ShortcutTarget: Erinnerungen in Microsoft Works-Kalender.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012-09-30]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2012-09-29]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{F0559C5E-7912-4391-B1A0-6B975F0E5064}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-11-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Büro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Büro\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1632624160-964472687-1313652209-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-12-15] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-17] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-15] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-08-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-1632624160-964472687-1313652209-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-08-17] (Google Inc.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2B0B9D70-1506-4A19-9DCD-D0CED68DA08A}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{60D2D7B7-D7BF-45F4-8531-EAD4B3ADE94A}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll [2013-10-28] ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll [2012-12-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-12-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll [2013-10-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-12-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-12-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\abs@avira.com [2015-08-17]
FF Extension: Print a Tree - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\{d8a25ef6-8a9c-459b-a8b1-7a2b0504190a} [2013-05-30]
FF Extension: Adblock Plus - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-03]
FF Extension: Kein Name - C:\Users\Büro\AppData\Roaming\Mozilla\Firefox\Profiles\nvrbpy82.default\extensions\{d8a25ef6-8a9c-459b-a8b1-7a2b0504190a} [nicht gefunden]
Chrome:
=======
CHR Profile: C:\Users\Büro\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx <nicht gefunden>
CHR HKU\S-1-5-21-1632624160-964472687-1313652209-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [dmibjfmphcpfoacbchialfobiohmhged] - C:\Users\BRO~1\AppData\Roaming\PRINTA~1\printatreeChrome.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-05] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-08-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-08-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-14] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-14] (CyberLink)
R2 gearsec; C:\Windows\SysWOW64\gearsec.exe [49152 2002-09-02] (GEAR Software) [Datei ist nicht signiert]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2012-07-16] (Nero AG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2012-10-08] () [Datei ist nicht signiert]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.) [Datei ist nicht signiert]
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2012-01-31] () [Datei ist nicht signiert]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R5 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-21] (Microsoft Corporation)
R5 amdsata; C:\Windows\System32\drivers\amdsata.sys [107904 2011-03-11] (Advanced Micro Devices)
R5 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-11] (Advanced Micro Devices)
R5 amd_sata; C:\Windows\System32\drivers\amd_sata.sys [82048 2011-12-12] (Advanced Micro Devices)
R5 amd_xata; C:\Windows\System32\drivers\amd_xata.sys [42624 2011-12-12] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-08-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-08-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-21] (Avira Operations GmbH & Co. KG)
R5 CLFS; C:\Windows\System32\CLFS.sys [367552 2015-03-04] (Microsoft Corporation)
R5 CNG; C:\Windows\System32\Drivers\cng.sys [459336 2015-01-31] (Microsoft Corporation)
R5 Disk; C:\Windows\System32\drivers\disk.sys [73280 2009-07-14] (Microsoft Corporation)
R5 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] (Microsoft Corporation)
R5 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-21] (Microsoft Corporation)
U5 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] (Microsoft Corporation)
R5 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-01-24] (Microsoft Corporation)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [9440 2003-03-20] (GEAR Software) [Datei ist nicht signiert]
R5 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-21] (Microsoft Corporation)
R5 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2015-07-15] (Microsoft Corporation)
R5 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155584 2015-07-15] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R5 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94656 2015-07-15] (Microsoft Corporation)
R5 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] (Microsoft Corporation)
R5 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] (Microsoft Corporation)
R5 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
R5 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] (Microsoft Corporation)
R5 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] (Microsoft Corporation)
R5 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] (Microsoft Corporation)
R5 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] (Microsoft Corporation)
R5 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] (Microsoft Corporation)
R5 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] (Microsoft Corporation)
R5 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] (Microsoft Corporation)
R5 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] (Microsoft Corporation)
R5 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Microsoft Corporation)
R5 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
R5 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 mckhetwt; \??\C:\Windows\system32\drivers\mckhetwt.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-21 20:14 - 2015-08-21 20:14 - 00852684 _____ C:\Users\Büro\Downloads\SecurityCheck.exe
2015-08-21 18:08 - 2015-08-21 18:08 - 02870984 _____ (ESET) C:\Users\Büro\Downloads\esetsmartinstaller_deu.exe
2015-08-20 17:51 - 2015-08-20 17:51 - 00000000 ____D C:\Users\Büro\Downloads\FRST-OlderVersion
2015-08-20 17:46 - 2015-08-20 17:46 - 00005804 _____ C:\Users\Büro\Desktop\JRT.txt
2015-08-20 17:42 - 2015-08-20 17:42 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Büro\Downloads\JRT.exe
2015-08-20 17:38 - 2015-08-20 17:38 - 00000000 ____D C:\AdwCleaner
2015-08-20 17:37 - 2015-08-20 17:37 - 01585664 _____ C:\Users\Büro\Downloads\AdwCleaner_5.002.exe
2015-08-20 17:36 - 2015-08-20 17:36 - 00001208 _____ C:\Users\Büro\Desktop\mbam.txt
2015-08-20 17:02 - 2015-08-20 17:35 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-20 17:02 - 2015-08-20 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-08-20 17:02 - 2015-08-20 17:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-20 17:02 - 2015-08-20 17:02 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-08-20 17:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-20 17:02 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-20 17:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-20 17:00 - 2015-08-20 17:01 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Büro\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-19 18:02 - 2015-08-11 03:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 18:02 - 2015-08-11 03:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 18:02 - 2015-08-11 02:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 18:02 - 2015-08-11 02:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-19 17:48 - 2015-08-19 17:48 - 00022953 _____ C:\ComboFix.txt
2015-08-19 17:09 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-19 17:09 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-19 17:09 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-19 17:09 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-19 17:02 - 2015-08-19 17:49 - 00000000 ____D C:\Qoobox
2015-08-19 17:02 - 2015-08-19 17:45 - 00000000 ____D C:\Windows\erdnt
2015-08-19 17:00 - 2015-08-19 17:01 - 05635271 ____R (Swearware) C:\Users\Büro\Downloads\ComboFix.exe
2015-08-19 16:50 - 2015-08-19 16:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Büro\Downloads\revosetup95.exe
2015-08-19 16:50 - 2015-08-19 16:50 - 00001268 _____ C:\Users\Büro\Desktop\Revo Uninstaller.lnk
2015-08-19 16:50 - 2015-08-19 16:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-17 21:35 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 21:35 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 17:51 - 2015-08-20 17:28 - 00000000 ____D C:\Windows\Minidump
2015-08-17 17:51 - 2015-08-17 17:51 - 512876665 _____ C:\Windows\MEMORY.DMP
2015-08-17 17:51 - 2015-08-17 17:51 - 00275768 _____ C:\Windows\Minidump\081715-27877-01.dmp
2015-08-17 17:35 - 2015-08-17 17:35 - 00014457 _____ C:\Users\Büro\Desktop\Gmer.log
2015-08-17 17:15 - 2015-08-17 17:15 - 00380416 _____ C:\Users\Büro\Downloads\Gmer-19357.exe
2015-08-17 17:12 - 2015-08-17 17:13 - 00093297 _____ C:\Users\Büro\Downloads\Addition.txt
2015-08-17 17:11 - 2015-08-21 20:49 - 00023869 _____ C:\Users\Büro\Downloads\FRST.txt
2015-08-17 17:10 - 2015-08-21 20:49 - 00000000 ____D C:\FRST
2015-08-17 17:10 - 2015-08-20 17:51 - 02173952 _____ (Farbar) C:\Users\Büro\Downloads\FRST64.exe
2015-08-17 17:08 - 2015-08-17 17:08 - 00000470 _____ C:\Users\Büro\Downloads\defogger_disable.log
2015-08-17 17:08 - 2015-08-17 17:08 - 00000000 _____ C:\Users\Büro\defogger_reenable
2015-08-17 17:07 - 2015-08-17 17:07 - 00050477 _____ C:\Users\Büro\Downloads\Defogger.exe
2015-08-17 14:37 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-17 14:37 - 2015-07-30 20:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-17 14:37 - 2015-07-30 19:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-17 14:37 - 2015-07-30 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-17 14:37 - 2015-07-30 18:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-17 14:37 - 2015-07-30 18:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-17 14:37 - 2015-07-30 18:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-17 14:37 - 2015-07-28 22:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-17 14:37 - 2015-07-28 22:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-17 14:37 - 2015-07-28 22:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-17 14:37 - 2015-07-28 21:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-17 14:37 - 2015-07-15 20:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-17 14:37 - 2015-07-15 20:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-17 14:37 - 2015-07-15 20:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-17 14:37 - 2015-07-15 20:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-17 14:37 - 2015-07-15 20:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-17 14:37 - 2015-07-15 20:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-17 14:37 - 2015-07-15 20:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-17 14:37 - 2015-07-15 20:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-17 14:37 - 2015-07-15 20:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-17 14:37 - 2015-07-15 20:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-17 14:37 - 2015-07-15 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-17 14:37 - 2015-07-15 20:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-17 14:37 - 2015-07-15 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-17 14:37 - 2015-07-15 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 20:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-17 14:37 - 2015-07-15 19:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-17 14:37 - 2015-07-15 19:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-17 14:37 - 2015-07-15 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-17 14:37 - 2015-07-15 19:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-17 14:37 - 2015-07-15 19:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-17 14:37 - 2015-07-15 19:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-17 14:37 - 2015-07-15 19:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-17 14:37 - 2015-07-15 19:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-17 14:37 - 2015-07-15 19:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 19:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-17 14:37 - 2015-07-15 18:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-17 14:37 - 2015-07-15 18:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-17 14:37 - 2015-07-15 18:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-17 14:37 - 2015-07-15 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-17 14:37 - 2015-07-15 18:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 18:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 18:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 18:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-17 14:37 - 2015-07-15 05:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-17 14:37 - 2015-07-15 05:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-17 14:37 - 2015-07-15 05:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-17 14:37 - 2015-07-15 05:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-17 14:37 - 2015-07-15 04:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-17 14:37 - 2015-07-15 04:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-17 14:37 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-17 14:37 - 2015-07-15 04:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-17 14:37 - 2015-06-03 22:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-08-17 14:36 - 2015-07-15 05:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-17 14:36 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-17 14:36 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-17 14:35 - 2015-07-21 02:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-17 14:35 - 2015-07-21 02:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-17 14:35 - 2015-07-16 22:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-17 14:35 - 2015-07-16 22:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-17 14:35 - 2015-07-16 22:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-17 14:35 - 2015-07-16 22:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-17 14:35 - 2015-07-16 22:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-17 14:35 - 2015-07-16 22:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-17 14:35 - 2015-07-16 22:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-17 14:35 - 2015-07-16 22:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-17 14:35 - 2015-07-16 22:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-17 14:35 - 2015-07-16 22:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-17 14:35 - 2015-07-16 22:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-17 14:35 - 2015-07-16 22:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-17 14:35 - 2015-07-16 22:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-17 14:35 - 2015-07-16 22:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-17 14:35 - 2015-07-16 22:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-17 14:35 - 2015-07-16 22:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-17 14:35 - 2015-07-16 22:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-17 14:35 - 2015-07-16 22:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-17 14:35 - 2015-07-16 21:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-17 14:35 - 2015-07-16 21:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-17 14:35 - 2015-07-16 21:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-17 14:35 - 2015-07-16 21:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-17 14:35 - 2015-07-16 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-17 14:35 - 2015-07-16 21:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-17 14:35 - 2015-07-16 21:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-17 14:35 - 2015-07-16 21:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-17 14:35 - 2015-07-16 21:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-17 14:35 - 2015-07-16 21:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-17 14:35 - 2015-07-16 21:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-17 14:35 - 2015-07-16 21:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-17 14:35 - 2015-07-16 21:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-17 14:35 - 2015-07-16 21:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-17 14:35 - 2015-07-16 21:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-17 14:35 - 2015-07-16 21:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-17 14:35 - 2015-07-16 21:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-17 14:35 - 2015-07-16 21:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-17 14:35 - 2015-07-16 21:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-17 14:35 - 2015-07-16 21:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-17 14:35 - 2015-07-16 21:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-17 14:35 - 2015-07-16 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-17 14:35 - 2015-07-16 21:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-17 14:35 - 2015-07-16 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-17 14:35 - 2015-07-16 21:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-17 14:35 - 2015-07-16 21:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-17 14:35 - 2015-07-16 21:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-17 14:35 - 2015-07-16 21:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-17 14:35 - 2015-07-16 21:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-17 14:35 - 2015-07-16 21:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-17 14:35 - 2015-07-16 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-17 14:35 - 2015-07-16 21:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-17 14:35 - 2015-07-16 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-17 14:35 - 2015-07-16 20:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-17 14:35 - 2015-07-16 20:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-17 14:35 - 2015-07-16 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-17 14:32 - 2015-07-16 21:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-17 14:32 - 2015-07-16 21:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-17 14:32 - 2015-07-16 21:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-17 14:32 - 2015-07-16 21:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-17 14:32 - 2015-07-16 21:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-17 14:32 - 2015-07-16 21:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-17 14:32 - 2015-07-01 22:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-17 14:32 - 2015-07-01 22:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-17 14:32 - 2015-07-01 22:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-17 14:32 - 2015-07-01 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-17 14:31 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-17 14:31 - 2015-07-09 19:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-17 14:31 - 2015-07-09 19:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-17 14:13 - 2015-07-20 20:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-17 14:13 - 2015-07-20 20:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-17 14:13 - 2015-07-20 20:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-17 14:13 - 2015-07-20 20:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-17 14:13 - 2015-07-20 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-17 14:13 - 2015-07-20 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-17 14:13 - 2015-07-20 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-17 14:13 - 2015-07-20 19:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-17 14:13 - 2015-07-20 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-17 14:13 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-08-17 14:13 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-08-17 14:13 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-08-17 14:12 - 2015-07-10 19:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-17 14:12 - 2015-07-10 19:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-17 14:12 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-17 14:12 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-17 14:12 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-17 14:12 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-17 14:12 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-17 14:12 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-17 14:12 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-17 14:12 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-17 14:12 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-08-17 14:12 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-17 14:12 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-17 14:12 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-08-17 14:12 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-08-17 14:12 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-17 14:12 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-08-17 14:12 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-08-17 14:12 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-08-17 13:42 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-17 13:42 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-17 13:42 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-17 13:42 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-08-17 13:40 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-17 13:40 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-17 13:06 - 2015-08-17 13:06 - 00000000 ____D C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-17 12:52 - 2015-08-17 12:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0d8dac8c261f9.job
2015-08-01 13:55 - 2015-08-01 13:55 - 00000000 ____H C:\Users\Büro\AppData\Local\BITF48F.tmp
2015-08-01 13:55 - 2015-08-01 13:55 - 00000000 _____ C:\Users\Büro\AppData\Local\{C630AAEB-8C79-41B3-9A7E-5CE35D47870D}
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-08-21 19:56 - 2015-01-19 17:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-21 19:19 - 2012-09-29 11:44 - 01676377 _____ C:\Windows\WindowsUpdate.log
2015-08-21 18:15 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-21 18:15 - 2009-07-14 06:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-21 18:07 - 2012-11-01 17:59 - 00000000 ___RD C:\Users\Büro\Dropbox
2015-08-21 18:07 - 2012-11-01 17:51 - 00000000 ____D C:\Users\Büro\AppData\Roaming\Dropbox
2015-08-21 18:06 - 2012-11-01 17:21 - 00000000 ____D C:\Users\Büro\AppData\Local\HTC MediaHub
2015-08-21 18:05 - 2009-07-14 06:51 - 00208090 _____ C:\Windows\setupact.log
2015-08-20 17:39 - 2010-11-21 05:47 - 00473400 _____ C:\Windows\PFRO.log
2015-08-20 17:38 - 2012-09-29 11:48 - 00000000 ____D C:\Users\Büro
2015-08-20 17:26 - 2012-09-30 14:32 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-20 17:26 - 2012-09-30 14:32 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-20 17:26 - 2012-09-29 11:48 - 00001425 _____ C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-20 17:26 - 2012-09-29 11:46 - 00002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2015-08-19 17:34 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-08-19 16:53 - 2012-09-30 13:05 - 00000000 ____D C:\Users\Büro\AppData\Local\Google
2015-08-19 16:41 - 2011-05-16 16:04 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-08-19 16:41 - 2011-05-16 16:04 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-08-19 16:41 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-19 16:31 - 2009-07-14 06:45 - 00394736 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-19 16:29 - 2015-05-03 15:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-19 16:29 - 2015-05-03 15:41 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-19 16:29 - 2014-12-19 11:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-19 16:29 - 2014-05-31 12:22 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-19 16:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-17 21:35 - 2012-07-19 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-17 21:34 - 2012-07-19 01:39 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-17 21:34 - 2012-07-19 01:39 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-17 21:27 - 2013-08-17 13:14 - 00000000 ____D C:\Windows\system32\MRT
2015-08-17 13:09 - 2013-01-10 21:36 - 00002023 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-08-17 13:09 - 2011-07-18 23:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-08-17 13:00 - 2012-09-30 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-17 12:57 - 2013-03-30 14:21 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-08-17 12:57 - 2013-03-30 14:21 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-08-17 12:52 - 2015-05-20 20:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d09329a09fca16.job
2015-08-07 17:55 - 2015-06-13 12:24 - 00001124 _____ C:\Users\Public\Desktop\Avira.lnk
2015-08-07 17:55 - 2014-08-16 11:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-28 10:59 - 2011-07-18 22:31 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-08-01 13:55 - 2015-08-01 13:55 - 0000000 ____H () C:\Users\Büro\AppData\Local\BITF48F.tmp
2015-08-01 13:55 - 2015-08-01 13:55 - 0000000 _____ () C:\Users\Büro\AppData\Local\{C630AAEB-8C79-41B3-9A7E-5CE35D47870D}
Einige Dateien in TEMP:
====================
C:\Users\Büro\AppData\Local\Temp\avgnt.exe
C:\Users\Büro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsowbkt.dll
C:\Users\Büro\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2013-09-07 10:35
==================== Ende von Ergebnis ============================
|
|
22.08.2015, 11:43
| #12 |
| /// the machine /// TB-Ausbilder | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Java, Flash, Adobe und Thunderbird updaten. Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2015, 22:10
| #13 |
| | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Vielen Dank, geht nun wieder alles (= |
|
30.08.2015, 12:59
| #14 |
| /// the machine /// TB-Ausbilder | DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu DealPly.Gen, DealPly.Gen4, Agent.70656.1, bprotecotr.MG, BProtector.Gen2 und Delta.O gefunden. Wie entferne ich diese? |
| adobe, antivir, avira, bonjour, desktop, dnsapi.dll, entfernen, firefox, google, home, homepage, iexplore.exe, kaspersky, mozilla, newtab, object, prozesse, realtek, registry, scan, services.exe, software, svchost.exe, system, temp, viren, windows |
dann auf 
und dann auf 
. 
+ R Taste und schreibe Combofix /Uninstall in das 
