Win 7 Rechner mit Trojaner TR/AD.Gamarue.Y.1144 infiziert
Code:
18:11:32 = Process Attach
18:11:32 = end process attach
18:11:32 = ***** NULL == SampleProvider *****
18:11:32 = hWnd = 0x0003032e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
18:11:32 = hWnd = 0x000403a0; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:32 = hWnd = 0x000403aa; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:32 = hWnd = 0x000403ea; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
18:11:32 = hWnd = 0x000403a4; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:32 = hWnd = 0x00050324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:32 = hWnd = 0x00030328; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:32 = hWnd = 0x000203d2; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000602ca; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000a0396; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x000403a8; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = hWnd = 0x0003032a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:32 = Need to re-create objects.
18:11:32 = s1.
18:11:32 = s2.
18:11:32 = find user name
18:11:32 = Start show animate
18:11:33 = Shell Excutute VerifyHost
18:11:33 = find user name
18:11:33 = find user name
18:11:33 = find user name
18:11:33 = begin close Process
18:11:33 = Terminate Process
18:11:34 = end close Process
18:11:34 = DLL_PROCESS_DETACH
18:11:43 = Process Attach
18:11:43 = end process attach
18:11:43 = ##### Begin waiting Mutex to release process #####
18:11:43 = ***** NULL == SampleProvider *****
18:11:43 = hWnd = 0x0004032c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:43 = hWnd = 0x0004032a; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:43 = hWnd = 0x00040364; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x0004036c; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000503e4; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000603a6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:11:43 = hWnd = 0x000503a0; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:11:43 = hWnd = 0x000503aa; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:43 = hWnd = 0x000503a4; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:43 = hWnd = 0x000403dc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:43 = hWnd = 0x000503a8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000403ec; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000b0396; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = hWnd = 0x000603ac; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:43 = Need to re-create objects.
18:11:43 = s1.
18:11:43 = s2.
18:11:43 = find user name
18:11:43 = Start show animate
18:11:45 = Shell Excutute VerifyHost
18:11:45 = find user name
18:11:46 = find user name
18:11:47 = begin close Process
18:11:47 = Terminate Process
18:11:48 = end close Process
18:11:48 = DLL_PROCESS_DETACH
18:11:51 = Process Attach
18:11:51 = end process attach
18:11:51 = ***** NULL == SampleProvider *****
18:11:51 = hWnd = 0x000503ee; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:11:51 = hWnd = 0x000d0396; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:11:51 = hWnd = 0x000603a8; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:11:51 = hWnd = 0x00050328; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:11:51 = hWnd = 0x000403fa; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000403da; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000503dc; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:11:51 = hWnd = 0x0005032c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:11:51 = hWnd = 0x0007036c; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:11:51 = hWnd = 0x000703e0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000703ac; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000503ec; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = hWnd = 0x000c0324; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:11:51 = Need to re-create objects.
18:11:51 = s1.
18:11:51 = s2.
18:11:51 = find user name
18:11:51 = Start show animate
18:11:52 = Shell Excutute VerifyHost
18:11:52 = find user name
18:11:53 = begin close Process
18:11:53 = Terminate Process
18:11:54 = end close Process
18:11:54 = DLL_PROCESS_DETACH
18:17:39 = Process Attach
18:17:39 = end process attach
18:17:39 = ##### Begin waiting Mutex to release process #####
18:17:39 = ***** NULL == SampleProvider *****
18:17:39 = hWnd = 0x00d103fa; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:17:39 = hWnd = 0x000902f6; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:17:39 = hWnd = 0x00060326; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000a0388; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000603b4; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x0004017e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=4, y=271, width=466, height=378
18:17:39 = hWnd = 0x00060312; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=252, width=491, height=476
18:17:39 = hWnd = 0x00090322; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:17:39 = hWnd = 0x00040176; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:17:39 = hWnd = 0x000502e2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:17:39 = hWnd = 0x000502d8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000602e8; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x000502e6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = hWnd = 0x00090320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:17:39 = Need to re-create objects.
18:17:39 = s1.
18:17:39 = s2.
18:17:39 = find user name
18:17:39 = Start show animate
18:17:40 = Shell Excutute VerifyHost
18:17:40 = find user name
18:17:42 = find user name
18:17:42 = begin close Process
18:17:42 = Terminate Process
18:17:43 = end close Process
18:17:43 = DLL_PROCESS_DETACH
18:18:45 = Process Attach
18:18:45 = end process attach
18:18:45 = ***** NULL == SampleProvider *****
18:18:45 = hWnd = 0x000702e2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:18:45 = hWnd = 0x000d033c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:18:45 = hWnd = 0x00080312; ClassName: #32770; Title: Benutzerkontensteuerung.
x=23f, y=245, width=216, height=238
18:18:45 = hWnd = 0x000b02f6; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:18:45 = hWnd = 0x000b0320; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:18:45 = hWnd = 0x00100324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:18:45 = hWnd = 0x0007026e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:18:45 = hWnd = 0x000b0322; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x000702ea; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x000b036c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = hWnd = 0x00090326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:45 = Need to re-create objects.
18:18:45 = s1.
18:18:45 = s2.
18:18:45 = find user name
18:18:45 = Start show animate
18:18:46 = Shell Excutute VerifyHost
18:18:46 = find user name
18:18:47 = find user name
18:18:47 = begin close Process
18:18:47 = Terminate Process
18:18:48 = end close Process
18:18:48 = DLL_PROCESS_DETACH
18:18:51 = Process Attach
18:18:51 = end process attach
18:18:51 = ***** NULL == SampleProvider *****
18:18:51 = hWnd = 0x000f0388; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:18:51 = hWnd = 0x000d036c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:18:51 = hWnd = 0x000c02f6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
18:18:51 = hWnd = 0x000902e6; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
18:18:51 = hWnd = 0x0008026e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:18:51 = hWnd = 0x000802e2; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:18:51 = hWnd = 0x000802d6; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:18:51 = hWnd = 0x000802f0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x000c0320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x00100380; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x000a0326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = hWnd = 0x00100344; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:18:51 = Need to re-create objects.
18:18:51 = s1.
18:18:51 = s2.
18:18:51 = find user name
18:18:51 = Start show animate
18:18:53 = Shell Excutute VerifyHost
18:18:53 = begin close Process
18:18:53 = Terminate Process
18:18:54 = end close Process
18:18:54 = DLL_PROCESS_DETACH
18:22:14 = Process Attach
18:22:14 = end process attach
18:22:14 = ##### Begin waiting Mutex to release process #####
18:22:14 = ***** NULL == SampleProvider *****
18:22:14 = hWnd = 0x0015035c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:22:14 = hWnd = 0x001c036c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:22:14 = hWnd = 0x000401f4; ClassName: #32770; Title: Benutzerkontensteuerung.
x=23b, y=195, width=466, height=399
18:22:14 = hWnd = 0x000a03bc; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=1a2, y=180, width=788, height=489
18:22:14 = hWnd = 0x00070352; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x00040254; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000b0336; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:22:14 = hWnd = 0x000a0338; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:22:14 = hWnd = 0x001d02e2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:22:14 = hWnd = 0x00040160; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x00100350; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000401ae; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = hWnd = 0x000f0176; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:22:14 = Need to re-create objects.
18:22:14 = s1.
18:22:14 = s2.
18:22:14 = find user name
18:22:14 = Start show animate
18:22:16 = Shell Excutute VerifyHost
18:22:16 = find user name
18:22:16 = begin close Process
18:22:16 = Terminate Process
18:22:17 = end close Process
18:22:17 = DLL_PROCESS_DETACH
18:38:19 = Process Attach
18:38:19 = end process attach
18:38:19 = ***** NULL == SampleProvider *****
18:38:19 = ##### Begin waiting Mutex to release process #####
18:38:19 = hWnd = 0x00150354; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:38:19 = hWnd = 0x000f03f8; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:38:19 = hWnd = 0x0006025e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:38:19 = hWnd = 0x00100394; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:38:21 = Process Attach
18:38:21 = ## ERR ## Setevent
18:38:21 = ***** NULL == SampleProvider *****
18:38:21 = begin close Process
18:38:21 = end close Process
18:38:21 = ##### Get event and release process end #####
18:38:21 = hWnd = 0x0062009e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
18:38:21 = hWnd = 0x00160084; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:38:21 = hWnd = 0x00030044; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:38:21 = hWnd = 0x001b007c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:39:14 = Process Attach
18:39:14 = end process attach
18:39:14 = ***** NULL == SampleProvider *****
18:39:14 = ##### Begin waiting Mutex to release process #####
18:39:14 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:39:14 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:39:14 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:39:14 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:39:23 = Need to re-create objects.
18:39:23 = s1.
18:39:23 = s2.
18:39:23 = find user name
18:39:23 = Start show animate
18:39:25 = Shell Excutute VerifyHost
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:25 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:29 = find user name
18:39:30 = find user name
18:39:30 = find user name
18:39:30 = find user name
18:39:41 = begin close Process
18:39:41 = Terminate Process
18:39:42 = end close Process
18:39:42 = DLL_PROCESS_DETACH
18:40:44 = Process Attach
18:40:44 = end process attach
18:40:44 = ##### Begin waiting Mutex to release process #####
18:40:44 = ***** NULL == SampleProvider *****
18:40:44 = hWnd = 0x000302d6; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:40:44 = hWnd = 0x000202da; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:40:44 = hWnd = 0x000103a2; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
18:40:44 = hWnd = 0x0002039a; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
18:40:44 = hWnd = 0x000103c2; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000103c6; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x00040394; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:40:44 = hWnd = 0x0001039e; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:40:44 = hWnd = 0x000602d2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:40:44 = hWnd = 0x0001039c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x00020398; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000103a0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = hWnd = 0x000502ce; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:40:44 = Need to re-create objects.
18:40:44 = s1.
18:40:44 = s2.
18:40:44 = find user name
18:40:44 = Start show animate
18:40:45 = Shell Excutute VerifyHost
18:40:45 = find user name
18:40:46 = begin close Process
18:40:46 = Terminate Process
18:40:47 = end close Process
18:40:47 = DLL_PROCESS_DETACH
18:59:2 = Process Attach
18:59:2 = end process attach
18:59:2 = ***** NULL == SampleProvider *****
18:59:2 = hWnd = 0x000403ba; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:59:2 = hWnd = 0x000a039c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:59:2 = hWnd = 0x000403b0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:59:2 = hWnd = 0x000403bc; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:59:6 = Process Attach
18:59:6 = ## ERR ## Setevent
18:59:6 = ##### Get event and release process #####
18:59:6 = begin close Process
18:59:6 = end close Process
18:59:6 = ##### Get event and release process end #####
18:59:49 = Process Attach
18:59:49 = end process attach
18:59:49 = ***** NULL == SampleProvider *****
18:59:49 = ##### Begin waiting Mutex to release process #####
18:59:49 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
18:59:49 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:59:49 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:59:49 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:59:56 = Need to re-create objects.
18:59:56 = s1.
18:59:56 = s2.
18:59:56 = find user name
18:59:56 = Start show animate
18:59:58 = Shell Excutute VerifyHost
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:58 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
18:59:59 = find user name
19:0:1 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:2 = find user name
19:0:3 = find user name
19:0:3 = find user name
19:0:3 = find user name
21:37:14 = Process Attach
21:37:14 = end process attach
21:37:14 = ##### Begin waiting Mutex to release process #####
21:37:14 = hWnd = 0x0008034c; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:37:14 = hWnd = 0x000602c6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x00020352; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x0002032e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = hWnd = 0x0005036a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:14 = Need to re-create objects.
21:37:14 = s1.
21:37:14 = s2.
21:37:14 = find user name
21:37:14 = Start show animate
21:37:16 = Shell Excutute VerifyHost
21:37:16 = begin close Process
21:37:16 = Terminate Process
21:37:17 = end close Process
21:37:17 = DLL_PROCESS_DETACH
21:37:28 = Process Attach
21:37:28 = end process attach
21:37:28 = ##### Begin waiting Mutex to release process #####
21:37:28 = ***** NULL == SampleProvider *****
21:37:28 = hWnd = 0x0006036a; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
21:37:28 = hWnd = 0x0009034c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
21:37:28 = hWnd = 0x0003038e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030378; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030374; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x000702c6; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
21:37:28 = hWnd = 0x0009035c; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
21:37:28 = hWnd = 0x00080392; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
21:37:28 = hWnd = 0x0003033c; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
21:37:28 = hWnd = 0x0005032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:37:28 = hWnd = 0x00030346; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x000b03fe; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x00030352; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = hWnd = 0x0007039c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:37:28 = Need to re-create objects.
21:37:28 = s1.
21:37:28 = s2.
21:37:28 = find user name
21:37:28 = Start show animate
21:37:29 = Shell Excutute VerifyHost
21:37:29 = find user name
21:37:34 = begin close Process
21:37:34 = Terminate Process
21:37:35 = end close Process
21:37:35 = DLL_PROCESS_DETACH
21:43:3 = Process Attach
21:43:3 = end process attach
21:43:3 = ***** NULL == SampleProvider *****
21:43:3 = hWnd = 0x00110378; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
21:43:3 = hWnd = 0x000603ae; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
21:43:3 = hWnd = 0x000403da; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = ##### Begin waiting Mutex to release process #####
21:43:3 = hWnd = 0x000603e0; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000502c8; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x00060154; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
21:43:3 = hWnd = 0x00080394; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
21:43:3 = hWnd = 0x000a0354; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
21:43:3 = hWnd = 0x0008036a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
21:43:3 = hWnd = 0x000502d2; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
21:43:3 = hWnd = 0x000a0352; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000c032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x000a0392; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = hWnd = 0x00070320; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
21:43:3 = Need to re-create objects.
21:43:3 = s1.
21:43:3 = s2.
21:43:3 = find user name
21:43:3 = Start show animate
21:43:4 = Shell Excutute VerifyHost
21:43:4 = find user name
21:43:5 = begin close Process
21:43:5 = Terminate Process
21:43:6 = end close Process
21:43:6 = DLL_PROCESS_DETACH
0:11:53 = Process Attach
0:11:53 = end process attach
0:11:53 = ##### Begin waiting Mutex to release process #####
0:11:53 = hWnd = 0x00110352; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
0:11:53 = hWnd = 0x000c02fe; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
0:11:53 = hWnd = 0x000902f8; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
0:11:53 = hWnd = 0x000e033c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
0:11:56 = Process Attach
0:11:56 = ## ERR ## Setevent
0:11:56 = ##### Get event and release process #####
0:11:56 = begin close Process
0:11:56 = end close Process
0:11:56 = ##### Get event and release process end #####
0:11:56 = ***** NULL == SampleProvider *****
0:11:56 = hWnd = 0x00cf0072; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
0:11:56 = hWnd = 0x00cf005a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
0:11:56 = hWnd = 0x00030078; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
0:11:56 = hWnd = 0x00980038; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
9:11:39 = Process Attach
9:11:39 = end process attach
9:11:39 = ***** NULL == SampleProvider *****
9:11:39 = ##### Begin waiting Mutex to release process #####
9:11:39 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
9:11:39 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
9:11:39 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
9:11:39 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
9:11:39 = Need to re-create objects.
9:11:39 = s1.
9:11:39 = s2.
9:11:39 = find user name
9:11:39 = Start show animate
9:11:41 = Shell Excutute VerifyHost
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:11:41 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:10 = find user name
9:15:11 = find user name
9:15:11 = find user name
9:15:11 = find user name
9:15:18 = begin close Process
9:15:18 = Terminate Process
9:15:19 = end close Process
9:15:19 = DLL_PROCESS_DETACH
12:31:1 = Process Attach
12:31:1 = end process attach
12:31:1 = ##### Begin waiting Mutex to release process #####
12:31:1 = hWnd = 0x0002041a; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
12:31:1 = hWnd = 0x00040440; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
12:31:1 = hWnd = 0x000203c0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
12:31:1 = hWnd = 0x000803b0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
12:31:1 = Need to re-create objects.
12:31:1 = s1.
12:31:1 = s2.
12:31:1 = find user name
12:31:1 = Start show animate
12:31:3 = Is Black Sceen wait
12:31:3 = black wait1
12:31:4 = Is Black Sceen wait
12:31:4 = black wait2
12:31:6 = Is Black Sceen wait
12:31:6 = black wait3
12:37:11 = Shell Excutute VerifyHost
12:37:14 = find user name
12:37:14 = find user name
12:37:14 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:16 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:34 = find user name
12:37:35 = begin close Process
12:37:35 = Terminate Process
12:37:36 = end close Process
12:37:36 = DLL_PROCESS_DETACH
13:26:50 = Process Attach
13:26:50 = end process attach
13:26:50 = ***** NULL == SampleProvider *****
13:26:50 = hWnd = 0x000b0434; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
13:26:50 = hWnd = 0x000a0472; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
13:26:50 = hWnd = 0x000b03f6; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00070490; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x000f0432; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x001003ec; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
13:26:50 = hWnd = 0x0004046c; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
13:26:50 = hWnd = 0x001003fa; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
13:26:50 = hWnd = 0x000a045a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
13:26:50 = hWnd = 0x000b033a; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
13:26:50 = hWnd = 0x002203d0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00100428; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x000f03bc; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = hWnd = 0x00100476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:50 = Need to re-create objects.
13:26:50 = s1.
13:26:50 = s2.
13:26:50 = find user name
13:26:50 = Start show animate
13:26:52 = Shell Excutute VerifyHost
13:26:52 = begin close Process
13:26:52 = end close Process
13:26:52 = DLL_PROCESS_DETACH
13:26:55 = Process Attach
13:26:55 = end process attach
13:26:55 = ***** NULL == SampleProvider *****
13:26:55 = hWnd = 0x000503a6; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
13:26:55 = ##### Begin waiting Mutex to release process #####
13:26:55 = hWnd = 0x000b0454; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
13:26:55 = hWnd = 0x00110428; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
13:26:55 = hWnd = 0x001103d8; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
13:26:55 = hWnd = 0x00110412; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x000e044e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x000c033a; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
13:26:55 = hWnd = 0x000c0434; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
13:26:55 = hWnd = 0x001203bc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
13:26:55 = hWnd = 0x000d03e4; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x00110476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x0005046c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = hWnd = 0x00080398; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
13:26:55 = Need to re-create objects.
13:26:55 = s1.
13:26:55 = s2.
13:26:55 = find user name
13:26:55 = Start show animate
13:26:57 = Shell Excutute VerifyHost
13:26:57 = find user name
13:26:58 = begin close Process
13:26:58 = Terminate Process
13:26:59 = end close Process
13:26:59 = DLL_PROCESS_DETACH
14:11:3 = Process Attach
14:11:3 = end process attach
14:11:3 = ##### Begin waiting Mutex to release process #####
14:11:3 = ***** NULL == SampleProvider *****
14:11:3 = hWnd = 0x000703b2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:3 = hWnd = 0x0005031e; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:3 = hWnd = 0x000403a8; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:3 = hWnd = 0x000303ac; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:3 = hWnd = 0x001803a0; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x002d03ce; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x00030324; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:3 = hWnd = 0x00030310; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:3 = hWnd = 0x0003032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:3 = hWnd = 0x0006032c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x00030326; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x0004035a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = hWnd = 0x0003031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:3 = Need to re-create objects.
14:11:3 = s1.
14:11:3 = s2.
14:11:3 = find user name
14:11:3 = Start show animate
14:11:4 = Shell Excutute VerifyHost
14:11:4 = find user name
14:11:4 = find user name
14:11:5 = begin close Process
14:11:5 = end close Process
14:11:5 = DLL_PROCESS_DETACH
14:11:5 = Process Attach
14:11:5 = end process attach
14:11:5 = ##### Begin waiting Mutex to release process #####
14:11:5 = ***** NULL == SampleProvider *****
14:11:5 = hWnd = 0x0006031e; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:5 = hWnd = 0x001a03ea; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:5 = hWnd = 0x0016046c; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:5 = hWnd = 0x000403ac; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:5 = hWnd = 0x00040320; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x00030322; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x001c03a0; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:5 = hWnd = 0x00040324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:5 = hWnd = 0x00060334; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:5 = hWnd = 0x0007032c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x000803b2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x00140476; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = hWnd = 0x0004032e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:5 = Need to re-create objects.
14:11:5 = s1.
14:11:5 = s2.
14:11:5 = find user name
14:11:5 = Start show animate
14:11:6 = Shell Excutute VerifyHost
14:11:6 = find user name
14:11:7 = find user name
14:11:7 = begin close Process
14:11:7 = Terminate Process
14:11:8 = end close Process
14:11:8 = DLL_PROCESS_DETACH
14:11:8 = Process Attach
14:11:8 = end process attach
14:11:8 = ##### Begin waiting Mutex to release process #####
14:11:8 = ***** NULL == SampleProvider *****
14:11:8 = hWnd = 0x00070334; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:8 = hWnd = 0x002303bc; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:8 = hWnd = 0x00050326; ClassName: #32770; Title: Benutzerkontensteuerung.
x=c5, y=42, width=466, height=399
14:11:8 = hWnd = 0x001b03ea; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=64, y=100, width=677, height=342
14:11:8 = hWnd = 0x0005018e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x000703aa; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0005032e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:8 = hWnd = 0x001d03a0; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:8 = hWnd = 0x00160476; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:8 = hWnd = 0x0007031e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0005031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x0008032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = hWnd = 0x00070318; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:8 = Need to re-create objects.
14:11:8 = s1.
14:11:8 = s2.
14:11:8 = find user name
14:11:8 = Start show animate
14:11:10 = Shell Excutute VerifyHost
14:11:10 = find user name
14:11:11 = find user name
14:11:11 = begin close Process
14:11:11 = Terminate Process
14:11:12 = end close Process
14:11:12 = DLL_PROCESS_DETACH
14:11:19 = Process Attach
14:11:19 = end process attach
14:11:19 = ##### Begin waiting Mutex to release process #####
14:11:19 = ***** NULL == SampleProvider *****
14:11:19 = hWnd = 0x00060310; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:11:19 = hWnd = 0x0007035a; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:11:19 = hWnd = 0x00110396; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x00190480; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x00080318; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=154, width=466, height=399
14:11:19 = hWnd = 0x002403e0; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:11:19 = hWnd = 0x003203ce; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:11:19 = hWnd = 0x00080324; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:11:19 = hWnd = 0x000e047a; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:11:19 = hWnd = 0x00180476; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x002003a0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x000a03aa; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = hWnd = 0x0007033c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:11:19 = Need to re-create objects.
14:11:19 = s1.
14:11:19 = s2.
14:11:19 = find user name
14:11:19 = Start show animate
14:11:20 = Shell Excutute VerifyHost
14:11:20 = find user name
14:11:21 = begin close Process
14:11:21 = Terminate Process
14:11:22 = end close Process
14:11:22 = DLL_PROCESS_DETACH
14:15:45 = Process Attach
14:15:45 = end process attach
14:15:45 = ***** NULL == SampleProvider *****
14:15:45 = hWnd = 0x001b03ca; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:15:45 = hWnd = 0x001c0480; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:15:45 = hWnd = 0x00090340; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:15:45 = hWnd = 0x000b0324; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:15:49 = Process Attach
14:15:49 = ## ERR ## Setevent
14:15:49 = ##### Get event and release process #####
14:15:49 = begin close Process
14:15:49 = end close Process
14:15:49 = ##### Get event and release process end #####
14:15:49 = ***** NULL == SampleProvider *****
14:15:49 = hWnd = 0x0002010e; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1024, height=768
14:15:49 = hWnd = 0x0002012a; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:15:49 = hWnd = 0x000200b0; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:15:49 = hWnd = 0x00020128; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:17:17 = Process Attach
14:17:17 = end process attach
14:17:17 = ***** NULL == SampleProvider *****
14:17:17 = ##### Begin waiting Mutex to release process #####
14:17:17 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:17:17 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:17:17 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:17:17 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:17:20 = Need to re-create objects.
14:17:20 = s1.
14:17:20 = s2.
14:17:20 = find user name
14:17:20 = Start show animate
14:17:21 = Shell Excutute VerifyHost
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:21 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:17:38 = find user name
14:18:10 = begin close Process
14:18:10 = Terminate Process
14:18:11 = end close Process
14:18:11 = DLL_PROCESS_DETACH
14:20:6 = Process Attach
14:20:6 = end process attach
14:20:6 = ##### Begin waiting Mutex to release process #####
14:20:6 = ***** NULL == SampleProvider *****
14:20:6 = hWnd = 0x00050324; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:20:6 = hWnd = 0x00050322; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:20:6 = hWnd = 0x00010342; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x00010346; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0001034a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0006031e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:20:6 = hWnd = 0x00050330; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:20:6 = hWnd = 0x0005031a; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:20:6 = hWnd = 0x000302d8; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:20:6 = hWnd = 0x0005032e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:20:6 = hWnd = 0x000302d6; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x00050316; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0006032c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = hWnd = 0x0005031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:6 = Need to re-create objects.
14:20:6 = s1.
14:20:6 = s2.
14:20:6 = find user name
14:20:6 = Start show animate
14:20:7 = Shell Excutute VerifyHost
14:20:7 = find user name
14:20:8 = find user name
14:20:8 = begin close Process
14:20:8 = Terminate Process
14:20:9 = end close Process
14:20:9 = DLL_PROCESS_DETACH
14:20:13 = Process Attach
14:20:13 = end process attach
14:20:13 = ##### Begin waiting Mutex to release process #####
14:20:13 = ***** NULL == SampleProvider *****
14:20:13 = hWnd = 0x00060314; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:20:13 = hWnd = 0x0008032c; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:20:13 = hWnd = 0x0002033e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0002033a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0004030e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x00030348; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:20:13 = hWnd = 0x00060320; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:20:13 = hWnd = 0x0006032e; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:20:13 = hWnd = 0x00030356; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:20:13 = hWnd = 0x00040346; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:20:13 = hWnd = 0x0008031e; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x0006031c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x00060322; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = hWnd = 0x000d002a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:20:13 = Need to re-create objects.
14:20:13 = s1.
14:20:13 = s2.
14:20:13 = find user name
14:20:13 = Start show animate
14:20:15 = Shell Excutute VerifyHost
14:20:15 = find user name
14:20:16 = begin close Process
14:20:16 = Terminate Process
14:20:17 = end close Process
14:20:17 = DLL_PROCESS_DETACH
14:39:11 = Process Attach
14:39:11 = end process attach
14:39:11 = ***** NULL == SampleProvider *****
14:39:11 = ##### Begin waiting Mutex to release process #####
14:39:11 = hWnd = 0x0001001c; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
14:39:11 = hWnd = 0x00010018; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:39:11 = hWnd = 0x00010022; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:39:11 = hWnd = 0x0001001a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:39:35 = Need to re-create objects.
14:39:35 = s1.
14:39:35 = s2.
14:39:37 = find user name
14:39:37 = Start show animate
14:39:38 = Shell Excutute VerifyHost
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:38 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:39 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:40 = find user name
14:39:55 = begin close Process
14:39:55 = Terminate Process
14:39:56 = end close Process
14:39:56 = DLL_PROCESS_DETACH
14:41:18 = Process Attach
14:41:18 = end process attach
14:41:18 = ***** NULL == SampleProvider *****
14:41:18 = hWnd = 0x000202d2; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:41:18 = hWnd = 0x000302d0; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:41:18 = hWnd = 0x00020322; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00020326; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x0002031e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00030316; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=127, width=466, height=378
14:41:18 = hWnd = 0x000202d8; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=19a, y=164, width=546, height=363
14:41:18 = hWnd = 0x000202d4; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:41:18 = hWnd = 0x000202de; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:41:18 = hWnd = 0x0003013e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:41:18 = hWnd = 0x000202dc; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x000202d6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00030300; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = hWnd = 0x00060372; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:18 = Need to re-create objects.
14:41:18 = s1.
14:41:18 = s2.
14:41:19 = find user name
14:41:19 = Start show animate
14:41:20 = Shell Excutute VerifyHost
14:41:20 = find user name
14:41:22 = find user name
14:41:22 = begin close Process
14:41:22 = Terminate Process
14:41:23 = end close Process
14:41:23 = DLL_PROCESS_DETACH
14:41:30 = Process Attach
14:41:30 = end process attach
14:41:30 = ***** NULL == SampleProvider *****
14:41:30 = ##### Begin waiting Mutex to release process #####
14:41:30 = hWnd = 0x000402c8; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
14:41:30 = hWnd = 0x000302ec; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
14:41:30 = hWnd = 0x0004013e; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=165, width=466, height=378
14:41:30 = hWnd = 0x000402de; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=0, y=0, width=1366, height=768
14:41:30 = hWnd = 0x00030344; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x0004031a; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x0003033c; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302cc; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
14:41:30 = hWnd = 0x00040326; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
14:41:30 = hWnd = 0x000700e0; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
14:41:30 = hWnd = 0x00050324; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302ca; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000302b2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = hWnd = 0x000602ee; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
14:41:30 = Need to re-create objects.
14:41:30 = s1.
14:41:30 = s2.
14:41:30 = find user name
14:41:30 = Start show animate
14:41:32 = Shell Excutute VerifyHost
14:41:32 = find user name
14:41:33 = begin close Process
14:41:33 = Terminate Process
14:41:34 = end close Process
14:41:34 = DLL_PROCESS_DETACH
15:45:40 = Process Attach
15:45:40 = end process attach
15:45:40 = ***** NULL == SampleProvider *****
15:45:40 = ##### Begin waiting Mutex to release process #####
15:45:40 = hWnd = 0x00030498; ClassName: AUTHUI.DLL: LogonUI Logon Window; Title: Windows-Anmeldung.
x=0, y=0, width=1366, height=768
15:45:40 = hWnd = 0x00050450; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
15:45:40 = hWnd = 0x0002042c; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
15:45:40 = hWnd = 0x000b027c; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
15:45:40 = Need to re-create objects.
15:45:40 = s1.
15:45:40 = s2.
15:45:41 = find user name
15:45:41 = Start show animate
15:45:42 = Is Black Sceen wait
15:45:42 = black wait1
15:45:44 = Is Black Sceen wait
15:45:44 = black wait2
15:45:45 = Is Black Sceen wait
15:45:45 = black wait3
15:45:47 = Shell Excutute VerifyHost
15:45:47 = find user name
15:45:47 = find user name
15:45:47 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
16:45:53 = find user name
17:25:38 = Bypass the object creation.
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:38 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:42 = find user name
17:25:43 = begin close Process
17:25:43 = Terminate Process
17:25:44 = end close Process
17:25:44 = DLL_PROCESS_DETACH
17:29:51 = Process Attach
17:29:51 = end process attach
17:29:51 = ##### Begin waiting Mutex to release process #####
17:29:51 = ***** NULL == SampleProvider *****
17:29:51 = hWnd = 0x0003053c; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
17:29:51 = hWnd = 0x00030528; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
17:29:51 = hWnd = 0x000304e2; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x00030522; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0002054e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003054a; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1ba, y=145, width=466, height=378
17:29:51 = hWnd = 0x0003053a; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=11b, y=84, width=800, height=560
17:29:51 = hWnd = 0x00040520; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
17:29:51 = hWnd = 0x00030546; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
17:29:51 = hWnd = 0x00060496; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
17:29:51 = hWnd = 0x00030542; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x00030538; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003053e; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = hWnd = 0x0003052a; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
17:29:51 = Need to re-create objects.
17:29:51 = s1.
17:29:51 = s2.
17:29:51 = find user name
17:29:51 = Start show animate
17:29:53 = Shell Excutute VerifyHost
17:29:53 = find user name
17:29:54 = begin close Process
17:29:54 = Terminate Process
17:29:55 = end close Process
17:29:55 = DLL_PROCESS_DETACH
18:3:25 = Process Attach
18:3:25 = end process attach
18:3:25 = ***** NULL == SampleProvider *****
18:3:25 = hWnd = 0x001302d4; ClassName: CiceroUIWndFrame; Title: CiceroUIWndFrame.
x=c8, y=200, width=200, height=200
18:3:25 = hWnd = 0x000602dc; ClassName: CiceroUIWndFrame; Title: TF_FloatingLangBar_WndTitle.
x=232, y=0, width=0, height=6
18:3:25 = hWnd = 0x0008030e; ClassName: CtrlNotifySink; Title: .
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x00050320; ClassName: #32770; Title: Benutzerkontensteuerung.
x=1c6, y=158, width=466, height=378
18:3:25 = hWnd = 0x000a03b2; ClassName: $$$Secure UAP Background Fake Client Window Class; Title: $$$Secure UAP Background Fake Client Window.
x=1e7, y=276, width=416, height=201
18:3:25 = hWnd = 0x000902d6; ClassName: $$$Secure UAP Background Window Class; Title: $$$Secure UAP Background Window.
x=0, y=0, width=1366, height=768
18:3:25 = hWnd = 0x00060342; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:3:25 = hWnd = 0x0006033e; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:3:25 = hWnd = 0x00060390; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x000a02d2; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x000b02c0; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = hWnd = 0x00070322; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:25 = Need to re-create objects.
18:3:25 = s1.
18:3:25 = s2.
18:3:25 = find user name
18:3:25 = Start show animate
18:3:26 = Shell Excutute VerifyHost
18:3:30 = begin close Process
18:3:30 = Terminate Process
18:3:31 = end close Process
18:3:31 = DLL_PROCESS_DETACH
18:3:58 = Process Attach
18:3:58 = end process attach
18:3:58 = ##### Begin waiting Mutex to release process #####
18:3:58 = hWnd = 0x00070538; ClassName: GDI+ Hook Window Class; Title: GDI+ Window.
x=0, y=0, width=1, height=1
18:3:58 = hWnd = 0x000802dc; ClassName: CicLoaderWndClass; Title: .
x=0, y=0, width=132, height=38
18:3:58 = hWnd = 0x00090316; ClassName: MSCTFIME UI; Title: MSCTFIME UI.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x000902c6; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x001502d4; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = hWnd = 0x000802da; ClassName: IME; Title: Default IME.
x=0, y=0, width=0, height=0
18:3:58 = Need to re-create objects.
18:3:58 = s1.
18:3:58 = s2.
18:3:58 = find user name
18:3:58 = Start show animate
18:4:0 = Shell Excutute VerifyHost
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = find user name
18:4:0 = begin close Process
18:4:0 = Terminate Process
18:4:1 = end close Process
18:4:1 = DLL_PROCESS_DETACH
Code:
Zoek.exe v5.0.0.1 Updated 12-November-2015
Tool run by Notebook on 15.11.2015 at 14:11:25,98.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nora\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
15.11.2015 14:12:32 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1146881843-1855949487-4122649668-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
Added to C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Nora\AppData\Roaming\Thunderbird\Profiles\zxuoypxh.default\prefs.js:
Added to C:\Users\Nora\AppData\Roaming\Thunderbird\Profiles\zxuoypxh.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\prefs.js:
Added to C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Notebook\AppData\Roaming\Thunderbird\Profiles\d9933684.default\prefs.js:
Added to C:\Users\Notebook\AppData\Roaming\Thunderbird\Profiles\d9933684.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Uwelchen\AppData\Roaming\Mozilla\Firefox\Profiles\eh4mrhim.default\prefs.js:
user_pref("browser.startup.homepage", "google.de");
Added to C:\Users\Uwelchen\AppData\Roaming\Mozilla\Firefox\Profiles\eh4mrhim.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Uwelchen\AppData\Roaming\Thunderbird\Profiles\0qsprsjc.default\prefs.js:
Added to C:\Users\Uwelchen\AppData\Roaming\Thunderbird\Profiles\0qsprsjc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Nora\AppData\Roaming\Thunderbird\Profiles\zxuoypxh.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Notebook\AppData\Roaming\Thunderbird\Profiles\d9933684.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Uwelchen\AppData\Roaming\Mozilla\Firefox\Profiles\eh4mrhim.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Uwelchen\AppData\Roaming\Thunderbird\Profiles\0qsprsjc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
ProfilePath: C:\Users\Nora\AppData\Roaming\Mozilla\Firefox\Profiles\3hw6nczf.default
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Google Analytics Opt-out Browser Add-on - %ProfilePath%\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\Notebook\AppData\Roaming\Thunderbird\Profiles\d9933684.default
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi
ProfilePath: C:\Users\Uwelchen\AppData\Roaming\Mozilla\Firefox\Profiles\eh4mrhim.default
- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi
- Ghostery - %ProfilePath%\extensions\firefox@ghostery.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Users\Uwelchen\AppData\Roaming\Thunderbird\Profiles\0qsprsjc.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\kr5q6a4y.default
2C82D753EF779945977C82A3908DA20A - C:\windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.90.5
1BFD18699636B8F1AA26675BA43D2F8F - C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll - Shockwave for Director / Shockwave for Director
F114FBA6246530B89DD1E04351E0EAC5 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll - Shockwave Flash
15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE506
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on Users Desktops ======================
C:\Users\Default\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Default\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
C:\Users\Default User\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Default User\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
C:\Users\Nora\Desktop\Avira PC Cleaner.lnk - C:\Users\Notebook\AppData\Local\Temp\cleaner\avwebloader.exe
C:\Users\Nora\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Nora\Desktop\Entfernen des Avira PC Cleaners.lnk - C:\Users\Notebook\AppData\Local\Temp\cleaner\cleaner-install.exe /remove
C:\Users\Nora\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
C:\Users\Nora\Desktop\Uni\Handout - interkulturelle Erziehung und Pädagogik - Verknüpfung.lnk - C:\Users\Nora\Documents\Handout - interkulturelle Erziehung und Pädagogik.docx
C:\Users\Notebook\Desktop\Cyberlink Power2Go.lnk - C:\Program Files (x86)\Lenovo\Power2Go\Power2Go.exe
C:\Users\Notebook\Desktop\Download Zusammenfassung.lnk - C:\Users\Notebook\AppData\Local\SpaceKace\Setup_FileViewPro_[2015_Editi\Setup_FileViewPro_[2015_Edition].exe
C:\Users\Notebook\Desktop\OneKey Recovery.lnk - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\OneKey Recovery.exe
C:\Users\Uwelchen\Desktop\Adobe Reader XI.lnk - C:\windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico
C:\Users\Uwelchen\Desktop\Microsoft Word 2010.lnk - C:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Free DWG Viewer.lnk - C:\Program Files (x86)\IGC\Free DWG Viewer\FreeDWGViewer.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Deu.chm
C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Power management options.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe
C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr
C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Deu.chm
C:\Users\Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Power management options.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Help file.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Deu.chm
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Energy Management\Power management options.Lnk - C:\Program Files (x86)\Lenovo\Energy Management\Open EnergyManagement.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer\Free DWG Viewer Help.lnk - C:\Program Files (x86)\IGC\Free DWG Viewer\BravaActiveX.DWG_ENU.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer\Free DWG Viewer.lnk - C:\Program Files (x86)\IGC\Free DWG Viewer\FreeDWGViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
C:\Users\Nora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\windows\system32\control.exe
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Notebook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Uwelchen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\windows\explorer.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Reset WMI ======================
Die folgenden Dienste h„ngen vom Dienst Windows-Verwaltungsinstrumentation ab.
Das Beenden des Dienstes Windows-Verwaltungsinstrumentation beendet auch diese Dienste.
Sicherheitscenter
IP-Hilfsdienst
Intel(R) Rapid Storage Technology
Sicherheitscenter wird beendet.
Sicherheitscenter wurde erfolgreich beendet.
IP-Hilfsdienst wird beendet.
IP-Hilfsdienst wurde erfolgreich beendet.
Intel(R) Rapid Storage Technology wird beendet.
Intel(R) Rapid Storage Technology wurde erfolgreich beendet.
Windows-Verwaltungsinstrumentation wird beendet.
Windows-Verwaltungsinstrumentation wurde erfolgreich beendet.
C:\windows\system32\wbem\repository renamed to repository.old
C:\windows\syswow64\wbem\repository renamed to repository.old
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
|
SecurityCheck und:
Farbar Service Scanner 
und 
und speichere die Logdatei auf Deinem Desktop.