Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer sending Spam Mails


  • Please log in to reply
18 replies to this topic

#1 LuudL

LuudL

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 04 November 2015 - 10:40 AM

My Provider send me a Mail that my PC send SPAM own his own.

Please help me :(

 

 

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
durchgeführt von user (Administrator) auf MP-126805 (04-11-2015 16:30:14)
Gestartet von C:\Users\user.mp-126805\Downloads
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP) C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DATEV eG) C:\DATEV\PROGRAMM\Sws\SwmHintergrundDienst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(Synology Inc.) C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\cloud-ui.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Synology Inc.) C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\cloud-connect.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Synology Inc.) C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\cloud-daemon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [HP CP1020 System Tray] => C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE [3344384 2012-11-28] (HP)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SiPaHost] => C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [557608 2015-04-01] (DATEV eG)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [SwmHintergrunddienst] => C:\DATEV\PROGRAMM\SWS\SwmHintergrundDienst.exe [1975848 2015-03-04] (DATEV eG)
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk [2015-09-03]
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\DATEV\PROGRAMM\BSOFFICE\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk [2015-09-03]
ShortcutTarget: CleanupPrintJobs.lnk -> C:\DATEV\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk [2015-09-03]
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
Startup: C:\Users\user.mp-126805\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station.lnk [2015-11-04]
ShortcutTarget: Synology Cloud Station.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
CHR HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{4F437F85-C651-48D0-AD16-04D9265BA787}: [DhcpNameServer] 192.168.1.70
Tcpip\..\Interfaces\{877A0DF1-114A-4412-856D-E4E327669FC7}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM -> {D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> DefaultScope {D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> {0DFB84B2-9A5F-4A27-A9AA-B416179A3E17} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> {D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} URL = hxxp://www.startseite24.net/?q={searchTerms}
BHO: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll [2015-04-01] (DATEV eG)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll [2015-04-01] (DATEV eG)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll [2015-04-01] (DATEV eG)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-13] (Oracle Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\DATEV\SYSTEM\DVCCSAScardBHO002.dll [2015-04-01] (DATEV eG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-13] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default
FF Homepage: hxxps://www.google.de/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-13] (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\searchplugins\websuche.xml [2015-02-11]
FF Extension: New Tab by Yahoo - C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-08]

Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [182312 2015-05-07] (DATEV eG)
S3 Datev.DataAdaptation.Agent.Host; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
S3 Datev.DataAdaptation.DataAdaptationManager.Host; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
R3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
S3 Datev.Database.Dimitra.Server; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [155136 2015-04-01] (DATEV eG) [Datei ist nicht signiert]
R2 DVckService; C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [3099688 2015-04-01] (DATEV eG)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [Datei ist nicht signiert]
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [124536 2012-12-25] (HP) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation)
S4 KOBIL_MSDI; C:\DATEV\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62277296 2014-08-23] (Microsoft Corporation)
R3 MSSQLFDLauncher$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [42168 2014-08-23] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 Sicherheitspaket-Dienst; C:\DATEV\PROGRAMM\B0000398\SipaHostService.exe [322088 2015-04-01] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [443576 2014-08-23] (Microsoft Corporation)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [384072 2015-06-06] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-01-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-04] (Microsoft Corporation)
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [X]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn; Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [X]
S2 HPFSService; "C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-03-14] (Intel Corporation)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2015-02-09] (KOBIL Systems GmbH)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-11-28] (Marvell Semiconductor, Inc.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-08-23] (Microsoft Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                           )
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [96952 2014-03-03] (Datev eG)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 dmboot; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-04 16:30 - 2015-11-04 16:30 - 00021254 _____ C:\Users\user.mp-126805\Downloads\FRST.txt
2015-11-04 16:29 - 2015-11-04 16:30 - 00000000 ____D C:\FRST
2015-11-04 16:28 - 2015-11-04 16:28 - 02198016 _____ (Farbar) C:\Users\user.mp-126805\Downloads\FRST64.exe
2015-11-04 15:24 - 2015-11-04 15:24 - 00028327 _____ C:\ComboFix.txt
2015-11-04 15:20 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-04 15:20 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-04 15:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-04 15:18 - 2015-11-04 15:24 - 00000000 ____D C:\Qoobox
2015-11-04 15:18 - 2015-11-04 15:23 - 00000000 ____D C:\Windows\erdnt
2015-11-04 15:01 - 2015-11-04 15:02 - 05637361 ____R (Swearware) C:\Users\user.mp-126805\Downloads\ComboFix.exe
2015-11-04 14:53 - 2015-11-04 14:53 - 00147456 _____ C:\Users\user.mp-126805\Downloads\catchme.exe
2015-11-03 15:07 - 2015-11-03 15:07 - 00000116 _____ C:\Users\user.mp-126805\AppData\Roaming\BEVI.CFG
2015-10-23 12:20 - 2015-10-23 12:20 - 00013749 _____ C:\Users\user.mp-126805\Desktop\Fatboy Lagerware Hamm.odt
2015-10-15 08:35 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 08:35 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 08:35 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 08:35 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 08:35 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 08:35 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 08:35 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 08:48 - 2015-09-18 20:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 08:48 - 2015-09-18 19:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 08:48 - 2015-09-16 05:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 08:48 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 08:48 - 2015-09-16 05:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 08:48 - 2015-09-16 05:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 08:48 - 2015-09-16 05:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 08:48 - 2015-09-16 05:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 08:48 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 08:48 - 2015-09-16 05:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 08:48 - 2015-09-16 05:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 08:48 - 2015-09-16 05:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 08:48 - 2015-09-16 05:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 08:48 - 2015-09-16 05:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 08:48 - 2015-09-16 05:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 08:48 - 2015-09-16 05:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 08:48 - 2015-09-16 05:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 08:48 - 2015-09-16 05:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 08:48 - 2015-09-16 05:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 08:48 - 2015-09-16 05:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 08:48 - 2015-09-16 04:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 08:48 - 2015-09-16 04:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 08:48 - 2015-09-16 04:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 08:48 - 2015-09-16 04:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 08:48 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 08:48 - 2015-09-16 04:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 08:48 - 2015-09-16 04:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 08:48 - 2015-09-16 04:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 08:48 - 2015-09-16 04:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 08:48 - 2015-09-16 04:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 08:48 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 08:48 - 2015-09-16 04:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 08:48 - 2015-09-16 04:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 08:48 - 2015-09-16 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 08:48 - 2015-09-16 04:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 08:48 - 2015-09-16 04:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 08:48 - 2015-09-16 04:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 08:48 - 2015-09-16 04:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 08:48 - 2015-09-16 04:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 08:48 - 2015-09-16 04:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 08:48 - 2015-09-16 04:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 08:48 - 2015-09-16 04:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 08:48 - 2015-09-16 04:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 08:48 - 2015-09-16 04:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 08:48 - 2015-09-16 04:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 08:48 - 2015-09-16 04:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 08:48 - 2015-09-16 04:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 08:48 - 2015-09-16 04:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 08:48 - 2015-09-16 04:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 08:48 - 2015-09-16 04:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 08:48 - 2015-09-16 04:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 08:48 - 2015-09-16 04:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 08:48 - 2015-09-16 04:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 08:48 - 2015-09-16 04:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 08:48 - 2015-09-16 03:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 08:48 - 2015-09-16 03:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 08:48 - 2015-09-16 03:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 08:48 - 2015-09-16 03:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 08:48 - 2015-09-16 03:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 08:48 - 2015-09-16 03:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 08:48 - 2015-09-16 03:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 08:48 - 2015-09-16 03:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 08:48 - 2015-09-16 03:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 08:48 - 2015-09-16 03:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 08:42 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 08:42 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 08:42 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 08:42 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 08:37 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 08:37 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 08:37 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 08:37 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 08:37 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 08:37 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 08:37 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 08:37 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 08:37 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 08:37 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 08:37 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 08:37 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 08:37 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 08:37 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 08:37 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 08:37 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 08:37 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 08:37 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 08:37 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 08:37 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 08:37 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 08:37 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 08:37 - 2015-09-29 03:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 08:37 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 08:37 - 2015-09-29 03:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 08:37 - 2015-09-29 03:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 08:37 - 2015-09-29 03:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 08:37 - 2015-09-29 03:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 08:37 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 08:37 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 02:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 08:37 - 2015-09-29 02:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 08:37 - 2015-09-29 02:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 08:37 - 2015-09-29 02:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 08:37 - 2015-09-29 02:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 08:37 - 2015-09-29 02:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 02:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 02:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 02:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 08:37 - 2015-09-25 19:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 08:37 - 2015-09-25 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 08:37 - 2015-09-25 19:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 08:37 - 2015-09-25 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 08:37 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 08:37 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 08:37 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 08:37 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 08:37 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 08:37 - 2015-09-15 19:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 08:37 - 2015-09-15 19:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 08:37 - 2015-09-15 19:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 08:37 - 2015-09-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 08:37 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 08:37 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 08:37 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 08:37 - 2015-09-15 18:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-04 15:55 - 2014-10-24 02:52 - 01602513 _____ C:\Windows\WindowsUpdate.log
2015-11-04 15:54 - 2014-09-30 11:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-04 15:48 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-04 15:48 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-04 15:43 - 2014-08-20 18:52 - 00779774 _____ C:\Windows\system32\perfh007.dat
2015-11-04 15:43 - 2014-08-20 18:52 - 00179300 _____ C:\Windows\system32\perfc007.dat
2015-11-04 15:43 - 2009-07-14 06:13 - 01834582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-04 15:42 - 2014-08-20 19:12 - 00006461 _____ C:\Windows\SysWOW64\Gms.log
2015-11-04 15:40 - 2015-07-07 09:47 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-11-04 15:39 - 2015-07-07 14:58 - 00000000 ___RD C:\Users\user.mp-126805\CloudStation
2015-11-04 15:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-04 15:39 - 2009-07-14 05:51 - 00067899 _____ C:\Windows\setupact.log
2015-11-04 15:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-04 15:36 - 2010-11-21 04:47 - 00036272 _____ C:\Windows\PFRO.log
2015-11-04 15:24 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2015-11-04 15:23 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-11-04 13:07 - 2014-10-24 02:52 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F4A776A-76E9-460F-9486-84DFFAD5B41A}
2015-11-04 12:35 - 2015-09-19 10:09 - 00000000 ____D C:\Users\user.mp-126805\Desktop\Reklamationen
2015-11-04 10:53 - 2015-03-02 10:51 - 00000000 ___RD C:\Users\user.mp-126805\Desktop\Elke
2015-11-03 18:33 - 2015-02-09 09:49 - 00004995 _____ C:\Users\user.mp-126805\AppData\Local\EmptySettings.xml
2015-11-03 11:47 - 2015-03-02 11:44 - 11993088 _____ C:\Users\user.mp-126805\Desktop\Wasserbetten-Kunden Quelle Ausgangsdatei.mdb
2015-11-02 09:15 - 2015-06-26 10:15 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-23 14:18 - 2015-03-24 16:17 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-23 14:18 - 2015-03-24 16:17 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-10-23 14:18 - 2015-03-24 16:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-10-20 14:38 - 2015-02-09 09:25 - 01006931 _____ C:\Users\user_bak.log
2015-10-19 07:54 - 2014-09-30 11:43 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-19 07:54 - 2014-09-30 11:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-19 07:54 - 2014-09-30 11:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-15 17:41 - 2015-02-12 03:16 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 17:41 - 2014-08-28 12:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 12:12 - 2014-08-28 14:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-15 08:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-10-14 18:05 - 2014-08-28 12:29 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 18:04 - 2014-08-28 12:29 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-09 09:41 - 2015-04-04 14:48 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 11:48 - 2015-04-04 14:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-07 08:30 - 2015-06-06 14:53 - 00000000 ____D C:\Users\user.mp-126805\AppData\Local\CloudStation
2015-10-05 07:56 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-05 17:19 - 2015-06-06 09:04 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-11-03 15:07 - 2015-11-03 15:07 - 0000116 _____ () C:\Users\user.mp-126805\AppData\Roaming\BEVI.CFG
2015-02-09 11:18 - 2015-02-09 11:18 - 0000463 _____ () C:\Users\user.mp-126805\AppData\Local\belegtransfer_setup.log
2015-02-09 09:49 - 2015-11-03 18:33 - 0004995 _____ () C:\Users\user.mp-126805\AppData\Local\EmptySettings.xml
2015-06-05 11:41 - 2015-06-05 11:43 - 0000712 _____ () C:\Users\user.mp-126805\AppData\Local\Temp-log.txt
2014-08-20 19:04 - 2014-08-20 19:05 - 8864734 _____ () C:\ProgramData\hpcsmmsilogs.log
2014-08-20 19:09 - 2014-08-20 19:09 - 1278762 _____ () C:\ProgramData\hpdam_install_log.txt
2014-08-20 19:08 - 2014-08-20 19:08 - 0544484 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2015-02-09 09:27 - 2015-02-09 09:37 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-31 10:23

==================== Ende von FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 04 November 2015 - 02:41 PM

Hello LuudL and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
   
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time. Let's check out system to clean

Sincerely
:hello:

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 04 November 2015 - 03:53 PM

Hello LuudL

 

Please do the following,
 
Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • cheap-o
  • Yahoo Search Set

After completing uninstalls, please manually reboot your machine!
:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.
  
Step 1:
FRST Script:

  • Please make sure your browsers are closed before continuing.
  • Be sure to temporarily disable all antivirus/anti-spyware softwares

Please download this attached Attached File  Fixlist.txt   4.65KB   5 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

Next >>

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 LuudL

LuudL
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 05 November 2015 - 08:45 AM

Ok here are the Logs.

I was not able to delete the App cheap-O.

 

There is another computer in this network, maybe thats the one thats sending spam mails?!

 

Thank you :)

 

 

 

 

Fix.log

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
durchgeführt von user (2015-11-05 12:24:20) Run:1
Gestartet von C:\Users\user.mp-126805\Downloads
Geladene Profile: user (Verfügbare Profile: user)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CreateRestorePoint:
CloseProcesses:
cheap-o (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - cheap-o) <==== ACHTUNG
Task: {7042D07D-F1D2-49E3-BA86-EB8A0E139DBD} - System32\Tasks\{0B3A076E-7A32-4459-BCA5-99C1492FC387} => pcalua.exe -a "C:\Program Files (x86)\biuyfasit\t0sl4tGktVdpun.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {74389DE5-DF63-4447-86AD-EEE31CD58EF5} - System32\Tasks\{3F8E0CBB-B58B-4CDA-850D-10A2C88B2A2E} => pcalua.exe -a C:\ProgramData\cheap-o\cheap-o.exe -c /progname=cheap-o /progver=3.4.2 /progpub=cheap-o /proguninstallurl=asdahjka.com /deleteappfolder=0  /VERYSILENT
Task: {E725B1F8-B08F-4944-8602-2F4087B4EF2A} - System32\Tasks\{99D0D4F3-F3A0-4868-9112-2DD54887A470} => pcalua.exe -a C:\Users\user.mp-126805\AppData\Local\Temp\Temp1_Data_Replicator_0153.zip\install\Setup.exe
IE trusted site: HKU\S-1-5-21-3183930270-858073344-2258596639-1004\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3183930270-858073344-2258596639-1004\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
CHR HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM -> {D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> DefaultScope {D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> {0DFB84B2-9A5F-4A27-A9AA-B416179A3E17} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> {D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} URL = hxxp://www.startseite24.net/?q={searchTerms}
FF ProfilePath: C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default
FF SearchPlugin: C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\searchplugins\websuche.xml [2015-02-11]
FF Extension: New Tab by Yahoo - C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-08]
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [93160 2015-01-06] (BitDefender LLC)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 dmboot; kein ImagePath
C:\Users\user.mp-126805\AppData\Roaming\BEVI.CFG
C:\Windows\PFRO.log
2015-05-05 17:19 - 2015-06-06 09:04 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-11-03 15:07 - 2015-11-03 15:07 - 0000116 _____ () C:\Users\user.mp-126805\AppData\Roaming\BEVI.CFG
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
cmd: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozess erfolgreich geschlossen.
cheap-o (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - cheap-o) <==== ACHTUNG => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7042D07D-F1D2-49E3-BA86-EB8A0E139DBD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7042D07D-F1D2-49E3-BA86-EB8A0E139DBD}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{0B3A076E-7A32-4459-BCA5-99C1492FC387} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B3A076E-7A32-4459-BCA5-99C1492FC387}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74389DE5-DF63-4447-86AD-EEE31CD58EF5}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74389DE5-DF63-4447-86AD-EEE31CD58EF5}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{3F8E0CBB-B58B-4CDA-850D-10A2C88B2A2E} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3F8E0CBB-B58B-4CDA-850D-10A2C88B2A2E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E725B1F8-B08F-4944-8602-2F4087B4EF2A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E725B1F8-B08F-4944-8602-2F4087B4EF2A}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{99D0D4F3-F3A0-4868-9112-2DD54887A470} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{99D0D4F3-F3A0-4868-9112-2DD54887A470}" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Wert erfolgreich wiederhergestellt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Wert erfolgreich wiederhergestellt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich entfernt
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3096A1C-FF92-4AFE-B06D-E6F8DCACC627}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} => Schlüssel nicht gefunden.
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich entfernt
"HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DFB84B2-9A5F-4A27-A9AA-B416179A3E17}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{0DFB84B2-9A5F-4A27-A9AA-B416179A3E17} => Schlüssel nicht gefunden.
"HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D3096A1C-FF92-4AFE-B06D-E6F8DCACC627}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{D3096A1C-FF92-4AFE-B06D-E6F8DCACC627} => Schlüssel nicht gefunden.
FF ProfilePath: C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default => FRST wurde darauf programmiert dieses Verzeichnis nicht zu verschieben.
C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\searchplugins\websuche.xml => erfolgreich verschoben
C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] => nicht gefunden.
C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => erfolgreich verschoben
avc3 => Dienst konnte nicht gestoppt werden.
avc3 => Dienst erfolgreich entfernt
avchv => Dienst konnte nicht gestoppt werden.
avchv => Dienst erfolgreich entfernt
avckf => Dienst konnte nicht gestoppt werden.
avckf => Dienst erfolgreich entfernt
BdfNdisf => Dienst erfolgreich gestoppt.
BdfNdisf => Dienst erfolgreich entfernt
Trufos => Dienst erfolgreich entfernt
catchme => Dienst erfolgreich entfernt
dmboot => Dienst erfolgreich entfernt
C:\Users\user.mp-126805\AppData\Roaming\BEVI.CFG => erfolgreich verschoben
C:\Windows\PFRO.log => erfolgreich verschoben
C:\Program Files (x86)\prefs.js => erfolgreich verschoben
"C:\Users\user.mp-126805\AppData\Roaming\BEVI.CFG" => nicht gefunden.

=========  type "C:\ComboFix.txt" =========

ComboFix 15-10-28.01 - user 04.11.2015  15:21:04.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8120.6392 [GMT 1:00]
ausgef�hrt von:: c:\users\user.mp-126805\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Enabled/Updated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}
FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
SP: Ad-Aware Antivirus *Enabled/Updated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere L�schungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\15758345173390597519
c:\programdata\15758345173390597519\210cdd5fdafe27aec5dd115052fc633a.ini
c:\programdata\15758345173390597519\25dfcd9b47bc6dc2c5dd115052fc633a.ini
c:\programdata\15758345173390597519\2accc008886ecacac5dd115052fc633a.ini
c:\programdata\15758345173390597519\4271f7d8fb8d0bc3c5dd115052fc633a.ini
c:\programdata\15758345173390597519\63498e03ff146cd0c5dd115052fc633a.ini
c:\programdata\15758345173390597519\64787694ece7de6fc5dd115052fc633a.ini
c:\programdata\15758345173390597519\7621400745429e0bc5dd115052fc633a.ini
c:\programdata\15758345173390597519\9a081dbd063bc1abc5dd115052fc633a.ini
c:\programdata\15758345173390597519\acb66ea5117c5400c5dd115052fc633a.ini
c:\programdata\15758345173390597519\b2f536174832915cc5dd115052fc633a.ini
c:\programdata\15758345173390597519\bc06352591458ff2c5dd115052fc633a.ini
c:\programdata\15758345173390597519\c82ba59a4fab6da9c5dd115052fc633a.ini
c:\programdata\15758345173390597519\cba7e870448052acc5dd115052fc633a.ini
c:\programdata\15758345173390597519\cddefc52d72649b3c5dd115052fc633a.ini
c:\programdata\15758345173390597519\d7285e57b7aa3050c5dd115052fc633a.ini
c:\programdata\15758345173390597519\f91231144eed7931c5dd115052fc633a.ini
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-10-04 bis 2015-11-04  ))))))))))))))))))))))))))))))
.
.
2015-11-04 14:23 . 2015-11-04 14:23    --------    d-----w-    c:\users\User\AppData\Local\temp
2015-11-04 14:23 . 2015-11-04 14:23    --------    d-----w-    c:\users\MPAdmin\AppData\Local\temp
2015-11-04 14:23 . 2015-11-04 14:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-11-04 14:16 . 2015-11-04 14:16    144    ----a-w-    c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-15 07:35 . 2015-09-18 19:22    25432    ----a-w-    c:\windows\system32\CompatTelRunner.exe
2015-10-15 07:35 . 2015-09-18 19:19    700416    ----a-w-    c:\windows\system32\invagent.dll
2015-10-15 07:35 . 2015-09-18 19:19    766464    ----a-w-    c:\windows\system32\generaltel.dll
2015-10-15 07:35 . 2015-09-18 19:19    503808    ----a-w-    c:\windows\system32\devinv.dll
2015-10-15 07:35 . 2015-09-18 19:19    73216    ----a-w-    c:\windows\system32\acmigration.dll
2015-10-15 07:35 . 2015-09-18 19:19    1291264    ----a-w-    c:\windows\system32\appraiser.dll
2015-10-15 07:35 . 2015-09-18 19:09    1163776    ----a-w-    c:\windows\system32\aeinv.dll
2015-10-14 07:47 . 2015-07-18 13:08    984448    ----a-w-    c:\windows\system32\ucrtbase.dll
2015-10-14 07:42 . 2015-08-06 18:04    14176768    ----a-w-    c:\windows\system32\shell32.dll
2015-10-14 07:42 . 2015-08-06 18:03    1866752    ----a-w-    c:\windows\system32\ExplorerFrame.dll
2015-10-14 07:42 . 2015-08-06 17:44    1498624    ----a-w-    c:\windows\SysWow64\ExplorerFrame.dll
2015-10-14 07:42 . 2015-09-01 18:14    503296    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 07:42 . 2015-09-01 18:14    1247232    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 07:42 . 2015-09-01 18:14    110592    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 07:42 . 2015-09-01 18:13    224768    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 07:42 . 2015-09-01 18:12    544768    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 07:42 . 2015-09-01 17:52    348672    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 07:42 . 2015-09-01 17:52    10240    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-19 06:54 . 2014-09-30 10:43    780488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-19 06:54 . 2014-09-30 10:43    142536    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-14 17:04 . 2014-08-28 11:29    143481208    ----a-w-    c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-14 07:37    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-09-02 03:04 . 2015-09-09 07:53    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 07:53    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 07:53    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 07:53    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 07:53    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 07:53    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 07:53    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 07:53    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 07:53    3209216    ----a-w-    c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 07:53    372736    ----a-w-    c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 07:53    299520    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 07:53    2004480    ----a-w-    c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-09 07:53    1887232    ----a-w-    c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-09 07:53    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-09 07:53    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-09 07:53    1391104    ----a-w-    c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-09 07:53    1241088    ----a-w-    c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-09 07:53    2048    ----a-w-    c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 07:53    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2015-08-13 06:31 . 2014-08-28 11:17    97888    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-06 08:04 . 2015-05-05 16:19    79    ----a-w-    c:\program files (x86)\prefs.js
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr�ge & legitime Standardeintr�ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2013-08-05 111576]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2013-08-07 490760]
"SiPaHost"="c:\datev\PROGRAMM\B0000398\SiPaHost.exe" [2015-04-01 557608]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
"SwmHintergrunddienst"="c:\datev\PROGRAMM\SWS\SwmHintergrundDienst.exe" [2015-03-04 1975848]
.
c:\users\user.mp-126805\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Synology Cloud Station.lnk - c:\program files (x86)\Synology\CloudStation\bin\launcher.exe [2015-6-15 1506736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office Initialisierung.lnk - c:\datev\PROGRAMM\BSOFFICE\service\OfficeDiag.exe /EnsureUI [2015-7-10 99880]
CleanupPrintJobs.lnk - c:\datev\PROGRAMM\B0001401\CleanupPrintJobs.exe [2015-4-9 21504]
SkyUserDevmode-Update.lnk - c:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2015-4-9 19968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPFSService;HP File Sanitizer;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [x]
R3 Datev.DataAdaptation.Agent.Host;DATEV Data-Adaptation-Agent;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.DataAdaptation.Agent.Host SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.DataAdaptation.Agent.Host SvcRunLevel=1000 [x]
R3 Datev.DataAdaptation.DataAdaptationManager.Host;DATEV Data-Adaptation-Management;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.DataAdaptation.DataAdaptationManager.Host -PlugInCategory SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.DataAdaptation.DataAdaptationManager.Host -PlugInCategory SvcRunLevel=1000 [x]
R3 Datev.Database.Dimitra.Server;DATEV Datenanpassungen-Dimitra;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Dimitra.Server  -PlugInCategory -SvcRunLevel=2000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Dimitra.Server  -PlugInCategory -SvcRunLevel=2000 [x]
R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;DATEV Schnittstellensystem pro V0300;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn;DATEV Schnittstellensystem pro V0400;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys;c:\windows\SYSNATIVE\drivers\KOBCCID.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 KOBIL_MSDI;KOBIL_MSDI;c:\datev\PROGRAMM\B0000404\msdisrv.exe;c:\datev\PROGRAMM\B0000404\msdisrv.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0153.sys [x]
R4 SQLAgent$DATEV_DBENGINE;SQL Server Agent (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys;c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -PlugInCategory -SvcRunLevel=9999;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -PlugInCategory -SvcRunLevel=9999 [x]
S2 DatevPrintService;DATEV Druckservice;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DVckService;DVckService;c:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe;c:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MSSQL$DATEV_DBENGINE;SQL Server (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SC_SERV3D;SC_SERV3D;c:\windows\system32\drivers\d3_kafm.sys;c:\windows\SYSNATIVE\drivers\d3_kafm.sys [x]
S2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;c:\datev\PROGRAMM\B0000398\SipaHostService.exe;c:\datev\PROGRAMM\B0000398\SipaHostService.exe [x]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 Datev.Database.Conserve;DATEV Connection Service;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -PlugInCategory -SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -PlugInCategory -SvcRunLevel=1000 [x]
S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [x]
S3 iusb3hub;Intel® USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MSSQLFDLauncher$DATEV_DBENGINE;SQL Full-text Filter Daemon Launcher (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-30 06:54]
.
2015-06-06 c:\windows\Tasks\Synology Data Replicator 3-mp-126805-user.job
- c:\program files (x86)\Synology Data Replicator  3\Backup.exe [2015-06-06 13:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]
@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"
[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]
@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"
[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]
@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"
[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04ReadOnlyModule]
@="{A433C3E0-8B24-40EB-93C3-4B10D9959F58}"
[HKEY_CLASSES_ROOT\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05NoPermModule]
@="{C701AD67-3DF0-47C9-89CB-DFA6207BE229}"
[HKEY_CLASSES_ROOT\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-04-15 7570136]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2012-11-28 3344384]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe" [2015-08-27 9558752]
.
------- Zus�tzlicher Suchlauf -------
.
uStart Page = https://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
.
------- Dateityp-Verkn�pfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-11-04  15:24:10
ComboFix-quarantined-files.txt  2015-11-04 14:24
.
Vor Suchlauf: 13 Verzeichnis(se), 32.350.142.464 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 33.510.862.848 Bytes frei
.
- - End Of File - - 672E62101C870E5C5E94BBB76B62ED9B
A36C5E4F47E84449FF07ED3517B43A31

========= Ende von CMD: =========


========================= File: C:\ComboFix.txt ========================

Datei ist nicht signiert
MD5: 4E7B6712089AB15AAB6402203CFB0056
Erstellungs- und Änderungsdatum: 2015-11-04 15:24 - 2015-11-04 15:24
Größe: 0028327
Attribute: ----A
Firmenname:
Interne Name:
Original Name:
Produkt:
Beschreibung:
Datei Version:
Produkt Version:
Urheberrecht:

====== Ende von Datei: ======


=========  netsh winsock reset =========


Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.


========= Ende von CMD: =========

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
EmptyTemp: => 476.6 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 12:24:47 ====

 

 

ADWCLeaner

 

# AdwCleaner v5.018 - Bericht erstellt am 05/11/2015 um 12:48:42
# Aktualisiert am 05/11/2015 von Xplode
# Datenbank : 2015-11-03.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : user - MP-126805
# Gestartet von : C:\Users\user.mp-126805\Desktop\adwcleaner_5.018.exe
# Option : Suchlauf
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

Ordner Gefunden : C:\Program Files (x86)\biuyfasit
Ordner Gefunden : C:\Program Files (x86)\cheap4All
Ordner Gefunden : C:\Program Files (x86)\coolnCheap
Ordner Gefunden : C:\Program Files (x86)\niTrodieal
Ordner Gefunden : C:\Program Files (x86)\offferdEal
Ordner Gefunden : C:\Program Files (x86)\sAlepirizEs
Ordner Gefunden : C:\Program Files (x86)\ssaleprriezEos
Ordner Gefunden : C:\ProgramData\20f3161f00005650
Ordner Gefunden : C:\ProgramData\fd8e3a680000349f
Ordner Gefunden : C:\ProgramData\{211c1345-837d-853e-211c-c13458374d16}
Ordner Gefunden : C:\ProgramData\{281c63c5-e3bd-72fc-281c-c63c5e3b8f17}
Ordner Gefunden : C:\users\user.mp-126805\AppData\Local\YSearchUtil
Ordner Gefunden : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Dateien ] *****


***** [ DLL ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\P8e63c8b4_3fec_4454_8e32_4a036ebe24dc_.P8e63c8b4_3fec_4454_8e32_4a036ebe24dc_
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\P8e63c8b4_3fec_4454_8e32_4a036ebe24dc_.P8e63c8b4_3fec_4454_8e32_4a036ebe24dc_.9
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PC3E39728_9C41_43C8_915C_DE48D77ADB09_.PC3E39728_9C41_43C8_915C_DE48D77ADB09_
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PC3E39728_9C41_43C8_915C_DE48D77ADB09_.PC3E39728_9C41_43C8_915C_DE48D77ADB09_.9
Schlüssel Gefunden : HKLM\SOFTWARE\6b83f32f-8c7c-fe69-cd11-4fbd3b807cd5
Schlüssel Gefunden : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8e63c8b4-3fec-4454-8e32-4a036ebe24dc}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C3E39728-9C41-43C8-915C-DE48D77ADB09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B08006D8-1D22-458E-9370-F459542E5AF2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B7298E57-3046-4F2A-B8C6-78CC8A60020C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CB747D69-2EE7-40C0-BE35-BA6ED3EEA8A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DB559C6A-03B9-4961-9BC3-80D769710C2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1F831F60-05FB-474D-93A3-42DA68E7EB8F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4DDEC9FF-96A3-4B1B-ADCA-0B31EC700151}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8e63c8b4-3fec-4454-8e32-4a036ebe24dc}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3E39728-9C41-43C8-915C-DE48D77ADB09}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8e63c8b4-3fec-4454-8e32-4a036ebe24dc}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3E39728-9C41-43C8-915C-DE48D77ADB09}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8e63c8b4-3fec-4454-8e32-4a036ebe24dc}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3E39728-9C41-43C8-915C-DE48D77ADB09}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{8e63c8b4-3fec-4454-8e32-4a036ebe24dc}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{C3E39728-9C41-43C8-915C-DE48D77ADB09}]
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{8e63c8b4-3fec-4454-8e32-4a036ebe24dc}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{C3E39728-9C41-43C8-915C-DE48D77ADB09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B08006D8-1D22-458E-9370-F459542E5AF2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B7298E57-3046-4F2A-B8C6-78CC8A60020C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{CB747D69-2EE7-40C0-BE35-BA6ED3EEA8A3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DB559C6A-03B9-4961-9BC3-80D769710C2D}
Schlüssel Gefunden : HKCU\Software\Super Optimizer
Schlüssel Gefunden : HKCU\Software\WEBAPP
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gefunden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gefunden : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}
Schlüssel Gefunden : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gefunden : HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

***** [ Internetbrowser ] *****

[C:\users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\prefs.js] [Preference] Gefunden : user_pref("extensions.8NySJNjkpRSL0sKK.scode", "(function(){try{if(window.location.href.indexOf(\"rjnGqjC8qHwErHsErjsFpdg9rTg\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[C:\users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\prefs.js] [Preference] Gefunden : user_pref("extensions.AmjzkjThyHt5z6xZ.scode", "(function(){try{if(window.location.href.indexOf(\"rjnGqjC8qHwErHsErjsFpdg9rTg\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[C:\users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\prefs.js] [Preference] Gefunden : user_pref("extensions.eVJBe6Unhth3TxZG.scode", "(function(){try{if(window.location.href.indexOf(\"rjnGqjC8qHwErHsErjsFpdg9rTg\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[C:\users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\prefs.js] [Preference] Gefunden : user_pref("extensions.hzVfAVk0twH4MWkY.scode", "(function(){try{if(window.location.href.indexOf(\"rjnGqjC8qHwErHsErjsFpdg9rTg\")>-1){return;}}catch(e){}try{var d=[[\"investkingdom.com\",\"www.viracure[...]
[C:\users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\prefs.js] [Preference] Gefunden : user_pref("extensions.pPzRAM8iSDfQaf7i.scode", "(function(){try{if(window.location.href.indexOf(\"rjnGqjC8qHwErHsErjsFpdg9rTg\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7380 Bytes] ##########
 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Professional x64
Ran by user on 05.11.2015 at 12:59:44,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\bueyandbrowsse
Successfully deleted: [Folder] C:\Program Files (x86)\linkmodule





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.11.2015 at 13:01:04,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Malwarebytes Protocol:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 05.11.2015
Suchlaufzeit: 13:21
Protokolldatei:
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.11.05.03
Rootkit-Datenbank: v2015.11.04.02
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: user

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 427712
Abgelaufene Zeit: 2 Min., 36 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 3
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [41262d4d098263d3ea560e6be41f8977],
PUP.Optional.MultiPlug, HKU\S-1-5-21-3183930270-858073344-2258596639-1004_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In Quarantäne, [a2c58af05734082e3d7f544d92716799],
PUP.Optional.MultiPlug, HKU\S-1-5-21-3183930270-858073344-2258596639-1004_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In Quarantäne, [a2c58af05734082e3d7f544d92716799],

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 2
PUP.Optional.MultiPlug.Uns, C:\ProgramData\cheap-o\cheap-o.exe, In Quarantäne, [4c1bc1b9cebdd85e61113f9d6a97c040],
PUP.Optional.WinYahoo, C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi, In Quarantäne, [4027abcf216acb6b7e1a1f757d86926e],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)



#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 05 November 2015 - 12:48 PM

Hi LuudL,
 

Please download AdwCleaner from here and save it to your desktop.

  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply

-------------------------------------------------------------------------------------------------------------------------------

 

Please be sure to run our tools with administrator rights.
 
ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

-----------------------------------------------------------------------------------------------------------------------------------

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 LuudL

LuudL
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 06 November 2015 - 06:26 AM

AdwCleaner

 

 

# AdwCleaner v5.018 - Logfile created 06/11/2015 at 10:27:43
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : user - MP-126805
# Running from : C:\Users\user.mp-126805\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\Description
[-] Key Deleted : [x64] HKLM\SOFTWARE\Description

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [838 bytes] ##########
 

 

Combofix

 

ComboFix 15-11-05.01 - user 06.11.2015  10:44:54.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8120.6101 [GMT 1:00]
ausgeführt von:: c:\users\user.mp-126805\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {B0CC18C6-E527-6EE6-874C-9D19920E5619}
FW: Ad-Aware Firewall *Disabled* {88F799E3-AF48-6FBE-AC13-342C6CDD1162}
SP: Ad-Aware Antivirus *Disabled/Outdated* {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-10-06 bis 2015-11-06  ))))))))))))))))))))))))))))))
.
.
2015-11-06 09:46 . 2015-11-06 09:46    --------    d-----w-    c:\users\User\AppData\Local\temp
2015-11-06 09:46 . 2015-11-06 09:46    --------    d-----w-    c:\users\MPAdmin\AppData\Local\temp
2015-11-06 09:46 . 2015-11-06 09:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-11-06 09:40 . 2015-11-06 09:40    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F8F9BF3-AD98-40EF-A003-613512677167}\offreg.3956.dll
2015-11-06 08:35 . 2015-10-20 02:33    11140960    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F8F9BF3-AD98-40EF-A003-613512677167}\mpengine.dll
2015-11-05 12:04 . 2015-11-06 09:28    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-05 12:04 . 2015-11-05 12:04    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2015-11-05 12:04 . 2015-11-05 12:04    --------    d-----w-    c:\programdata\Malwarebytes
2015-11-05 12:04 . 2015-10-05 08:50    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2015-11-05 12:04 . 2015-10-05 08:50    109272    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2015-11-05 12:04 . 2015-10-05 08:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2015-11-05 11:48 . 2015-11-06 09:27    --------    d-----w-    C:\AdwCleaner
2015-11-04 15:29 . 2015-11-05 11:29    --------    d-----w-    C:\FRST
2015-10-15 07:35 . 2015-09-18 19:22    25432    ----a-w-    c:\windows\system32\CompatTelRunner.exe
2015-10-15 07:35 . 2015-09-18 19:19    700416    ----a-w-    c:\windows\system32\invagent.dll
2015-10-15 07:35 . 2015-09-18 19:19    766464    ----a-w-    c:\windows\system32\generaltel.dll
2015-10-15 07:35 . 2015-09-18 19:19    503808    ----a-w-    c:\windows\system32\devinv.dll
2015-10-15 07:35 . 2015-09-18 19:19    73216    ----a-w-    c:\windows\system32\acmigration.dll
2015-10-15 07:35 . 2015-09-18 19:19    1291264    ----a-w-    c:\windows\system32\appraiser.dll
2015-10-15 07:35 . 2015-09-18 19:09    1163776    ----a-w-    c:\windows\system32\aeinv.dll
2015-10-14 07:47 . 2015-07-18 13:08    984448    ----a-w-    c:\windows\system32\ucrtbase.dll
2015-10-14 07:42 . 2015-08-06 18:04    14176768    ----a-w-    c:\windows\system32\shell32.dll
2015-10-14 07:42 . 2015-08-06 18:03    1866752    ----a-w-    c:\windows\system32\ExplorerFrame.dll
2015-10-14 07:42 . 2015-08-06 17:44    1498624    ----a-w-    c:\windows\SysWow64\ExplorerFrame.dll
2015-10-14 07:42 . 2015-09-01 18:14    503296    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 07:42 . 2015-09-01 18:14    1247232    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 07:42 . 2015-09-01 18:14    110592    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 07:42 . 2015-09-01 18:13    224768    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 07:42 . 2015-09-01 18:12    544768    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 07:42 . 2015-09-01 17:52    348672    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 07:42 . 2015-09-01 17:52    10240    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-19 06:54 . 2014-09-30 10:43    780488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-19 06:54 . 2014-09-30 10:43    142536    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-10-14 17:04 . 2014-08-28 11:29    143481208    ----a-w-    c:\windows\system32\MRT.exe
2015-09-29 02:58 . 2015-10-14 07:37    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2015-09-02 03:04 . 2015-09-09 07:53    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-09 07:53    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-09 07:53    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-09 07:53    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-09 07:53    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-09 07:53    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-09 07:53    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-09 07:53    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-09 07:53    3209216    ----a-w-    c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-09 07:53    372736    ----a-w-    c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-09 07:53    299520    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-09 07:53    2004480    ----a-w-    c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-09 07:53    1887232    ----a-w-    c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-09 07:53    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-09 07:53    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-09 07:53    1391104    ----a-w-    c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-09 07:53    1241088    ----a-w-    c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-09 07:53    2048    ----a-w-    c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 07:53    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2015-08-13 06:31 . 2014-08-28 11:17    97888    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2013-08-05 111576]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2013-08-07 490760]
"SiPaHost"="c:\datev\PROGRAMM\B0000398\SiPaHost.exe" [2015-04-01 557608]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896]
"SwmHintergrunddienst"="c:\datev\PROGRAMM\SWS\SwmHintergrundDienst.exe" [2015-03-04 1975848]
.
c:\users\user.mp-126805\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Synology Cloud Station.lnk - c:\program files (x86)\Synology\CloudStation\bin\launcher.exe [2015-6-15 1506736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Basisschnittstelle Office Initialisierung.lnk - c:\datev\PROGRAMM\BSOFFICE\service\OfficeDiag.exe /EnsureUI [2015-7-10 99880]
CleanupPrintJobs.lnk - c:\datev\PROGRAMM\B0001401\CleanupPrintJobs.exe [2015-4-9 21504]
SkyUserDevmode-Update.lnk - c:\datev\PROGRAMM\B0001401\UpdateDevmode.exe [2015-4-9 19968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 bdfwfpf;bdfwfpf;c:\program files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPFSService;HP File Sanitizer;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [x]
R3 DATEV Update-Service;DATEV Update-Service;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe;c:\datev\PROGRAMM\INSTALL\DvInesASDSvc.Exe [x]
R3 Datev.DataAdaptation.Agent.Host;DATEV Data-Adaptation-Agent;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.DataAdaptation.Agent.Host SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.DataAdaptation.Agent.Host SvcRunLevel=1000 [x]
R3 Datev.DataAdaptation.DataAdaptationManager.Host;DATEV Data-Adaptation-Management;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.DataAdaptation.DataAdaptationManager.Host -PlugInCategory SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.DataAdaptation.DataAdaptationManager.Host -PlugInCategory SvcRunLevel=1000 [x]
R3 Datev.Database.Dimitra.Server;DATEV Datenanpassungen-Dimitra;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Dimitra.Server  -PlugInCategory -SvcRunLevel=2000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Dimitra.Server  -PlugInCategory -SvcRunLevel=2000 [x]
R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;DATEV Schnittstellensystem pro V0300;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [x]
R3 Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn;DATEV Schnittstellensystem pro V0400;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys;c:\windows\SYSNATIVE\drivers\KOBCCID.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 KOBIL_MSDI;KOBIL_MSDI;c:\datev\PROGRAMM\B0000404\msdisrv.exe;c:\datev\PROGRAMM\B0000404\msdisrv.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0153.sys [x]
R4 SQLAgent$DATEV_DBENGINE;SQL Server Agent (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -PlugInCategory -SvcRunLevel=9999;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -PlugInCategory -SvcRunLevel=9999 [x]
S2 DatevPrintService;DATEV Druckservice;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE;c:\datev\PROGRAMM\B0001442\PSNTSERV.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DVckService;DVckService;c:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe;c:\datev\PROGRAMM\B0000150\ScServer\DVckService.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 MSSQL$DATEV_DBENGINE;SQL Server (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SC_SERV3D;SC_SERV3D;c:\windows\system32\drivers\d3_kafm.sys;c:\windows\SYSNATIVE\drivers\d3_kafm.sys [x]
S2 Sicherheitspaket-Dienst;Sicherheitspaket-Dienst;c:\datev\PROGRAMM\B0000398\SipaHostService.exe;c:\datev\PROGRAMM\B0000398\SipaHostService.exe [x]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 Datev.Database.Conserve;DATEV Connection Service;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [x]
S3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -PlugInCategory -SvcRunLevel=1000;c:\datev\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -PlugInCategory -SvcRunLevel=1000 [x]
S3 gzflt;gzflt;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys;c:\program files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [x]
S3 iusb3hub;Intel® USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MSSQLFDLauncher$DATEV_DBENGINE;SQL Full-text Filter Daemon Launcher (DATEV_DBENGINE);c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Inhalt des "geplante Tasks" Ordners
.
2015-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-30 06:54]
.
2015-06-06 c:\windows\Tasks\Synology Data Replicator 3-mp-126805-user.job
- c:\program files (x86)\Synology Data Replicator  3\Backup.exe [2015-06-06 13:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]
@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"
[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]
@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"
[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]
@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"
[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04ReadOnlyModule]
@="{A433C3E0-8B24-40EB-93C3-4B10D9959F58}"
[HKEY_CLASSES_ROOT\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05NoPermModule]
@="{C701AD67-3DF0-47C9-89CB-DFA6207BE229}"
[HKEY_CLASSES_ROOT\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}]
2015-10-07 07:30    2594304    ----a-w-    c:\users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-04-15 7570136]
"HP CP1020 System Tray"="c:\program files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE" [2012-11-28 3344384]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe" [2015-08-27 9558752]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-11-06  10:47:58
ComboFix-quarantined-files.txt  2015-11-06 09:47
ComboFix2.txt  2015-11-04 14:24
.
Vor Suchlauf: 22 Verzeichnis(se), 32.333.549.568 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 32.027.439.104 Bytes frei
.
- - End Of File - - A20F75764F4690BC1B0A92717DB9A4AE
A36C5E4F47E84449FF07ED3517B43A31
 

 

Rouge Killer

 

RogueKiller V10.11.4.0 [Nov  2 2015] (Free) by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
gestarted in : normaler Modus
User : user [Administrator]
Started from : C:\Users\user.mp-126805\Desktop\RogueKiller.exe
Modus : Scannen -- Datum : 11/06/2015 12:25:14

¤¤¤ Prozesse : 1 ¤¤¤
[VT.Unknown] sqlservr.exe(2128) -- C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe[7] -> beendet [TermProc]

¤¤¤ Registry : 4 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Gefunden
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Gefunden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gefunden

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Host Dateien : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 983380731647dc98e9d237cc446e7e3e
[BSP] ee4378bb03c39fcc93b7ea2f5e975bd2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 109351 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 224669696 | Size: 12297 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 



#7 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 06 November 2015 - 12:24 PM

Please do the following,

Download zoek.exe to your Desktop:
http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here
http://www.bleepingc...opic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:
 

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;

emptyfolderscheck;delete
ielook;
firefoxlook;
chromelook;

ipconfig /flushdns;b


Now...
Close any open programs.
Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
------------------------------------------------------------------------------------

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------------------------------------------------------------------------------------------------------------------------------

How is the machine running now. What is the situation?

Please post a fresh FRST logfile for my check. (Frst.txt and Additional.txt)
 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 LuudL

LuudL
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 07 November 2015 - 05:12 AM

Ok Seems to be much better here are the logs:

 

Zoek:

 

Zoek.exe v5.0.0.1 Updated 05-November-2015
Tool run by user on 07.11.2015 at 10:03:13,40.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\user.mp-126805\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

07.11.2015 10:03:54 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Red Ball deleted successfully
C:\PROGRA~2\SABdrop deleted successfully
C:\PROGRA~2\Trollbar deleted successfully
C:\PROGRA~2\COMMON~1\INDAC deleted successfully
C:\Users\user.mp-126805\AppData\Roaming\DatevScan deleted successfully
C:\Users\user.mp-126805\AppData\Roaming\dlg deleted successfully
C:\Users\user.mp-126805\AppData\Roaming\DokOrg deleted successfully
C:\Users\user.mp-126805\AppData\Roaming\DVASSV deleted successfully
C:\Users\User\AppData\Local\VirtualStore deleted successfully
C:\Users\user.mp-126805\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\user.mp-126805\AppData\Local\EmieSiteList deleted successfully
C:\Users\user.mp-126805\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Datev.Unternehmen.SystemComponents.ServiceBus.V0400.PlugIn deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\USER~1.MP-\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default

user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.hiddenOneOffs", "Websuche,Yahoo,Amazon.de,Bing,DuckDuckGo,eBay,LEO Eng-Deu,Wikipedia (de),1&1 Suche,Englische Ergebnisse,GMX
---- Lines extensions.8NySJNjkpRSL0sKK removed from prefs.js ----
user_pref("extensions.8NySJNjkpRSL0sKK.epoch", "1433586009");
user_pref("extensions.8NySJNjkpRSL0sKK.url", "http://bookstoric.org/sync2/?q=hfZ9ofrFrTwMCyVUojwErTaErchTB6lKDzt4okmxtNtVh7n0rjkEqda4rjkFqTnEtMFHhd9Fq
---- Lines extensions.AmjzkjThyHt5z6xZ removed from prefs.js ----
user_pref("extensions.AmjzkjThyHt5z6xZ.epoch", "1435747078");
user_pref("extensions.AmjzkjThyHt5z6xZ.url", "http://ring4unorth.org/sync2/?q=hfZ9oemHgjDUqShEAen0rjaGrjaFtMqLDe49CNU0mwkMCMlNhd9Fqja7rjwFrHnErjUMBzqU
---- Lines extensions.eVJBe6Unhth3TxZG removed from prefs.js ----
user_pref("extensions.eVJBe6Unhth3TxZG.epoch", "1433586465");
user_pref("extensions.eVJBe6Unhth3TxZG.url", "http://titleoffice4u.org/sync2/?q=hfZ9oeqOhexEqyxIBzrMCyVUojwErTaErchTB6lKDzt4okmxtNtVh7n0rjkEqds6rdCErT
---- Lines extensions.hzVfAVk0twH4MWkY removed from prefs.js ----
user_pref("extensions.hzVfAVk0twH4MWkY.epoch", "1433586466");
user_pref("extensions.hzVfAVk0twH4MWkY.url", "http://profile-valid.com/sync2/?q=hfZ9ofbGAfPHgflEB75MCyVUojwErTaErchTB6lKDzt4okmxtNtVh7n0rjkEqjs7rdCHpd
---- Lines extensions.pPzRAM8iSDfQaf7i removed from prefs.js ----
user_pref("extensions.pPzRAM8iSDfQaf7i.epoch", "1437577561");
user_pref("extensions.pPzRAM8iSDfQaf7i.url", "http://solutionget.info/sync2/?q=hfZ9oe0MhMlGhdwFtNbPhd9FrdsErdaMg708BNmGWj8wmihGheDUojw8rdCFpda5rdY9rGh
---- FireFox user.js and prefs.js backups ----

prefs__1013_.backup

ProfilePath: C:\Users\USER~1.MP-\AppData\Roaming\Thunderbird\Profiles\i855bw5j.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs__1013_.backup

==== Batch Command(s) Run By Tool======================


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Red Ball not found
C:\PROGRA~2\SABdrop not found
C:\PROGRA~2\Trollbar not found
C:\PROGRA~2\Nonchalant Country deleted
C:\PROGRA~2\Vast Status deleted
C:\Users\user.mp-126805\AppData\Local\belegtransfer_setup.log deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\USER~1.MP-\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default\jetpack deleted
"C:\Windows\Installer\4170b2.msi" deleted
"C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\yahoo-de.xml" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\USER~1.MP-\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default
user_pref("browser.startup.homepage", "https://www.google.de/");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3CE42A810AB28344AAC53AFC1891D422 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3CE42A810AB28344AAC53AFC1891D422 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user.mp-126805\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\user.mp-126805\AppData\Local\Mozilla\Firefox\Profiles\ofxwylid.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=15 folders=10 17900350 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\MPAdmin\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\User\AppData\Local\temp emptied successfully
C:\Users\user.mp-126805\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\USER~1.MP-\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 07.11.2015 at 10:22:29,20 ======================
 

 

eset log:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\biuyfasit\t0sl4tGktVdpun.x64.dll.vir    a variant of Win64/Adware.MultiPlug.H application    cleaned by deleting - quarantined
C:\Users\user.mp-126805\Downloads\mozilla-thunderbird.exe    Win32/DownloadGuide.F potentially unwanted application    deleted - quarantined
 

 

Frst.txt:

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015
durchgeführt von user (Administrator) auf MP-126805 (07-11-2015 11:11:17)
Gestartet von C:\Users\user.mp-126805\Desktop
Geladene Profile: user (Verfügbare Profile: user)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP) C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DATEV eG) C:\DATEV\PROGRAMM\Sws\SwmHintergrundDienst.exe
(Synology Inc.) C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\cloud-ui.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(DATEV eG) C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Synology Inc.) C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\cloud-connect.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synology Inc.) C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\cloud-daemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(DATEV eG) C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7570136 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [HP CP1020 System Tray] => C:\Program Files\HP\HP LaserJet Professional CP1020 Series\HPCP1020STRAY.EXE [3344384 2012-11-28] (HP)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [SiPaHost] => C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe [557608 2015-04-01] (DATEV eG)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [SwmHintergrunddienst] => C:\DATEV\PROGRAMM\SWS\SwmHintergrundDienst.exe [1975848 2015-03-04] (DATEV eG)
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll [2015-10-07] (TODO: <Company name>)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk [2015-09-03]
ShortcutTarget: Basisschnittstelle Office Initialisierung.lnk -> C:\DATEV\PROGRAMM\BSOFFICE\service\OfficeDiag.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CleanupPrintJobs.lnk [2015-09-03]
ShortcutTarget: CleanupPrintJobs.lnk -> C:\DATEV\PROGRAMM\B0001401\CleanupPrintJobs.exe (DATEV eG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SkyUserDevmode-Update.lnk [2015-09-03]
ShortcutTarget: SkyUserDevmode-Update.lnk -> C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
Startup: C:\Users\user.mp-126805\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station.lnk [2015-11-07]
ShortcutTarget: Synology Cloud Station.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{877A0DF1-114A-4412-856D-E4E327669FC7}: [DhcpNameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll [2015-04-01] (DATEV eG)
BHO: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\DATEV\SYSTEM\DVCCSASCardBHO64002.Dll [2015-04-01] (DATEV eG)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: DtvIePwdSafeBHO Class -> {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -> C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll [2015-04-01] (DATEV eG)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-13] (Oracle Corporation)
BHO-x32: SCardBHOEvent Class -> {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} -> C:\DATEV\SYSTEM\DVCCSAScardBHO002.dll [2015-04-01] (DATEV eG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-13] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user.mp-126805\AppData\Roaming\Mozilla\Firefox\Profiles\ofxwylid.default
FF Homepage: hxxps://www.google.de/
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-13] (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
S3 DATEV Update-Service; C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe [182312 2015-05-07] (DATEV eG)
S3 Datev.DataAdaptation.Agent.Host; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
S3 Datev.DataAdaptation.DataAdaptationManager.Host; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
R3 Datev.Database.Conserve; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
S3 Datev.Database.Dimitra.Server; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
R2 Datev.Framework.RemoteServiceModel.EnablerService; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
R3 Datev.Framework.RemoteServices; C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe [7208 2015-07-15] (DATEV eG)
R2 DatevPrintService; C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE [155136 2015-04-01] (DATEV eG) [Datei ist nicht signiert]
R2 DVckService; C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe [3099688 2015-04-01] (DATEV eG)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [Datei ist nicht signiert]
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [124536 2012-12-25] (HP) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-02-20] (Intel Corporation)
S4 KOBIL_MSDI; C:\DATEV\PROGRAMM\B0000404\msdisrv.exe [137736 2013-03-14] (KOBIL Systems GmbH)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [62277296 2014-08-23] (Microsoft Corporation)
R3 MSSQLFDLauncher$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [42168 2014-08-23] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 Sicherheitspaket-Dienst; C:\DATEV\PROGRAMM\B0000398\SipaHostService.exe [322088 2015-04-01] (DATEV eG)
S4 SQLAgent$DATEV_DBENGINE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [443576 2014-08-23] (Microsoft Corporation)
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [384072 2015-06-06] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-01-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-04] (Microsoft Corporation)
S2 HPFSService; "C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [102992 2015-01-06] (BitDefender LLC)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-03-14] (Intel Corporation)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [116864 2015-02-09] (KOBIL Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [116736 2014-02-20] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-11-28] (Marvell Semiconductor, Inc.)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-08-23] (Microsoft Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                           )
R2 SC_SERV3D; C:\Windows\system32\drivers\d3_kafm.sys [96952 2014-03-03] (Datev eG)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-06] ()

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-07 11:10 - 2015-11-07 11:11 - 00019103 _____ C:\Users\user.mp-126805\Desktop\FRST.txt
2015-11-07 11:10 - 2015-11-07 11:10 - 00000000 ____D C:\Users\user.mp-126805\Desktop\FRST-OlderVersion
2015-11-07 10:32 - 2015-11-07 10:32 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-07 10:31 - 2015-11-07 10:32 - 02870984 _____ (ESET) C:\Users\user.mp-126805\Desktop\esetsmartinstaller_enu.exe
2015-11-07 10:15 - 2015-11-07 10:03 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-11-07 10:03 - 2015-11-07 10:22 - 00009338 _____ C:\zoek-results.log
2015-11-07 10:02 - 2015-11-07 10:13 - 00000000 ____D C:\zoek_backup
2015-11-07 10:01 - 2015-11-07 10:01 - 01309184 _____ C:\Users\user.mp-126805\Desktop\zoek.exe
2015-11-06 10:52 - 2015-11-06 12:22 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-06 10:52 - 2015-11-06 11:02 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-06 10:50 - 2015-11-06 10:51 - 18969672 _____ C:\Users\user.mp-126805\Desktop\RogueKiller.exe
2015-11-06 10:47 - 2015-11-06 10:47 - 00027853 _____ C:\ComboFix.txt
2015-11-06 10:35 - 2015-11-06 10:35 - 00001214 _____ C:\Users\user.mp-126805\Desktop\ComboFix.exe.lnk
2015-11-06 10:34 - 2015-11-06 10:34 - 05637844 _____ (Swearware) C:\Users\user.mp-126805\Downloads\ComboFix(1).exe
2015-11-06 10:33 - 2015-11-06 10:33 - 00000920 _____ C:\Users\user.mp-126805\Desktop\AdwCleaner[C2].txt
2015-11-06 10:13 - 2015-11-06 10:14 - 01713664 _____ C:\Users\user.mp-126805\Desktop\AdwCleaner.exe
2015-11-05 14:45 - 2015-11-06 10:24 - 00000000 ____D C:\Users\user.mp-126805\Desktop\Sicherheit
2015-11-05 13:29 - 2015-11-07 10:22 - 00002450 _____ C:\Windows\PFRO.log
2015-11-05 13:04 - 2015-11-07 10:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-05 13:04 - 2015-11-05 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-05 13:04 - 2015-11-05 13:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-05 13:04 - 2015-11-05 13:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-05 13:04 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-05 13:04 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-05 13:04 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-05 12:56 - 2015-11-05 12:56 - 00007851 _____ C:\Users\user.mp-126805\Desktop\AdwCleaner[C1].txt
2015-11-05 12:48 - 2015-11-06 10:27 - 00000000 ____D C:\AdwCleaner
2015-11-04 16:30 - 2015-11-04 16:30 - 00094521 _____ C:\Users\user.mp-126805\Desktop\Addition.txt
2015-11-04 16:30 - 2015-11-04 16:30 - 00061508 _____ C:\Users\user.mp-126805\Downloads\FRST.txt
2015-11-04 16:29 - 2015-11-07 11:11 - 00000000 ____D C:\FRST
2015-11-04 16:28 - 2015-11-07 11:10 - 02198528 _____ (Farbar) C:\Users\user.mp-126805\Desktop\FRST64.exe
2015-11-04 15:20 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-04 15:20 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-04 15:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-04 15:20 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-04 15:18 - 2015-11-06 10:48 - 00000000 ____D C:\Qoobox
2015-11-04 15:18 - 2015-11-04 15:23 - 00000000 ____D C:\Windows\erdnt
2015-11-04 15:01 - 2015-11-06 10:43 - 05637844 ____R (Swearware) C:\Users\user.mp-126805\Downloads\ComboFix.exe
2015-11-04 14:53 - 2015-11-04 14:53 - 00147456 _____ C:\Users\user.mp-126805\Downloads\catchme.exe
2015-10-23 12:20 - 2015-10-23 12:20 - 00013749 _____ C:\Users\user.mp-126805\Desktop\Fatboy Lagerware Hamm.odt
2015-10-15 08:35 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 08:35 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 08:35 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 08:35 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 08:35 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 08:35 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 08:35 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 08:48 - 2015-09-18 20:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 08:48 - 2015-09-18 19:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 08:48 - 2015-09-16 05:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 08:48 - 2015-09-16 05:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 08:48 - 2015-09-16 05:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 08:48 - 2015-09-16 05:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 08:48 - 2015-09-16 05:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 08:48 - 2015-09-16 05:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 08:48 - 2015-09-16 05:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 08:48 - 2015-09-16 05:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 08:48 - 2015-09-16 05:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 08:48 - 2015-09-16 05:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 08:48 - 2015-09-16 05:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 08:48 - 2015-09-16 05:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 08:48 - 2015-09-16 05:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 08:48 - 2015-09-16 05:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 08:48 - 2015-09-16 05:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 08:48 - 2015-09-16 05:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 08:48 - 2015-09-16 05:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 08:48 - 2015-09-16 05:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 08:48 - 2015-09-16 04:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 08:48 - 2015-09-16 04:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 08:48 - 2015-09-16 04:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 08:48 - 2015-09-16 04:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 08:48 - 2015-09-16 04:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 08:48 - 2015-09-16 04:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 08:48 - 2015-09-16 04:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 08:48 - 2015-09-16 04:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 08:48 - 2015-09-16 04:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 08:48 - 2015-09-16 04:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 08:48 - 2015-09-16 04:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 08:48 - 2015-09-16 04:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 08:48 - 2015-09-16 04:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 08:48 - 2015-09-16 04:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 08:48 - 2015-09-16 04:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 08:48 - 2015-09-16 04:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 08:48 - 2015-09-16 04:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 08:48 - 2015-09-16 04:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 08:48 - 2015-09-16 04:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 08:48 - 2015-09-16 04:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 08:48 - 2015-09-16 04:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 08:48 - 2015-09-16 04:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 08:48 - 2015-09-16 04:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 08:48 - 2015-09-16 04:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 08:48 - 2015-09-16 04:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 08:48 - 2015-09-16 04:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 08:48 - 2015-09-16 04:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 08:48 - 2015-09-16 04:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 08:48 - 2015-09-16 04:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 08:48 - 2015-09-16 04:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 08:48 - 2015-09-16 04:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 08:48 - 2015-09-16 04:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 08:48 - 2015-09-16 04:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 08:48 - 2015-09-16 04:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 08:48 - 2015-09-16 03:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 08:48 - 2015-09-16 03:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 08:48 - 2015-09-16 03:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 08:48 - 2015-09-16 03:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 08:48 - 2015-09-16 03:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 08:48 - 2015-09-16 03:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 08:48 - 2015-09-16 03:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 08:48 - 2015-09-16 03:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 08:48 - 2015-09-16 03:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 08:48 - 2015-09-16 03:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 08:47 - 2015-07-18 14:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-14 08:42 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 08:42 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 08:42 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 08:42 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 08:37 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 08:37 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 08:37 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 08:37 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 08:37 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 08:37 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 08:37 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 08:37 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 08:37 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 08:37 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 08:37 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 08:37 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 08:37 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 08:37 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 08:37 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 08:37 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 08:37 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 08:37 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 08:37 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 08:37 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 08:37 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 08:37 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 08:37 - 2015-09-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 08:37 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 08:37 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 08:37 - 2015-09-29 03:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 08:37 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 08:37 - 2015-09-29 03:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 08:37 - 2015-09-29 03:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 08:37 - 2015-09-29 03:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 08:37 - 2015-09-29 03:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 08:37 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 08:37 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 02:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 08:37 - 2015-09-29 02:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 08:37 - 2015-09-29 02:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 08:37 - 2015-09-29 02:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 08:37 - 2015-09-29 02:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 08:37 - 2015-09-29 02:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 02:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 02:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 08:37 - 2015-09-29 02:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 08:37 - 2015-09-25 19:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 08:37 - 2015-09-25 19:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 08:37 - 2015-09-25 19:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 08:37 - 2015-09-25 19:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 08:37 - 2015-09-25 19:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 08:37 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 08:37 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 08:37 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 08:37 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 08:37 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 08:37 - 2015-09-15 19:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 08:37 - 2015-09-15 19:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 08:37 - 2015-09-15 19:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 08:37 - 2015-09-15 19:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 08:37 - 2015-09-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 08:37 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 08:37 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 08:37 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 08:37 - 2015-09-15 18:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-07 10:54 - 2014-09-30 11:43 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-07 10:30 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 10:30 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 10:26 - 2014-08-20 18:52 - 00779774 _____ C:\Windows\system32\perfh007.dat
2015-11-07 10:26 - 2014-08-20 18:52 - 00179300 _____ C:\Windows\system32\perfc007.dat
2015-11-07 10:26 - 2009-07-14 06:13 - 01834582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 10:25 - 2014-10-24 02:52 - 01728909 _____ C:\Windows\WindowsUpdate.log
2015-11-07 10:24 - 2014-08-20 19:12 - 00006461 _____ C:\Windows\SysWOW64\Gms.log
2015-11-07 10:22 - 2015-07-07 14:58 - 00000000 ___RD C:\Users\user.mp-126805\CloudStation
2015-11-07 10:22 - 2015-07-07 09:47 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-11-07 10:22 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 10:22 - 2009-07-14 05:51 - 00068493 _____ C:\Windows\setupact.log
2015-11-07 10:13 - 2015-07-07 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-11-07 10:13 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-11-06 15:15 - 2014-10-24 02:52 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7F4A776A-76E9-460F-9486-84DFFAD5B41A}
2015-11-06 14:52 - 2015-03-02 11:44 - 12017664 _____ C:\Users\user.mp-126805\Desktop\Wasserbetten-Kunden Quelle Ausgangsdatei.mdb
2015-11-06 12:50 - 2015-02-09 09:49 - 00004875 _____ C:\Users\user.mp-126805\AppData\Local\EmptySettings.xml
2015-11-06 10:47 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-11-06 10:29 - 2015-03-24 16:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-05 13:29 - 2015-04-09 08:09 - 00000000 ____D C:\ProgramData\cheap-o
2015-11-05 13:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-04 15:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-04 15:24 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2015-11-04 12:35 - 2015-09-19 10:09 - 00000000 ____D C:\Users\user.mp-126805\Desktop\Reklamationen
2015-11-04 10:53 - 2015-03-02 10:51 - 00000000 ___RD C:\Users\user.mp-126805\Desktop\Elke
2015-11-02 09:15 - 2015-06-26 10:15 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-23 14:18 - 2015-03-24 16:17 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-23 14:18 - 2015-03-24 16:17 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-10-20 14:38 - 2015-02-09 09:25 - 01006931 _____ C:\Users\user_bak.log
2015-10-19 07:54 - 2014-09-30 11:43 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-19 07:54 - 2014-09-30 11:43 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-19 07:54 - 2014-09-30 11:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-15 17:41 - 2015-02-12 03:16 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 17:41 - 2014-08-28 12:17 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 12:12 - 2014-08-28 14:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-15 08:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-10-14 18:05 - 2014-08-28 12:29 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 18:04 - 2014-08-28 12:29 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-09 09:41 - 2015-04-04 14:48 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 11:48 - 2015-04-04 14:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-02-09 09:49 - 2015-11-06 12:50 - 0004875 _____ () C:\Users\user.mp-126805\AppData\Local\EmptySettings.xml
2015-06-05 11:41 - 2015-06-05 11:43 - 0000712 _____ () C:\Users\user.mp-126805\AppData\Local\Temp-log.txt
2014-08-20 19:04 - 2014-08-20 19:05 - 8864734 _____ () C:\ProgramData\hpcsmmsilogs.log
2014-08-20 19:09 - 2014-08-20 19:09 - 1278762 _____ () C:\ProgramData\hpdam_install_log.txt
2014-08-20 19:08 - 2014-08-20 19:08 - 0544484 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2015-02-09 09:27 - 2015-02-09 09:37 - 0000227 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-31 10:23

==================== Ende von FRST.txt ============================

 

 

Addition.txt:

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-11-2015
durchgeführt von user (2015-11-07 11:11:31)
Gestartet von C:\Users\user.mp-126805\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-10-24 01:52:22)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3183930270-858073344-2258596639-500 - Administrator - Disabled)
Gast (S-1-5-21-3183930270-858073344-2258596639-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3183930270-858073344-2258596639-1018 - Limited - Enabled)
user (S-1-5-21-3183930270-858073344-2258596639-1004 - Administrator - Enabled) => C:\Users\user.mp-126805

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4192.0 - Lavasoft) Hidden
AvcEngine (Version: 3.11.11387.0 - Lavasoft) Hidden
B1315AppGuid (x32 Version: 1.0.0 - DATEV eG) Hidden
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Crystal Reports Runtime 13 (x32 Version: 1.0.13 - DATEV eG) Hidden
Crystal Reports Runtime XI (x32 Version: 1.0.9 - DATEV eG) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG)
DATEV-Installation V.3.7 (HKLM-x32\...\DATEVB00000482.0) (Version:  - )
DFL7 ConfigDB (HKLM-x32\...\{8B72AB5C-498C-4071-A2D1-11F0009C3B44}) (Version: 7.0.6113.0 - DATEV eG)
DFL7 Microkernel (HKLM-x32\...\{6FFCE7A5-E850-4612-A79E-0791089CB8BC}) (Version: 7.0.6166.0 - DATEV eG)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
HP LaserJet Professional CP1020 Series (HKLM\...\HP LaserJet Professional CP1020 Series) (Version:  - )
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppcp1025LaserJetService (HKLM-x32\...\{F31BF057-0D5E-485E-ADFD-560314A27912}) (Version: 1.00.0000 - Hewlett-Packard)
hppLaserJetService (x32 Version: 007.015.00635 - Hewlett-Packard) Hidden
Identive Cloud Smart Card Reader (HKLM-x32\...\{F476C0AA-80D6-481A-83FC-37763021C31F}) (Version: 1.02 - Identive)
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
kobdfu x64x86 driver installation (x32 Version: 1.00.0000 - KOBIL Systems) Hidden
KOBIL CCID driver x64x86 (x32 Version: 1.013.02121 - KOBIL Systems) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{74964326-CB2C-413B-B574-C4A90B8033E3}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SCR3xxx Smart Card Reader (HKLM-x32\...\{17B0906A-26ED-45D0-B51B-83EF1AADCCFE}) (Version: 8.51 - Identive)
Service Pack 3 für SQL Server 2008 R2 (KB2979597) (64-bit) (HKLM\...\KB2979597) (Version: 10.53.6000.34 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Full text search (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
Synology Cloud Station (HKLM-x32\...\{DBBA3533-A907-424F-9807-0906551E9580}) (Version: 3.2.3482 - Synology)
Synology Data Replicator  3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3183930270-858073344-2258596639-1004_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-3183930270-858073344-2258596639-1004_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3183930270-858073344-2258596639-1004_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3183930270-858073344-2258596639-1004_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3183930270-858073344-2258596639-1004_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3183930270-858073344-2258596639-1004_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\icon-overlay\13\x64\iconOverlay.dll (TODO: <Company name>)

==================== Wiederherstellungspunkte =========================

04-11-2015 15:20:25 ComboFix created restore point
04-11-2015 15:55:29 Windows Update
05-11-2015 12:24:20 Restore Point Created by FRST
05-11-2015 12:59:44 JRT Pre-Junkware Removal
07-11-2015 10:03:53 zoek.exe restore point

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-11-05 12:24 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {3E366D9F-240D-4AA6-9C0C-FC3DF3A9B813} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AA9A6610-3384-48B9-BBE5-5D94CB4E439F} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {AD6AC9CE-2BD9-49B8-9E8A-FC7C269500D8} - System32\Tasks\DATEV eG\DATEV Update-Monitor => C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe [2015-05-07] (DATEV eG)
Task: {D8D14A75-C70E-4F6A-A9D6-B6514DA81E35} - System32\Tasks\{B6CBD4C0-D28E-4730-BB50-B3076EEE49A9} => pcalua.exe -a E:\install.exe -d E:\
Task: {EBFDFD97-5A56-4208-A821-45412D8B84A4} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe
Task: {F5BB3615-EBF9-46F1-9953-E1D6AE4FCE73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-19] (Adobe Systems Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Synology Data Replicator 3-mp-126805-user.job => C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-02-09 12:00 - 2012-11-28 03:18 - 00129024 _____ () C:\Windows\System32\HPCP1020LM.DLL
2015-08-27 14:57 - 2015-08-27 14:57 - 09558752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe
2015-08-27 14:57 - 2015-08-27 14:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00492288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_locale-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02266344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\HtmlFramework.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00868600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTrayDefaultSkin.dll
2015-06-06 14:14 - 2015-06-06 14:14 - 00384072 _____ () C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
2014-01-23 03:53 - 2014-01-23 03:53 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-05-20 23:33 - 2014-08-13 23:24 - 00453448 _____ () C:\Windows\system32\igfxTray.exe
2014-08-20 19:07 - 2013-08-05 08:49 - 00627672 ____N () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 23:48 - 2013-08-05 23:48 - 00016856 ____N () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00123918 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00524460 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00115214 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 01026062 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 03095505 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 01798570 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 21565192 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 02874155 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00712704 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00031744 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00046080 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00032768 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00516608 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00243200 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00431616 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
2015-10-07 08:30 - 2015-10-07 08:30 - 00115214 _____ () C:\Users\user.mp-126805\AppData\Local\CloudStation\CloudStation.app\bin\ZLIB1.dll
2014-02-20 02:51 - 2014-02-20 02:51 - 01241560 ____N () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\user.mp-126805\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3F28D64C-779D-4FE9-A649-4842A1E47D82}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{89D8B21B-6B81-406A-BCF9-5F2544D61963}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{9F7C4A8A-AB27-4645-A5CC-0166E844D359}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{1AA4D242-1AA5-4210-A812-E0EA9C0CE6B4}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{407F9A3C-3CF1-4020-A35B-0B56D34340E1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{914A5A57-826E-4847-9489-5A278AE62A26}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{AF79E99E-DADD-4623-95CC-2F09B2C55D1D}] => (Allow) C:\DATEV\PROGRAMM\Sws\LimaService.exe
FirewallRules: [{97AF3537-3ADC-4533-8499-5E3008EDB88E}] => (Allow) C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe
FirewallRules: [{E8EE6FA5-00C3-4ED6-8748-0F1724D39EFE}] => (Allow) C:\DATEV\PROGRAMM\K0005000\Arbeitsplatz.exe
FirewallRules: [{5A75D8C4-15E4-4AB8-A7C6-A4745F0419D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{602F891A-CF9A-4506-B32C-CCE3DC9C7996}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{078B3890-5AB7-4C9F-A970-C854CD9D29AE}] => (Allow) C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
FirewallRules: [{2012C05A-CD07-400E-BC67-057F38BAE288}] => (Allow) C:\DATEV\PROGRAMM\B0000391\Datev.Security.Dokumentenschutz.exe
FirewallRules: [{A3976E43-B0ED-4ECC-81BB-175FC64C4FAB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4AE31485-DE09-4756-9D77-5F25DA0F20A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7996D11B-95A3-4680-A41E-89F05F25EAA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6466FFCC-A987-4A22-BE49-A13A00DFDEDF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
DomainProfile\AuthorizedApplications: [C:\DATEV\PROGRAMM\Numzus\NumZus.exe] => C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe
StandardProfile\AuthorizedApplications: [C:\DATEV\PROGRAMM\Numzus\NumZus.exe] => C:\DATEV\PROGRAMM\NUMZUS\NumZus.exe:*:Enabled:NumZus.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: BitDefender AVC HV
Description: BitDefender AVC HV
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: avchv
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: bdfwfpf
Description: bdfwfpf
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bdfwfpf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/07/2015 10:32:43 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2015 10:32:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2015 10:32:26 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2015 10:32:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/05/2015 12:24:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {ae14bdda-23f4-4a5a-beac-0d5dbee22ef1}

Error: (11/05/2015 12:12:54 PM) (Source: YSearchUtilSvc) (EventID: 0) (User: )
Description: YSearchUtilSvc error: Der Vorgang wurde erfolgreich beendet. (0x0)Could not open service (1060)

Error: (10/12/2015 10:02:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Wawi.exe, Version 5.0.0.128 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1264

Startzeit: 01d104cc0309216c

Endzeit: 204

Anwendungspfad: C:\DATEV\PROGRAMM\R0000082\Wawi.exe

Berichts-ID:

Error: (09/03/2015 10:52:14 AM) (Source: DatevPrintService) (EventID: 1) (User: )
Description: Systemfehler: Der Verzeichnisdienst ist nicht verfügbar. (0x200f)
Funktion: Unknown

Error: (09/03/2015 10:52:14 AM) (Source: DatevPrintService) (EventID: 1) (User: )
Description: Systemfehler: Der Verzeichnisdienst ist nicht verfügbar. (0x200f)
Funktion: Unknown

Error: (09/03/2015 10:52:14 AM) (Source: DatevPrintService) (EventID: 1) (User: )
Description: Systemfehler: Der Verzeichnisdienst ist nicht verfügbar. (0x200f)
Funktion: Unknown


Systemfehler:
=============
Error: (11/07/2015 11:02:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (11/07/2015 11:02:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\USER~1.MP-\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/07/2015 11:02:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (11/07/2015 11:02:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\USER~1.MP-\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/07/2015 11:02:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (11/07/2015 11:02:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\USER~1.MP-\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/07/2015 11:02:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (11/07/2015 11:02:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\USER~1.MP-\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/07/2015 11:02:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (11/07/2015 11:02:22 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\USER~1.MP-\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


CodeIntegrity:
===================================
  Date: 2015-11-04 15:22:57.068
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-11-04 15:22:57.037
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen ===========================

Prozessor: Intel® Core™ i5-4590S CPU @ 3.00GHz
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 8120.17 MB
Verfügbarer physikalischer RAM: 5042.12 MB
Summe virtueller Speicher: 16238.54 MB
Verfügbarer virtueller Speicher: 12806.68 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:106.79 GB) (Free:31.91 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.01 GB) (Free:1.3 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 8CA59B0F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================



#9 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 07 November 2015 - 08:17 PM

Please do the following for me

Please download SystemLook from one of the links below and save it to your Desktop.
Download 1
Download 2

  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
:filefind
bdfwfpf
BitDefender AVC HV

:folderfind
bdfwfpf
BitDefender AVC HV

:regfind
bdfwfpf
BitDefender AVC HV
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan.
  • Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 LuudL

LuudL
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 09 November 2015 - 06:26 AM

Here is the log:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:25 on 09/11/2015 by user
Administrator - Elevation successful

========== filefind ==========

Searching for "bdfwfpf"
No files found.

Searching for "BitDefender AVC HV"
No files found.

========== folderfind ==========

Searching for "bdfwfpf"
No folders found.

Searching for "BitDefender AVC HV"
No folders found.

========== regfind ==========

Searching for "bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BDFWFPF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BDFWFPF\0000]
"Service"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BDFWFPF\0000]
"DeviceDesc"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bdfwfpf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bdfwfpf]
"ImagePath"="\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bdfwfpf]
"DisplayName"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bdfwfpf\Enum]
"0"="Root\LEGACY_BDFWFPF\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BDFWFPF]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BDFWFPF\0000]
"Service"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BDFWFPF\0000]
"DeviceDesc"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\bdfwfpf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\bdfwfpf]
"ImagePath"="\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\bdfwfpf]
"DisplayName"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BDFWFPF]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BDFWFPF\0000]
"Service"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BDFWFPF\0000]
"DeviceDesc"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bdfwfpf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bdfwfpf]
"ImagePath"="\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bdfwfpf]
"DisplayName"="bdfwfpf"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bdfwfpf\Enum]
"0"="Root\LEGACY_BDFWFPF\0000"

Searching for "BitDefender AVC HV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0042]
"DriverDesc"="BitDefender AVC HV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem32.inf,%avchvdevice.devicedesc%;BitDefender AVC HV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0042]
"DriverDesc"="BitDefender AVC HV"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem32.inf,%avchvdevice.devicedesc%;BitDefender AVC HV"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0042]
"DriverDesc"="BitDefender AVC HV"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem32.inf,%avchvdevice.devicedesc%;BitDefender AVC HV"

-= EOF =-



#11 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 09 November 2015 - 11:07 AM

Bitdefender Uninstall please:

http://www.bitdefender.com/support/How-to-uninstall-Bitdefender-2015-1323.html

And PC restart.

------------------------------

Registry Fix

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BDFWFPF]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BDFWFPF\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bdfwfpf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bdfwfpf]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\bdfwfpf\Enum]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BDFWFPF]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BDFWFPF\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\bdfwfpf]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BDFWFPF]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BDFWFPF\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bdfwfpf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bdfwfpf]
"ImagePath"="-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bdfwfpf\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0042]
"DriverDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\SYSTEM\0001]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0042]
"DriverDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\SYSTEM\0001]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0042]
"DriverDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\SYSTEM\0001]
"DeviceDesc"=-
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Did the Registry key import properly?

 

Let me know when you get that done


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 LuudL

LuudL
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 09 November 2015 - 12:17 PM

Ok i did everything like you said.

Registry import worked fine.

 

 

Kind regards



#13 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 09 November 2015 - 07:40 PM

Hi LuudL,
 

Step 1:
FRST Script:

  • Please make sure your browsers are closed before continuing.
  • Be sure to temporarily disable all antivirus/anti-spyware softwares

Please download this attached Attached File  Fixlist.txt   1.26KB   2 downloads    and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

Step 3:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.
For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 LuudL

LuudL
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:41 PM

Posted 11 November 2015 - 05:24 AM

FRST

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-11-2015
durchgeführt von user (2015-11-11 10:18:29) Run:3
Gestartet von C:\Users\user.mp-126805\Desktop\Sicherheit
Geladene Profile: user (Verfügbare Profile: user)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
C:\ProgramData\cheap-o
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3183930270-858073344-2258596639-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
C:\Users\user.mp-126805\Desktop\ComboFix.exe.lnk
C:\Windows\PFRO.log
c:\program files (x86)\prefs.js
c:\windows\Tasks\Synology Data Replicator 3-mp-126805-user.job
cmd: netsh winsock reset
EmptyTemp:
Reboot:
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozess erfolgreich geschlossen.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel nicht gefunden.
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel nicht gefunden.
CHR dev: Chrome dev build erkannt! <======= ACHTUNG => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
"C:\ProgramData\cheap-o" => nicht gefunden.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert nicht gefunden.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert nicht gefunden.
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert nicht gefunden.
HKU\S-1-5-21-3183930270-858073344-2258596639-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => Schlüssel nicht gefunden.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Schlüssel nicht gefunden.
"C:\Users\user.mp-126805\Desktop\ComboFix.exe.lnk" => nicht gefunden.
"C:\Windows\PFRO.log" => nicht gefunden.
"c:\program files (x86)\prefs.js" => nicht gefunden.
"c:\windows\Tasks\Synology Data Replicator 3-mp-126805-user.job" => nicht gefunden.

=========  netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieen.


========= Ende von CMD: =========

EmptyTemp: => 9.7 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 10:18:35 ====

 

 

Minitoolbox

 

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by user (administrator) on 11-11-2015 at 11:14:15
Running from "C:\Users\user.mp-126805\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: HP ProDesk 400 G2 MT Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows-IP-Konfiguration

Der DNS-Auflsungscache wurde geleert.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

300Mbps Wireless USB Adapter = Drahtlosnetzwerkverbindung (Connected)
Realtek PCIe GBE Family Controller = LAN-Verbindung (Media disconnected)


# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# Ende der IPv4-Konfiguration



Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : mp-126805
   Primres DNS-Suffix . . . . . . . :
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : localdomain

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

   Verbindungsspezifisches DNS-Suffix: localdomain
   Beschreibung. . . . . . . . . . . : 300Mbps Wireless USB Adapter
   Physikalische Adresse . . . . . . : E8-DE-27-A9-3D-1E
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : fde2:8acd:e9d3:0:4087:484:4e84:ea93(Bevorzugt)
   Temporre IPv6-Adresse. . . . . . : fde2:8acd:e9d3:0:68e1:2dd:5696:2200(Bevorzugt)
   Verbindungslokale IPv6-Adresse  . : fe80::4087:484:4e84:ea93%12(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 192.168.100.52(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Mittwoch, 11. November 2015 11:08:27
   Lease luft ab. . . . . . . . . . : Mittwoch, 25. November 2015 11:08:26
   Standardgateway . . . . . . . . . : 192.168.100.1
   DHCP-Server . . . . . . . . . . . : 192.168.100.1
   DNS-Server  . . . . . . . . . . . : 192.168.100.1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert

Ethernet-Adapter LAN-Verbindung:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physikalische Adresse . . . . . . : A0-D3-C1-47-3F-3F
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter Teredo Tunneling Pseudo-Interface:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.localdomain:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: localdomain
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #5
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja

Tunneladapter isatap.{4F437F85-C651-48D0-AD16-04D9265BA787}:

   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Microsoft-ISATAP-Adapter #6
   Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
Server:  sphairon.box
Address:  192.168.100.1

Name:    google.com
Addresses:  2a00:1450:4001:805::1003
      173.194.112.163
      173.194.112.160
      173.194.112.169
      173.194.112.168
      173.194.112.174
      173.194.112.161
      173.194.112.167
      173.194.112.166
      173.194.112.165
      173.194.112.164
      173.194.112.162


Ping wird ausgefhrt fr google.com [173.194.112.162] mit 32 Bytes Daten:
Antwort von 173.194.112.162: Bytes=32 Zeit=56ms TTL=57
Antwort von 173.194.112.162: Bytes=32 Zeit=61ms TTL=57

Ping-Statistik fr 173.194.112.162:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 56ms, Maximum = 61ms, Mittelwert = 58ms
Server:  sphairon.box
Address:  192.168.100.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      206.190.36.45
      98.138.253.109
      98.139.183.24


Ping wird ausgefhrt fr yahoo.com [98.139.183.24] mit 32 Bytes Daten:
Antwort von 98.139.183.24: Bytes=32 Zeit=134ms TTL=50
Antwort von 98.139.183.24: Bytes=32 Zeit=135ms TTL=50

Ping-Statistik fr 98.139.183.24:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 134ms, Maximum = 135ms, Mittelwert = 134ms

Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128

Ping-Statistik fr 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
 12...e8 de 27 a9 3d 1e ......300Mbps Wireless USB Adapter
 11...a0 d3 c1 47 3f 3f ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 20...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #5
 19...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter #6
===========================================================================

IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0    192.168.100.1   192.168.100.52     25
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    306
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    306
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
    192.168.100.0    255.255.255.0   Auf Verbindung    192.168.100.52    281
   192.168.100.52  255.255.255.255   Auf Verbindung    192.168.100.52    281
  192.168.100.255  255.255.255.255   Auf Verbindung    192.168.100.52    281
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    306
        224.0.0.0        240.0.0.0   Auf Verbindung    192.168.100.52    281
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    306
  255.255.255.255  255.255.255.255   Auf Verbindung    192.168.100.52    281
===========================================================================
Stndige Routen:
  Keine

IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
  1    306 ::1/128                  Auf Verbindung
 12     33 fde2:8acd:e9d3::/64      Auf Verbindung
 12    281 fde2:8acd:e9d3:0:4087:484:4e84:ea93/128
                                    Auf Verbindung
 12    281 fde2:8acd:e9d3:0:68e1:2dd:5696:2200/128
                                    Auf Verbindung
 12    281 fe80::/64                Auf Verbindung
 12    281 fe80::4087:484:4e84:ea93/128
                                    Auf Verbindung
  1    306 ff00::/8                 Auf Verbindung
 12    281 ff00::/8                 Auf Verbindung
===========================================================================
Stndige Routen:
  Keine
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/11/2015 10:18:29 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {8dff43b6-6e02-417d-8966-1a06db8ee8f3}

Error: (11/11/2015 09:52:39 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {ff764081-7165-441a-8727-6551dc795dd1}

Error: (11/11/2015 09:51:16 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2015 10:32:43 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2015 10:32:40 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2015 10:32:26 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/07/2015 10:32:09 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (11/05/2015 12:24:20 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {ae14bdda-23f4-4a5a-beac-0d5dbee22ef1}

Error: (11/05/2015 12:12:54 PM) (Source: YSearchUtilSvc) (User: )
Description: YSearchUtilSvc error: Der Vorgang wurde erfolgreich beendet. (0x0)Could not open service (1060)

Error: (10/12/2015 10:02:11 AM) (Source: Application Hang) (User: )
Description: Programm Wawi.exe, Version 5.0.0.128 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1264

Startzeit: 01d104cc0309216c

Endzeit: 204

Anwendungspfad: C:\DATEV\PROGRAMM\R0000082\Wawi.exe

Berichts-ID:


System errors:
=============
Error: (11/11/2015 11:07:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP File Sanitizer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (11/11/2015 11:07:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (11/11/2015 10:19:04 AM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (11/11/2015 10:18:51 AM) (Source: Service Control Manager) (User: )
Description: Dienst "DATEV Connection Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/11/2015 10:18:34 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Intel® Management and Security Application Local Management Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/11/2015 10:18:34 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Intel® Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/11/2015 10:18:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/11/2015 10:18:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SQL Server (DATEV_DBENGINE)" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/11/2015 10:18:34 AM) (Source: Service Control Manager) (User: )
Description: Dienst "DATEV DFL Infrastruktur-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/11/2015 10:18:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================
Error: (11/11/2015 10:18:29 AM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {8dff43b6-6e02-417d-8966-1a06db8ee8f3}

Error: (11/11/2015 09:52:39 AM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {ff764081-7165-441a-8727-6551dc795dd1}

Error: (11/11/2015 09:51:16 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\user.mp-126805\Desktop\Sicherheit\esetsmartinstaller_enu.exe

Error: (11/07/2015 10:32:43 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\user.mp-126805\Desktop\esetsmartinstaller_enu.exe

Error: (11/07/2015 10:32:40 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\user.mp-126805\Desktop\esetsmartinstaller_enu.exe

Error: (11/07/2015 10:32:26 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\user.mp-126805\Desktop\esetsmartinstaller_enu.exe

Error: (11/07/2015 10:32:09 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\user.mp-126805\Downloads\esetsmartinstaller_enu.exe

Error: (11/05/2015 12:24:20 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {ae14bdda-23f4-4a5a-beac-0d5dbee22ef1}

Error: (11/05/2015 12:12:54 PM) (Source: YSearchUtilSvc)(User: )
Description: YSearchUtilSvc error: Der Vorgang wurde erfolgreich beendet. (0x0)Could not open service (1060)

Error: (10/12/2015 10:02:11 AM) (Source: Application Hang)(User: )
Description: Wawi.exe5.0.0.128126401d104cc0309216c204C:\DATEV\PROGRAMM\R0000082\Wawi.exe


CodeIntegrity Errors:
===================================
  Date: 2015-11-04 15:22:57.068
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-11-04 15:22:57.037
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


=========================== Installed Programs ============================

7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (HKLM\...\{C239D953-F683-4124-BD02-1ED1F353244D}) (Version: 11.8.586.8535 - Lavasoft) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AntimalwareEngine (HKLM\...\{6E5FAEC8-C3C1-44E8-B8DE-CE3F9568BF85}) (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (HKLM\...\{BA90CD7E-A788-4BF5-B2F4-E19237E04161}) (Version: 2.4.4192.0 - Lavasoft) Hidden
AvcEngine (HKLM\...\{D2D88581-957C-4F64-A145-B315D4E8F811}) (Version: 3.11.11387.0 - Lavasoft) Hidden
B1315AppGuid (HKLM-x32\...\{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}) (Version: 1.0.0 - DATEV eG) Hidden
Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)
Crystal Reports Runtime 13 (HKLM-x32\...\{DF4B5C50-C6A0-44FF-90C7-B1C032411FF4}) (Version: 1.0.13 - DATEV eG) Hidden
Crystal Reports Runtime XI (HKLM-x32\...\{7F26BC94-9AAA-4FD2-A38A-F13B3ECA3426}) (Version: 1.0.9 - DATEV eG) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DATEV Belegtransfer V.3.22 (HKLM-x32\...\{EC561A24-754E-44F1-B76F-2FDA3DF9E912}) (Version: 2.03 - DATEV eG)
DATEV-Installation V.3.7 (HKLM-x32\...\DATEVB00000482.0) (Version:  - )
DFL7 ConfigDB (HKLM-x32\...\{8B72AB5C-498C-4071-A2D1-11F0009C3B44}) (Version: 7.0.6113.0 - DATEV eG)
DFL7 Microkernel (HKLM-x32\...\{6FFCE7A5-E850-4612-A79E-0791089CB8BC}) (Version: 7.0.6166.0 - DATEV eG)
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
FirewallEngine (HKLM\...\{877C7A27-7529-4B0C-BA7B-4D697E90DDC1}) (Version: 1.6.0.0 - Lavasoft) Hidden
HP LaserJet Professional CP1020 Series (HKLM\...\HP LaserJet Professional CP1020 Series) (Version:  - )
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HPLJUT (HKLM-x32\...\{229D6185-BD7E-494B-A73B-C5215BE0690E}) (Version: 1.00.0012 - HP) Hidden
hppcp1025LaserJetService (HKLM-x32\...\{F31BF057-0D5E-485E-ADFD-560314A27912}) (Version: 1.00.0000 - Hewlett-Packard)
hppLaserJetService (HKLM-x32\...\{5093AE98-D510-4BEB-BAC1-7FC8ECE35B98}) (Version: 007.015.00635 - Hewlett-Packard) Hidden
Identive Cloud Smart Card Reader (HKLM-x32\...\{F476C0AA-80D6-481A-83FC-37763021C31F}) (Version: 1.02 - Identive)
Intel® Chipset Device Software (HKLM-x32\...\{f3e3c5dd-edd0-406b-8aa2-ce5acb93660e}) (Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
kobdfu x64x86 driver installation (HKLM-x32\...\{5FCFEBE0-EBDA-42A5-BC6E-67B94A47D6F0}) (Version: 1.00.0000 - KOBIL Systems) Hidden
KOBIL CCID driver x64x86 (HKLM-x32\...\{C5CBEBFF-3DB4-4271-A706-757BBE3BD5AE}) (Version: 1.013.02121 - KOBIL Systems) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{74964326-CB2C-413B-B574-C4A90B8033E3}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OnlineThreatsEngine (HKLM\...\{A8F67345-FA75-4E99-AEBA-DE9BFE708A49}) (Version: 2.2.3.0 - Lavasoft) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7224 - Realtek Semiconductor Corp.)
Scansoft PDF Professional (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
SCR3xxx Smart Card Reader (HKLM-x32\...\{17B0906A-26ED-45D0-B51B-83EF1AADCCFE}) (Version: 8.51 - Identive)
Service Pack 3 für SQL Server 2008 R2 (KB2979597) (64-bit) (HKLM\...\KB2979597) (Version: 10.53.6000.34 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Full text search (HKLM\...\{9DFA5914-C275-42E0-810E-C88E46A7F9EA}) (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.53.6000.34 - Microsoft Corporation) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
Synology Cloud Station (HKLM-x32\...\{DBBA3533-A907-424F-9807-0906551E9580}) (Version: 3.2.3482 - Synology)
Synology Data Replicator  3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TP-LINK 300Mbps Wireless USB Adapter Treiber (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 8120.17 MB
Available physical RAM: 4803.78 MB
Total Virtual: 16238.54 MB
Available Virtual: 12899.55 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:106.79 GB) (Free:30.53 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.01 GB) (Free:1.3 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\MP-126805

Administrator            Gast                     user                     
Der Befehl wurde erfolgreich ausgefhrt.


**** End of log ****
 

 

 

Rouguekiller

 

RogueKiller V10.11.5.0 [Nov  9 2015] (Free) by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
gestarted in : normaler Modus
User : user [Administrator]
Started from : C:\Users\user.mp-126805\Desktop\RogueKiller.exe
Modus : Scannen -- Datum : 11/11/2015 11:21:15

¤¤¤ Prozesse : 1 ¤¤¤
[VT.Unknown] sqlservr.exe(2720) -- C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe[7] -> beendet [TermProc]

¤¤¤ Registry : 4 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Gefunden
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Gefunden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3183930270-858073344-2258596639-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gefunden

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Host Dateien : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 983380731647dc98e9d237cc446e7e3e
[BSP] ee4378bb03c39fcc93b7ea2f5e975bd2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 109351 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 224669696 | Size: 12297 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:41 PM

Posted 11 November 2015 - 09:42 AM

Logs are clean.

 

Emsisoft Emergency Kit Scan

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

===================================================

Things I would like to see in your next reply. :thumbup2:

  • Results?

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users