Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.01.2015, 22:26   #1
Cyerton
 
Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1 - Standard

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1



Hallo,

nachdem ich mal alle meine USB Geräte schön angeordnet habe und meinen PC wieder angeschaltet habe, dauerte der Startvorgang ewig. Ich hatte für 4 Minuten nur einen weiß blinkenden Strich, der normalerweise nach zwei Sekunden wieder verschwindet. Nach den 4 Minten taucht dann "Press F11 to run recovery" welches dann aber wieder zeimlich schnell verschwindet. Nachdem dann der nochmale Startprozess weitere 3 Minuten angedaueret hat, konnte ich mich einloggen. Als ich dann meine Maus bewegt habe und diese strak ruckelte, dachte ich es liegt an den Anschlüssen, aber als dann die Sprachausgabe von Programmen wie Skype und TeamSpeak sich ruckhaft anhörten überprüfte ich Arbeitsspeicher und CPU Auslastung. Der Arbeitsspeicher hat 2 von 8 GB eingenommen, aber CPU lag bei schwankte bei 98-100%. Das einzige was mir in den Sinn kam war ein Virus, denn änderen der USB Anschlüsse kann, nach meinen Wissen, keinen so enormen "Fehler" mit sich bringen. Darauf hin habe ich mit Microsoft Security Essentials mein ganzes System überprüft und eine bösartige Software namens 'Eicar.com' gefunden. Ich habe diese daraufhin gegooglet um zu erfahren was diese den macht und habe herausgefunden, dass diese nur ein Testvirus ist und keinen Schaden anrichten kann. Das entfernen brachte so auch keine besserung mit sich. Nun wollte ich wissen ob doch noch eine sich gut versteckende Schadenssoftware sich auf meinem PC eingenisstet hat oder ob dieser Fehler doch mit anderen Dingen zu tun hat, die mir nicht in den Sinn kommen. Ich habe die benötigeten Datein angehängt.

PC-Informationen:
Medion Akoya E4065 D
8GB Arbeitsspeicher
AMD A8 5500 3,2/3,7 GHz
-Eine externe Festplatte ist zur Speichererweiterung durchgänging angeschlossen-

Ich hoffe mir ist noch zu helfen ;D
Cyerton
Angehängte Dateien
Dateityp: txt Addition.txt (38,0 KB, 119x aufgerufen)
Dateityp: log defogger_disable.log (472 Bytes, 83x aufgerufen)
Dateityp: txt FRST.txt (63,1 KB, 126x aufgerufen)
Dateityp: txt Gmer.txt (14,7 KB, 299x aufgerufen)

Alt 17.01.2015, 22:33   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1 - Standard

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.01.2015, 13:12   #3
Cyerton
 
Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1 - Standard

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1



Hey,

danke für die schnelle Antwort!

Hier dürften jetzt die angehängten Logs auftachen:

Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by **** at 2015-01-17 19:56:47
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{8F3C9854-8EB9-3D28-4AD7-E3ADD800C7E3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
ByteScout BarCode Generator 3.22.643 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Generator_is1) (Version:  - Bytescout Software)
ByteScout BarCode Reader 3.00.771 (FREEWARE) (HKLM-x32\...\ByteScout BarCode Reader_is1) (Version: 3.00.771 - Bytescout Software)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Craften Terminal 4.0.1 (HKLM-x32\...\Craften Terminal_is1) (Version: 4.0.1 - Craften.de)
Craften Terminal 4.0.2 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.0.2 - Craften.de)
Creative ASIO (USB) (HKLM-x32\...\Creative_ASIO(USB)) (Version: 1.00 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadlight (HKLM-x32\...\Steam App 211400) (Version:  - Tequila Works, S.L.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
diclovit's mod pack 9.5.0 (HKLM-x32\...\{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1) (Version: 9.5.0 - diclovit)
FileZilla Client 3.9.0.3 (HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 5.0 - Genie9)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.85 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iDevice Manager (HKLM-x32\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 4.5.0.4 - Marx Software)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version:  - NetherRealm Studios)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 10.7.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.5 - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version:  - Daniel Rebelo)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{83257982-7466-4BBA-A925-B64A62F42E9C}) (Version: 16.4.1899.0416 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F21D2032-60FE-4729-9C87-46F1615FB965}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MK LOL (HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\MK LOL) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetBeans IDE 8.0.1 (HKLM\...\nbi-nb-base-8.0.1.0.201408251540) (Version: 8.0.1 - NetBeans.org)
NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR) Hidden
NIKON IMAGE SPACE UPLOADER (HKLM-x32\...\com.nikonimagespace.uploader) (Version: 1.1 - NIKON CORPORATION)
NIKON IMAGE SPACE UPLOADER (x32 Version: 1.1 - NIKON CORPORATION) Hidden
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140812.90586 - Square Enix Ltd)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 26.0.1656.60 (HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Authoring Tools - Beta (HKLM-x32\...\Steam App 629) (Version:  - Valve)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
Receiver (HKLM-x32\...\Steam App 234190) (Version:  - Wolfire Games)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Roller Coaster Extreme (HKLM-x32\...\Roller Coaster Extreme) (Version: 1.00 - Casual Arts)
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version:  - Atari)
SADES 7.1 SOUND EFFECT GAMING HEADSET (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
SADES 7.1 SOUND EFFECT GAMING HEADSET (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392006300}) (Version: 1.00.0001 - )
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Sound Blaster X-Fi Surround 5.1 Pro (HKLM-x32\...\{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}) (Version: 1.0 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TI-Nspire(TM) CAS Student Software (HKLM-x32\...\{E8CC9064-8382-4D5C-9E55-F88D9541FFC0}) (Version: 3.2.0.1219 - Texas Instruments Inc.)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - Black Pants Game Studio)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version:  - Nadeo)
Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version:  - Haemimont Games)
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Warlock - Master of the Arcane (HKLM-x32\...\Steam App 203630) (Version:  - Ino-Co Plus)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireshark 1.12.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.3 - The Wireshark developer community, hxxp://www.wireshark.org)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

17-01-2015 16:53:42 Windows Update
17-01-2015 17:36:01 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-07-07 18:06 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {22234CFD-D768-47EB-85AE-816709A578EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {34360015-CA76-450F-A89A-F112AC5C2B2C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {447F4539-D90C-4316-942D-D33FDE0E301E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {5C6063E3-2898-452C-BFB7-B0AD9470E1F5} - \bettermarkit Update No Task File <==== ATTENTION
Task: {6EDD3AAC-F2FD-4C1F-A310-477BB1E188CA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7CFFEF6E-507F-414A-BD43-7A04C95A663E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-23] ()
Task: {8A253814-522D-40D4-927B-9804C7E312B8} - \Feven-chromeinstaller No Task File <==== ATTENTION
Task: {8D8A17FE-9F17-4BFA-9CA3-A649D0B569CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {94C7D9C2-19A0-4F9A-8209-190F33EE384D} - \Feven-codedownloader No Task File <==== ATTENTION
Task: {A374CA0A-37C5-4D7F-8A4B-4DCE768F78EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {A5980A81-1E38-4192-80D2-41ABE3FF49FE} - System32\Tasks\Opera scheduled Autoupdate 1377543958 => C:\Users\Alex\AppData\Local\Programs\Opera\launcher.exe [2014-12-17] (Opera Software)
Task: {BE8A2DE5-7AB9-4EBA-9668-4EB17FCB2B6B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {E18723DD-47A0-40E5-AA39-B8C89E802527} - System32\Tasks\{4A440030-835E-4BD3-BF73-FC9374EB17ED} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {F3F3D571-B069-4DC6-A47C-14012998429B} - \Feven-updater No Task File <==== ATTENTION
Task: {FB37B73E-D84D-469A-8F14-B518E3EC3BCF} - \Feven-enabler No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-12 11:33 - 2014-03-12 11:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-10-07 15:54 - 2013-10-07 15:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2013-12-29 11:18 - 2013-12-29 11:18 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.dll
2013-11-20 08:39 - 2013-11-20 08:39 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.dll
2013-12-29 11:18 - 2013-12-29 11:18 - 00491520 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.dll
2012-02-02 10:16 - 2012-02-02 10:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.dll
2012-04-24 10:29 - 2012-04-24 10:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.dll
2013-12-29 11:18 - 2013-12-29 11:18 - 00211968 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.dll
2013-11-20 08:39 - 2013-11-20 08:39 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.dll
2013-12-29 11:18 - 2013-12-29 11:18 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.dll
2013-12-29 11:18 - 2013-12-29 11:18 - 00722944 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.dll
2013-12-29 11:18 - 2013-12-29 11:18 - 00371200 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.dll
2013-02-11 12:34 - 2013-02-11 12:34 - 00045056 _____ () C:\Program Files\Genie9\Genie Timeline\pcre.dll
2013-02-11 12:34 - 2013-02-11 12:34 - 00097792 _____ () C:\Program Files\Genie9\Genie Timeline\pcrebase.dll
2013-12-29 11:18 - 2013-12-29 11:18 - 00054784 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.dll
2012-02-02 10:16 - 2012-02-02 10:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.dll
2013-11-20 08:39 - 2013-11-20 08:39 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-07-15 17:46 - 2009-12-29 15:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-07-15 17:46 - 2010-07-22 15:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-03-12 11:33 - 2014-03-12 11:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-12-29 11:18 - 2013-12-29 11:18 - 00063488 _____ () C:\Program Files\Genie9\Genie Timeline\XBalloonMsgDll.dll
2013-11-20 08:39 - 2013-11-20 08:39 - 00093696 _____ () C:\Program Files\Genie9\Genie Timeline\GSCurl.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 15:47 - 2013-10-07 15:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 15:44 - 2013-10-07 15:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 15:49 - 2013-10-07 15:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-01-09 09:09 - 2013-01-09 09:09 - 00118784 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\Ralink.dll
2014-07-15 17:46 - 2009-12-29 15:50 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-07-15 17:46 - 2010-07-22 15:45 - 00181760 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-12-03 20:57 - 2014-12-03 20:57 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-06 17:02 - 2015-01-06 17:02 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2015-01-06 17:02 - 2015-01-06 17:02 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-01-06 17:02 - 2015-01-06 17:02 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aura.lnk => C:\Windows\pss\Aura.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BetterExplorer.lnk => C:\Windows\pss\BetterExplorer.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => "C:\ProgramData\cisA269.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2572767104-2773664841-3638514099-500 - Administrator - Disabled)
Alex (S-1-5-21-2572767104-2773664841-3638514099-1003 - Administrator - Enabled) => C:\Users\****
Gast (S-1-5-21-2572767104-2773664841-3638514099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2572767104-2773664841-3638514099-1005 - Limited - Enabled)
User (S-1-5-21-2572767104-2773664841-3638514099-1002 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 07:27:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005

Error: (01/17/2015 07:05:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (01/17/2015 07:05:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (01/17/2015 07:00:49 PM) (Source: MSSQL$JTLWAWI) (EventID: 9003) (User: )
Description: Die Protokollscannummer (17:232:1), die an den Protokollscan in der 'model'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen, dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei (MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist, müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten führt.

Error: (01/17/2015 06:48:59 PM) (Source: MSSQL$JTLWAWI) (EventID: 9003) (User: )
Description: Die Protokollscannummer (17:232:1), die an den Protokollscan in der 'model'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen, dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei (MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist, müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten führt.

Error: (01/17/2015 04:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 300: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (01/17/2015 04:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (01/17/2015 04:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: send_all(300) wrote -1 of 4 errno 10053 (Eine bestehende Verbindung wurde softwaregesteuert
durch den Hostcomputer abgebrochen.)

Error: (01/17/2015 04:10:00 PM) (Source: MSSQL$JTLWAWI) (EventID: 9003) (User: )
Description: Die Protokollscannummer (17:232:1), die an den Protokollscan in der 'model'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen, dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei (MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist, müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten führt.

Error: (01/17/2015 03:55:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 448: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)


System errors:
=============
Error: (01/17/2015 07:09:20 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (01/17/2015 07:02:40 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.47192.168.137.0255.255.255.0

Error: (01/17/2015 07:02:38 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (01/17/2015 07:02:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst GenieTimelineService erreicht.

Error: (01/17/2015 07:01:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst GenieTimelineService erreicht.

Error: (01/17/2015 07:01:30 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT-AUTORITÄT)
Description: 0x8000002a28\??\C:\Users\****\ntuser.dat

Error: (01/17/2015 07:00:49 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "SQL Server (JTLWAWI)" wurde mit folgendem dienstspezifischem Fehler beendet: %%3414.

Error: (01/17/2015 07:00:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/17/2015 06:51:12 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.178.47192.168.137.0255.255.255.0

Error: (01/17/2015 06:51:11 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 


Microsoft Office Sessions:
=========================
Error: (01/17/2015 07:27:58 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070005 
System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (01/17/2015 07:05:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 504: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (01/17/2015 07:05:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (01/17/2015 07:00:49 PM) (Source: MSSQL$JTLWAWI) (EventID: 9003) (User: )
Description: (17:232:1)model

Error: (01/17/2015 06:48:59 PM) (Source: MSSQL$JTLWAWI) (EventID: 9003) (User: )
Description: (17:232:1)model

Error: (01/17/2015 04:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 300: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (01/17/2015 04:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (01/17/2015 04:15:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: send_all(300) wrote -1 of 4 errno 10053 (Eine bestehende Verbindung wurde softwaregesteuert
durch den Hostcomputer abgebrochen.)

Error: (01/17/2015 04:10:00 PM) (Source: MSSQL$JTLWAWI) (EventID: 9003) (User: )
Description: (17:232:1)model

Error: (01/17/2015 03:55:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 448: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)


==================== Memory info =========================== 

Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 33%
Total physical RAM: 7641.07 MB
Available physical RAM: 5105.04 MB
Total Pagefile: 15282.14 MB
Available Pagefile: 11623.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:880.41 GB) (Free:408.68 GB) NTFS
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:27.47 GB) NTFS
Drive k: (****'s Festplatte ) (Fixed) (Total:1863.01 GB) (Free:767.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C9CC4325)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=880.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 80B280E6)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
defogger_disable.log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:52 on 17/01/2015 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by **** (administrator) on CYERTON on 17-01-2015 19:53:55
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: User & ****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Marx Softwareentwicklung - www.software4u.de) C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDMLauncher.exe
(Spotify Ltd) C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Module Loader] => C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe [57344 2007-07-23] (Creative Technology Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G Data Software AG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\Run: [COMPUTER BILD Account-Alarm] => "C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe" /tray
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\Run: [iDevice Manager Launcher] => C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IDMLauncher.exe [139216 2014-12-10] (Marx Softwareentwicklung - www.software4u.de)
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\Run: [Spotify Web Helper] => C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\MountPoints2: {98a9482b-a224-11e3-b0e4-89d9db7e6bf4} - I:\setup.exe
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\...\MountPoints2: {d8f76644-a91e-11e3-8270-88e6b9dd36e6} - I:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Newgen.lnk
ShortcutTarget: Newgen.lnk -> C:\Windows\8 Skin Pack\Newgen\Newgen.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Refresh.lnk
ShortcutTarget: Refresh.lnk -> C:\Windows\iOS Skin Pack\Tools\Refresh.cmd (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
ShortcutTarget: RocketDock.lnk -> C:\Windows\iOS Skin Pack\RocketDock\RocketDock.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TaskbarUserTile.lnk
ShortcutTarget: TaskbarUserTile.lnk -> C:\Windows\8 Skin Pack\TaskbarUserTile\UserTile.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
ShortcutTarget: UberIcon.lnk -> C:\Windows\iOS Skin Pack\UberIcon\UberIcon.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
ShortcutTarget: YzShadow.lnk -> C:\Windows\iOS Skin Pack\YzShadow\YzShadow.exe (No File)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\****\AppData\Local\Temp\is-LS15E.tmp\ATR1.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2572767104-2773664841-3638514099-1003] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2572767104-2773664841-3638514099-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2572767104-2773664841-3638514099-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2572767104-2773664841-3638514099-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{78ED7CEB-44F8-459B-AB3F-ED63FFC39F2C}: [NameServer] 192.168.178.167,192.168.178.1
Tcpip\..\Interfaces\{ED3DD619-F400-437F-B1E5-966CD8F396EA}: [NameServer] 192.168.178.47,192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default\Extensions\artur.dubovoy@gmail.com [2015-01-09]
FF Extension: Flashlight - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default\Extensions\flashlight@stephennolan.com.au [2014-11-23]
FF Extension: WOT - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-07-30]
FF Extension: DownThemAll! AntiContainer - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default\Extensions\anticontainer@downthemall.net.xpi [2014-12-30]
FF Extension: Ghostery - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default\Extensions\firefox@ghostery.com.xpi [2014-11-10]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-11-10]
FF Extension: Adblock Plus - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-29]
FF Extension: DownThemAll! - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\xy7f7099.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-12-30]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/", "hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.69\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.69\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-25]
CHR Extension: (WOT) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-03-28]
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-17]
CHR Extension: (Adblock Plus) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-17]
CHR Extension: (Gmail offline) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-07-17]
CHR Extension: (Google Play) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-07-17]
CHR Extension: (Google Maps) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-07-17]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (Space Planet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [mpnkngdlkfogmplnfcbphiekcjgbnckb] - C:\Program Files (x86)\bettermarkit\150.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-04-09] (Adobe Systems) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-03-12] (Advanced Micro Devices, Inc.) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-17] (EasyAntiCheat Ltd)
R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [678976 2013-12-29] (Genie9)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2014-07-17] (Mozilla Foundation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2011-11-21] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2011-11-21] (Ralink Technology, Corp.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-08-10] (Microsoft Corporation) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2014-10-27] (G Data Software AG)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-09-30] (Sony Mobile Communications)
R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588480 2013-04-08] (Creative Technology Ltd.)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2013-12-06] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-14] (Anchorfree Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2013-11-03] (Texas Instruments)
R3 wod0205; C:\Windows\System32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 DxkgFilter; \??\C:\Program Files (x86)\iDisplay\idisplay.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 19:53 - 2015-01-17 19:55 - 00027473 _____ () C:\Users****\Downloads\FRST.txt
2015-01-17 19:53 - 2015-01-17 19:54 - 00000000 ___DC () C:\FRST
2015-01-17 19:52 - 2015-01-17 19:52 - 02125824 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2015-01-17 19:52 - 2015-01-17 19:52 - 00000470 _____ () C:\Users\****\Downloads\defogger_disable.log
2015-01-17 19:52 - 2015-01-17 19:52 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-01-17 19:51 - 2015-01-17 19:51 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2015-01-17 19:00 - 2015-01-17 19:00 - 00000022 _____ () C:\Windows\S.dirmngr
2015-01-17 18:50 - 2015-01-17 18:50 - 00000000 ____D () C:\Windows\Panther
2015-01-17 17:35 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-17 17:35 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-17 17:35 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-17 17:35 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-17 17:35 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-17 17:34 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-17 17:34 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-17 17:34 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-17 17:32 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 17:32 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-17 17:32 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-17 17:32 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-17 17:32 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-17 17:32 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-17 17:32 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-17 17:32 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-17 17:32 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-17 17:32 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-17 17:32 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-17 17:32 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-17 17:30 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-17 17:29 - 2014-11-21 09:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-17 17:29 - 2014-11-21 09:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-17 17:29 - 2014-11-21 09:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-17 17:29 - 2014-11-21 09:37 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-17 17:29 - 2014-11-21 09:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-17 17:29 - 2014-11-21 09:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-17 17:29 - 2014-11-21 08:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-17 17:29 - 2014-11-21 08:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-17 17:29 - 2014-11-21 08:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-17 17:29 - 2014-11-21 08:17 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-17 17:29 - 2014-11-21 08:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-17 17:29 - 2014-11-21 08:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-17 17:29 - 2014-11-21 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-17 17:29 - 2014-11-21 08:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-17 17:29 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-17 17:29 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-17 17:29 - 2014-11-21 07:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-17 17:29 - 2014-11-21 07:24 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-17 17:25 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-17 17:25 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-17 17:25 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-17 17:25 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-17 17:25 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-17 17:25 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-17 17:24 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-17 17:24 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-17 17:23 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-17 17:23 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-17 17:23 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-17 17:23 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-17 17:23 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-17 17:23 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-17 17:23 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-17 17:23 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-17 17:23 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-17 17:23 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-17 17:22 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-17 17:22 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-17 17:22 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-17 17:22 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-17 17:22 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-17 17:22 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-17 17:22 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-17 17:22 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-17 17:22 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-17 17:22 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-17 17:22 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-17 17:22 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-17 17:21 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-17 17:21 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-17 17:21 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-17 17:21 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-17 17:20 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-17 17:20 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-17 17:20 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-17 17:20 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-17 17:20 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-17 17:20 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-17 17:19 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-17 17:19 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-17 17:19 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-17 17:19 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-17 17:19 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-17 17:19 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-17 17:19 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-17 17:19 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-17 17:19 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-17 17:19 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-17 17:19 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-17 17:19 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-17 17:02 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-17 17:02 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-17 17:02 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-17 17:02 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-17 16:52 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-17 16:52 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-17 16:52 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-17 16:52 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-17 16:52 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-17 16:52 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-17 16:52 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-17 16:46 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-17 16:46 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-17 16:42 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-17 16:42 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-17 16:42 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-17 16:42 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-17 16:42 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-17 16:42 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-17 16:42 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-17 16:42 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-17 16:42 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-17 16:42 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-17 16:41 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-17 16:41 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-17 16:32 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-17 16:32 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-17 16:32 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-17 15:44 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-17 15:44 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-17 15:44 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-17 15:44 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-17 15:44 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-17 15:44 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-17 15:44 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-17 15:44 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-17 15:44 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-17 15:44 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-17 15:41 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-17 15:41 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-17 14:47 - 2015-01-17 14:47 - 00347816 _____ (Microsoft Corporation) C:\Users\****\Downloads\MicrosoftFixit.wu.LB.3934495813917211.3.1.Run.exe
2015-01-17 14:43 - 2015-01-17 14:43 - 00985600 _____ () C:\Users\****\Downloads\MicrosoftFixit50123.msi
2015-01-16 20:46 - 2015-01-17 18:59 - 00000336 _____ () C:\Windows\setupact.log
2015-01-16 20:46 - 2015-01-16 20:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-16 20:45 - 2015-01-17 15:48 - 00004050 _____ () C:\Windows\PFRO.log
2015-01-16 16:53 - 2015-01-16 16:53 - 00000000 ____D () C:\Users\****\AppData\Local\photoOptimizeHistoryDataBase
2015-01-16 16:53 - 2015-01-16 16:53 - 00000000 ____D () C:\Users\****\AppData\Local\Ashampoo Photo Optimizer Medion
2015-01-16 16:27 - 2015-01-16 16:28 - 00000536 ____T () C:\Users\****\Downloads\eicar4.zipFF73B620
2015-01-16 16:19 - 2015-01-16 16:19 - 00000100 _____ () C:\Users\****\Downloads\eicar.com.gz
2015-01-15 15:53 - 2015-01-15 15:54 - 25469656 _____ () C:\Users\****\Downloads\googleearth-win-bundle-7.1.2.2041.1.exe
2015-01-14 17:00 - 2015-01-14 18:27 - 4100497408 _____ () C:\Users\****\Downloads\WindowsTechnicalPreview-x64-EN-US.iso
2015-01-14 16:57 - 2015-01-14 16:57 - 00030472 _____ () C:\Users\****\Downloads\PrepareWin7ForWindowsTechnicalPreview.exe
2015-01-11 18:00 - 2015-01-11 18:00 - 00012609 _____ () C:\Users\****\Documents\Praktikumsarbeit.odt
2015-01-11 15:22 - 2015-01-11 15:22 - 00004691 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2015-01-11 14:38 - 2015-01-11 15:22 - 04505438 _____ () C:\Users\****\Downloads\backgroundFürHtml1.xcf
2015-01-10 16:30 - 2015-01-10 16:30 - 00001541 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-01-10 16:30 - 2015-01-10 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-01-10 16:29 - 2015-01-10 16:30 - 00000000 ____D () C:\Program Files\Wireshark
2015-01-10 14:09 - 2015-01-10 18:21 - 00000000 ____D () C:\Users\****\Documents\NetBeansProjects
2015-01-09 08:51 - 2015-01-09 08:51 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2015-01-09 08:51 - 2015-01-09 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-01-09 08:51 - 2015-01-09 08:51 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-01-06 17:02 - 2015-01-07 15:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-01-05 10:46 - 2015-01-06 16:19 - 00020611 _____ () C:\Users\****\Documents\Quellen - Referat Friedrich Schiller.odt
2014-12-30 23:38 - 2014-12-30 23:38 - 00262860 _____ () C:\Users\****\Documents\cc_20141230_233830.reg
2014-12-29 20:34 - 2014-12-29 20:34 - 00193727 _____ () C:\Users\****\Documents\CyertonSteam2.xcf
2014-12-29 16:38 - 2014-12-29 16:38 - 00000000 ____D () C:\Users\****\AppData\Local\SmartTechnology
2014-12-29 16:34 - 2014-12-29 16:34 - 00000000 ____D () C:\ProgramData\SmartTechnology
2014-12-29 16:34 - 2014-12-29 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2014-12-29 16:33 - 2014-12-29 16:33 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-12-29 12:22 - 2014-12-29 12:23 - 00000000 ____D () C:\Users\****\AppData\Local\WiFi Guard
2014-12-29 12:22 - 2014-12-29 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPerfect WiFi Guard
2014-12-27 18:13 - 2015-01-05 09:48 - 00027497 _____ () C:\Users\****\Documents\Referat Friedrich Schiller - Handout.odt
2014-12-25 17:59 - 2014-12-25 17:59 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 11:06 - 2014-12-22 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-21 16:16 - 2014-12-21 19:43 - 00000000 ____D () C:\ProgramData\Tunngle
2014-12-21 16:16 - 2014-12-21 16:26 - 00000000 ____D () C:\Users\****\AppData\Roaming\Tunngle
2014-12-21 16:16 - 2014-12-21 16:16 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-12-21 16:16 - 2014-12-21 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-12-20 18:34 - 2014-12-20 18:34 - 00000000 ____D () C:\Users\****\AppData\Roaming\.mono
2014-12-20 18:33 - 2014-11-17 17:53 - 00182304 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2014-12-18 20:33 - 2014-12-18 20:33 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 19:52 - 2013-07-11 08:40 - 00000000 ____D () C:\Users\****
2015-01-17 19:47 - 2013-07-09 08:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 19:30 - 2013-07-11 08:43 - 00000000 ____D () C:\Users\****\AppData\Roaming\Skype
2015-01-17 19:29 - 2014-02-20 16:35 - 00000000 ____D () C:\Users\****x\AppData\Local\Battle.net
2015-01-17 19:25 - 2013-07-09 08:09 - 01624225 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 19:21 - 2014-03-23 20:10 - 00007598 _____ () C:\Users\****\AppData\Local\Resmon.ResmonCfg
2015-01-17 19:19 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 19:19 - 2009-07-14 05:45 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 19:07 - 2014-07-31 14:31 - 00000000 ____D () C:\Users\****\AppData\Local\LogMeIn Hamachi
2015-01-17 19:06 - 2008-01-01 08:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 19:04 - 2013-07-09 08:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 19:03 - 2014-10-13 18:24 - 00000000 ___RD () C:\Users\****\iCloudDrive
2015-01-17 19:02 - 2014-11-23 20:31 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-17 19:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 18:52 - 2014-03-23 21:15 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-01-17 18:46 - 2009-07-14 05:45 - 04453968 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-17 18:34 - 2014-01-17 14:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\TS3Client
2015-01-17 17:58 - 2013-07-23 06:11 - 01743874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-17 17:58 - 2011-05-16 15:04 - 00757032 _____ () C:\Windows\system32\perfh007.dat
2015-01-17 17:58 - 2011-05-16 15:04 - 00173668 _____ () C:\Windows\system32\perfc007.dat
2015-01-17 17:58 - 2009-07-14 06:13 - 01743874 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 17:49 - 2013-08-28 18:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 15:12 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-17 15:09 - 2013-07-27 19:55 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-01-17 15:09 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-17 15:06 - 2013-07-11 15:12 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-17 15:02 - 2014-06-05 13:49 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-01-17 15:01 - 2014-01-21 18:22 - 00000000 ____D () C:\Program Files (x86)\Rigs of Rods 0.38
2015-01-17 15:01 - 2013-09-27 20:20 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-17 15:01 - 2011-07-18 22:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-17 15:00 - 2014-09-30 16:20 - 00000000 ____D () C:\ProgramData\Sony Mobile
2015-01-17 15:00 - 2014-09-30 16:20 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2015-01-16 20:46 - 2013-07-09 08:08 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-16 20:27 - 2014-02-19 21:08 - 00000000 ____D () C:\Users\****\.AAAHier ist alles!XXX
2015-01-16 20:26 - 2013-07-14 05:10 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT
2015-01-16 20:22 - 2014-03-18 16:38 - 00000000 ____D () C:\AMD
2015-01-16 20:21 - 2013-11-20 20:53 - 00000000 ____D () C:\Games
2015-01-16 20:19 - 2013-11-01 16:08 - 00000000 ____D () C:\Users\****\AppData\Roaming\Spotify
2015-01-16 20:10 - 2013-08-10 21:08 - 00000000 ____D () C:\Users\Save
2015-01-16 17:29 - 2014-03-27 21:55 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-16 17:20 - 2014-08-05 06:45 - 00000000 ____D () C:\Users\****\AppData\Roaming\HLSW
2015-01-16 17:14 - 2014-02-27 20:40 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2015-01-16 17:06 - 2014-04-11 13:20 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-16 16:57 - 2013-08-09 19:49 - 00000000 ____D () C:\Users\****\AppData\Roaming\DVDVideoSoft
2015-01-16 16:51 - 2013-09-02 18:55 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2015-01-16 16:49 - 2014-07-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-01-16 16:49 - 2014-07-15 17:15 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-16 16:46 - 2013-09-17 15:05 - 00000000 ____D () C:\Program Files (x86)\Cisco
2015-01-15 15:53 - 2013-11-01 16:09 - 00000000 ____D () C:\Users\****\AppData\Local\Spotify
2015-01-14 19:37 - 2014-06-09 16:43 - 00000000 ____D () C:\Users\****\.VirtualBox
2015-01-14 19:31 - 2013-09-10 13:47 - 00000000 ____D () C:\Users\****\VirtualBox VMs
2015-01-14 17:06 - 2011-12-01 22:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:06 - 2008-01-01 08:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:06 - 2008-01-01 08:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 17:28 - 2014-04-09 15:39 - 00000000 ____D () C:\Users\****\.gimp-2.8
2015-01-11 14:39 - 2014-01-13 15:53 - 00000000 ____D () C:\Users\****\AppData\Local\gtk-2.0
2015-01-10 19:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Cursors
2015-01-09 19:27 - 2014-09-30 12:43 - 00000000 ____D () C:\Users\****\Desktop\HTML
2015-01-09 16:18 - 2013-07-11 09:11 - 00000000 ____D () C:\Users\****\AppData\Local\Thunderbird
2015-01-07 15:25 - 2013-08-09 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak
2015-01-05 10:50 - 2014-12-14 11:23 - 00245129 _____ () C:\Users\****\Documents\Friedrich Schiller.odp
2015-01-03 11:30 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-02 20:52 - 2013-11-07 14:55 - 00000000 ____D () C:\Users\****\AppData\Roaming\Craften Terminal
2015-01-02 20:52 - 2013-07-11 08:53 - 00000000 ____D () C:\Users\****\AppData\Roaming\.minecraft
2015-01-02 15:02 - 2014-11-08 17:07 - 00000000 ____D () C:\Users\****\AppData\Roaming\Tropico 3
2014-12-31 13:12 - 2011-07-18 21:31 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 11:03 - 2013-12-08 19:26 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-12-30 23:29 - 2014-02-21 21:04 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2014-12-30 23:18 - 2013-11-08 20:41 - 01848144 _____ () C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-30 23:00 - 2013-09-27 20:23 - 00000000 ____D () C:\Users\****\AppData\Roaming\Samsung
2014-12-30 23:00 - 2013-09-27 20:23 - 00000000 ____D () C:\Users\****\AppData\Local\Samsung
2014-12-30 23:00 - 2013-09-27 20:20 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-30 22:53 - 2013-09-08 20:58 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-12-30 22:51 - 2014-09-27 08:30 - 00000000 ____D () C:\Users\****\AppData\Roaming\SHAPE
2014-12-30 17:37 - 2013-09-08 21:05 - 00000000 ____D () C:\Users\****\Documents\My Games
2014-12-27 21:22 - 2014-04-30 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\South Park - The Stick of Truth
2014-12-27 14:16 - 2014-10-11 07:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-27 14:16 - 2013-07-11 08:39 - 00000000 ____D () C:\ProgramData\Skype
2014-12-23 15:07 - 2013-11-21 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
2014-12-21 16:16 - 2013-10-12 19:17 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-12-21 13:55 - 2014-02-20 16:35 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-12-20 21:32 - 2013-10-17 16:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-20 21:30 - 2013-10-17 16:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-20 21:30 - 2012-07-19 00:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-18 20:09 - 2014-10-22 18:20 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2014-12-18 16:05 - 2014-06-03 14:22 - 00004046 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1377543958

==================== Files in the root of some directories =======
2014-04-08 10:06 - 2014-04-08 10:09 - 0000096 _____ () C:\Users\****\AppData\Roaming\Camdata.ini
2014-04-08 10:06 - 2014-04-08 10:09 - 0000408 _____ () C:\Users\****\AppData\Roaming\CamLayout.ini
2014-04-08 10:06 - 2014-04-08 10:09 - 0000408 _____ () C:\Users\****\AppData\Roaming\CamShapes.ini
2014-04-08 10:06 - 2014-04-08 10:09 - 0004535 _____ () C:\Users\****\AppData\Roaming\CamStudio.cfg
2014-06-04 11:59 - 2014-06-04 11:59 - 0000039 _____ () C:\Users\****\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-02-03 19:49 - 2014-02-03 19:49 - 0046080 ___SH () C:\Users\****\AppData\Roaming\Thumbs.db
2014-04-08 10:05 - 2014-04-08 10:06 - 0000096 _____ () C:\Users\****\AppData\Roaming\version2.xml
2014-04-30 22:13 - 2014-04-30 22:13 - 0000600 _____ () C:\Users\****\AppData\Roaming\winscp.rnd
2014-05-02 15:39 - 2014-05-02 15:39 - 0000918 _____ () C:\Users\****\AppData\Local\86f653d02a8c26c57b0e5a4c45679042
2013-08-06 12:02 - 2014-02-20 13:29 - 0005632 _____ () C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-11 12:40 - 2014-07-11 06:23 - 0331776 _____ () C:\Users\****\AppData\Local\fyrkv.gdb
2014-07-11 12:40 - 2014-07-11 12:43 - 1041598 _____ () C:\Users\****\AppData\Local\fyrkv.gss
2015-01-11 15:22 - 2015-01-11 15:22 - 0004691 _____ () C:\Users\****\AppData\Local\recently-used.xbel
2014-03-23 20:10 - 2015-01-17 19:21 - 0007598 _____ () C:\Users\****\AppData\Local\Resmon.ResmonCfg
2014-12-15 18:11 - 2014-12-15 18:11 - 0000000 _____ () C:\Users\****\AppData\Local\{8F7E3E8E-C53B-4E23-9F4F-EBF3AF333C4F}
2014-11-08 14:44 - 2014-11-08 14:44 - 0000000 _____ () C:\Users\****\AppData\Local\{E9697009-07DA-4241-B524-71B72893FB0C}
2014-10-30 19:10 - 2014-10-30 19:10 - 0000000 _____ () C:\Users\****\AppData\Local\{F9A9A0C5-EF1B-4A9A-89E8-6EF221C56792}
2014-10-16 14:27 - 2014-10-16 14:27 - 0000000 _____ () C:\Users\****\AppData\Local\{FB0020FA-3418-4DA2-865C-4A8B252DBE4F}
2013-11-29 17:39 - 2014-01-24 07:54 - 0000085 ___SH () C:\ProgramData\.zreglib
2013-07-14 05:10 - 2013-07-14 05:10 - 0000268 ___RH () C:\ProgramData\Application
2013-07-14 05:10 - 2013-07-14 05:10 - 0000268 ___RH () C:\ProgramData\Application Support
2013-07-14 05:10 - 2013-07-14 05:10 - 0000268 ___RH () C:\ProgramData\Applications
2013-07-14 05:10 - 2013-07-14 05:10 - 0000012 ___RH () C:\ProgramData\Bass
2013-07-14 05:10 - 2013-07-14 05:10 - 0000012 ___RH () C:\ProgramData\Bass Reduction
2013-07-14 05:10 - 2013-07-14 05:10 - 0000012 ___RH () C:\ProgramData\Booms
2014-07-15 17:44 - 2010-06-29 14:04 - 0001772 _____ () C:\ProgramData\cfSB1095.ini
2014-07-15 17:44 - 2013-04-03 11:50 - 0001772 _____ () C:\ProgramData\cfSB1095A.ini
2013-11-09 13:07 - 2013-09-24 11:53 - 4899544 _____ (COMODO) C:\ProgramData\cisA269.exe
2013-07-14 05:24 - 2013-07-14 05:24 - 0000000 _____ () C:\ProgramData\laserjet
2013-07-14 05:18 - 2013-07-14 05:24 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2013-07-14 05:10 - 2013-07-14 05:10 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-07-14 05:10 - 2015-01-16 20:26 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-07-14 05:10 - 2014-09-13 10:15 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Files to move or delete:
====================
C:\ProgramData\cisA269.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\7z920.exe
C:\Users\User\AppData\Local\Temp\appshat-distribution.exe
C:\Users\User\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\User\AppData\Local\Temp\BackupSetup.exe
C:\Users\User\AppData\Local\Temp\bitool.dll
C:\Users\User\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\User\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\User\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\User\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe
C:\Users\User\AppData\Local\Temp\nsi3160.exe
C:\Users\User\AppData\Local\Temp\nsmE4E6.exe
C:\Users\User\AppData\Local\Temp\nss8912.exe
C:\Users\User\AppData\Local\Temp\nss8BD1.exe
C:\Users\User\AppData\Local\Temp\nsx347C.exe
C:\Users\User\AppData\Local\Temp\OnlineWeatherSetup.exe
C:\Users\User\AppData\Local\Temp\radBD7D6.tmp_update.exe
C:\Users\User\AppData\Local\Temp\removeKCL.EXE
C:\Users\User\AppData\Local\Temp\removeKTID.EXE
C:\Users\User\AppData\Local\Temp\remTIDShortcut.EXE
C:\Users\User\AppData\Local\Temp\RestorePreviousVersion.EXE
C:\Users\User\AppData\Local\Temp\setup_80.exe
C:\Users\User\AppData\Local\Temp\SIntf16.dll
C:\Users\User\AppData\Local\Temp\SIntf32.dll
C:\Users\User\AppData\Local\Temp\SIntfNT.dll
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\User\AppData\Local\Temp\writeLogFile.EXE
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 19:37

==================== End Of Log ============================
         
--- --- ---


Gmer.txt:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-17 21:05:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000081 ST1000DM rev.CC4G 931,51GB
Running: dzvvypku.exe; Driver: C:\Users\****\AppData\Local\Temp\fwldqpob.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2452] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                          0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2452] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                         00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                      0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                     00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[1612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[1504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35                                                  00000000694011a8 2 bytes [40, 69]
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21                                            00000000694013a8 2 bytes [40, 69]
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21                                                0000000069401422 2 bytes [40, 69]
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19                                         0000000069401498 2 bytes [40, 69]
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195                              00000000691d1b41 2 bytes [1D, 69]
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362                              00000000691d1be8 2 bytes [1D, 69]
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418                              00000000691d1c20 2 bytes [1D, 69]
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596                              00000000691d1cd2 2 bytes [1D, 69]
.text   C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe[5008] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628                              00000000691d1cf2 2 bytes [1D, 69]
.text   C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[5028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[5028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                 0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                         0000000075641465 2 bytes [64, 75]
.text   C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe[3332] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075641465 2 bytes [64, 75]
.text   C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000756414bb 2 bytes [64, 75]
.text   ...                                                                                                                                                         * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5232:5340]                                                                                      00000000768c7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5232:5836]                                                                                      00000000686d7712
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5232:6056]                                                                                      0000000077182e65
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5232:6384]                                                                                      0000000077183e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5232:7584]                                                                                      0000000077183e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5232:3820]                                                                                      0000000077183e85
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5628:5152]                                                                                              000007fefa152bf8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5628:3428]                                                                                              000007feea904830
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5628:268]                                                                                               000007feea904830
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5628:3208]                                                                                              000007fef6c25124
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5628:4596]                                                                                              000007feea889d90
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5628:3596]                                                                                              000007feea904830

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export                                                                                          ?????????????g???????|???????e??MED8603802000001_08_07D8_21?????? ???S??????????d?????>?????????????????d????????????????????????y????????????`??????????????????4???????????????????????????s??t???????????USB\VID_0D8C&PID_013C\5&7c38733&0&5??????????????????????????j???????????&???????i???????????????????S???????-???????????????C???e??? D??????t?????Set???????????????????????i??????????????????USB\VID_07D1&PID_3C0F\1.0???????????????????????????????????????????????????????????????????????usb.inf??????????????????????????&???????i???????????????????S??????????????????????????????????????????????????????????????????CloseGenericCounters?????????-??????????? ??????????????????oem21.inf:VBox.NTamd64:VBoxNetFltMP.ndi:4.3.10.0:sun_vboxnetfltmp?????????????????????????????\?????????????VirtualBox Bridged Networking Driver Miniport????????????1??be??????????????????????1.????????????????????"?????????????VBoxNetFltMP.ndi????????.n????????????????????"??????t??????sun_vboxnetfltmp????????lt???????????1???7????&????????
Reg     HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export                                                                                     ????????.NT?????????????????????????????????????????????p?????????????"?????????????????????????e????????????????e??usb.inf:Generic.Section.NTamd64:BADDEVICE.Dev:6.1.7601.18328:usb\unknown?g???????????????????????????s??????? ?????????????????????0?????????????????????????????9???????????????????8??????????????????6.1.7601.18328?:?9???????????????A???????????t??????Unknown Device???????????????????????????????f??e???usb.inf??????????????????????????????5??0???BADDEVICE.Dev????????????f???????????????????z??????????????????????????????????usb\unknown??g???????????e???????????????????????????????????????????????????????????????i??????Microsoft???@oem37.inf,%devicedesc%;TI-Nspire(TM) Handheld Device???USB\VID_0451&PID_E012&REV_0105?USB\VID_0451&PID_E012????USB\Class_ff&SubClass_02&Prot_00?USB\Class_ff&SubClass_02?USB\Class_ff???Z????N??????0?????D1??????????????????s?p????z??????g?g?u???????????????f??????{689eed7b-0754-11e3-87bf-8c89a5e396a7}???y????????????????????????????N??????o???????????????????.???????? 
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export                                                                                              ???e?????`??????????????????????????????t???????????vga?framebuf?vga256?vga64k???????p?p?l??ATI ES1000?sc%??tdtcp???????????????????????e?????????????X??????j???u????6???????????????4??`????????h??????????????n???????????????????????????????????o?????????n?????????????????????????%???`???`???????????????????????????????s??bi???????????????????-???????????`????8??`???7???????????s????$??`????????h??????`??????????????????????????? >??c???-?????11D???W??? ???????????????????????????f???????f???`???`??@cpu.inf,%amd%;Advanced Micro Devices????`???`???????????`???????????????????????????????h??????????????? ??? ???????????????????????Z???/???e??? V??????B??????????????0?????????????8??????????????????s???????????0???e??? ???????n??????ey??? ???????????????7????`??????????????????????????????3????`??????2???????????????????3???3??? ???????a?????`?????????? ?????????&????????????????????0???????????????????????????n?q????? ???????`???????????`???? ???B?<?????????????<??`??????????????????Standard VGA Graphics Adapt
Reg     HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export                                                                                         ???e????????????????t????????T??????????? ???T??????????????????????????t???????????????????????????????Net????????? ????????????????????_??????????USB??z???T???????????????????f??????p????????f????&??n???????????e????????????????????????????????P??e????????h???????$??e??????p???disk.inf??????d??T?????????e????@%SystemRoot%\servicing\TrustedInstaller.exe,-100???localSystem??????????????????????????????????m?m?m???T???????????????f?m????????????EF???????????????????????????g?}?}?}?f??6&2f97efb0&0?????_?_?f???????_????????????????X??????7???t??NTDS?,???????????????????????????????6???????????????????????????????????????????5?g?7??????????????t2????P??T??????????%systemroot%\system32\wbem\wmiaprpl.dll??????? ??\???????<???????x???????????????????????????z???????????g???f???????e????H??T???m?????????ora??H???????????????????????????????????????HID_Inst?0??LegacyDriver?k???U???????????????????????????????????????????-??00???????????????????????????????5???????????????????????U???5???????????????U?U?U?????????????

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
         
Habe meinen Vor-und Nachnamen durch 4* ersetzt.

Cyerton
__________________

Alt 18.01.2015, 15:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1 - Standard

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.01.2015, 15:55   #5
Cyerton
 
Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1 - Standard

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1



Hey,
habe Combofix ausgeführt, bekomme aber keine Log Datei.
Ich bekomme nur eine Datei namens '32788R22FWJFW'

Cyerton


Alt 18.01.2015, 17:30   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1 - Standard

Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1

Antwort

Themen zu Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1
auslastung, bli, cpu, cpu auslastung, cpu auslastung 100%, datei, entfernen, externe festplatte, fehler, festplatte, lag, langer bootvorgang, maus, microsoft, probelm, programme, prozess, recovery, ruckel, security, sekunden, software, startprozess, system, systemstart, teamspeak, usb, virus, windows, windows 7 64 bit home



Ähnliche Themen: Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1


  1. Windows 8.1 Systemstart dauert Stunden, Programme und Inet friert ein
    Log-Analyse und Auswertung - 13.09.2015 (5)
  2. wausvcs erzeugt konstante 50% CPU Auslastung.
    Log-Analyse und Auswertung - 24.08.2015 (30)
  3. Öffnen mancher Programme dauert 2-3 Minuten
    Log-Analyse und Auswertung - 30.07.2015 (16)
  4. Boot dauert 2 minuten ! das behben.
    Alles rund um Windows - 02.03.2015 (7)
  5. Hochfahren dauert bis zu 10 Minuten
    Log-Analyse und Auswertung - 28.12.2014 (13)
  6. Windows 8.1 Anmeldung dauert bis zu drei Minuten
    Alles rund um Windows - 01.08.2014 (2)
  7. Windows Systemstart dauert über 2 Minuten (Windows XP)
    Alles rund um Windows - 08.08.2012 (6)
  8. Konstante Auslastung 100% Pc Fährt von allein runter Accounts wurden gehackt, habe ich viren?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2011 (4)
  9. konstante CPU-Auslastung 100%, Logfiles allesamt erfolglos
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (2)
  10. SystemStart dauert Ewig (System verseucht?)
    Log-Analyse und Auswertung - 28.09.2009 (1)
  11. Hochstarten dauert 10 minuten und länger
    Alles rund um Windows - 19.01.2009 (6)
  12. winlogon.exe konstante 50% CPU-Auslastung
    Log-Analyse und Auswertung - 19.11.2008 (0)
  13. winlogon.exe konstante 50% CPU-Auslastung
    Mülltonne - 18.11.2008 (1)
  14. Windows XP Bootvorgang dauert Minuten
    Log-Analyse und Auswertung - 02.06.2008 (2)
  15. Systemstart dauert etwas länger
    Log-Analyse und Auswertung - 26.04.2008 (3)
  16. Hochfahren dauert ca 3 Minuten
    Log-Analyse und Auswertung - 18.04.2007 (5)
  17. Wie lange dauert eine Neuinstallation von Windows XP
    Alles rund um Windows - 05.01.2005 (4)

Zum Thema Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1 - Hallo, nachdem ich mal alle meine USB Geräte schön angeordnet habe und meinen PC wieder angeschaltet habe, dauerte der Startvorgang ewig. Ich hatte für 4 Minuten nur einen weiß blinkenden - Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1...
Archiv
Du betrachtest: Systemstart dauert ca. 7 Minuten, zudem kommt eine konstante CPU Auslastung von 98-100% - Windows 7 SP1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.