Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Kurz durchchecken erbeten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.07.2015, 09:42   #1
rk1757
 
Kurz durchchecken erbeten - Standard

Kurz durchchecken erbeten



Hallo,
ich habe vor ca. 3 Monaten mein W7 Ultimate neu aufgesetzt und komme seitdem nicht auf die Geschwindigkeit von früher.
Habe vieles untersucht, aber die Ursache nicht gefunden.
Daher habe ich Loki vor ca. 13h Stunden gestartet und es läuft und ...
(war auf meinem 2. PC viiiel schneller)
Bisherige Ergebnisse von Loki habe ich beigefügt:
Code:
ATTFilter
Jul 21 22:00:51 R-PC-SAM LOKI: LOKI - Starting Loki Scan on R-PC-SAM
Jul 21 22:00:51 R-PC-SAM LOKI: Current user has admin rights - very good
Jul 21 22:00:51 R-PC-SAM LOKI: Setting LOKI process with PID: 5076 to priority IDLE
Jul 21 22:00:51 R-PC-SAM LOKI: File Name Characteristics initialized with 252 regex patterns
Jul 21 22:00:52 R-PC-SAM LOKI: Malware Hashes initialized with 5408 hashes
Jul 21 22:00:52 R-PC-SAM LOKI: False Positive Hashes initialized with 19 hashes
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_alienspy_rat.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_anthem_deeppanda.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_apt17_malware.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_apt28.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_apt30_backspace.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_backdoor_ssh_python.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_backspace.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_blackenergy_2.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_blackenergy_installer.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_casper.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_coreimpact_agent.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_fidelis_phishing_plain_sight.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_hackingteam_rules.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_hellsing_kaspersky.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_kaspersky_duqu2.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_laudanum_webshells.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_miniasp.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_minidionis.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_naikon.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_op_cleaver.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_passthehashtoolkit.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_poisonivy.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_poisonivy_gen3.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_putterpanda.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_scanbox_deeppanda.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_seaduke_unit42.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_shamoon.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_skeletonkey.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_snowglobe_babar.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_sofacy_xtunnel_bundestag.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_volatile_cedar.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_waterbug.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_webshell_chinachopper.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_wildneutron.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from apt_woolengoldfish.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_antifw_installrex.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_bernhard_pos.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_buzus_softpulse.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_cmstar.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_cryptowall_svg.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_dexter_trojan.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_dridex_xml.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_enfal.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_kins_dropper.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_kraken_bot1.yar
Jul 21 22:00:52 R-PC-SAM LOKI: Initialized Yara rules from crime_malumpos.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from crime_malware_generic.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from crime_mikey_trojan.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from crime_rombertik_carbongrabber.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from exploit_cve_2015_1674.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from exploit_cve_2015_1701.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from exploit_uac_elevators.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from general_cloaking.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from general_officemacros.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from generic_anomalies.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from generic_cryptors.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from generic_lsass_dump.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from pup_lightftp.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from spy_equation_fiveeyes.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from spy_querty_fiveeyes.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from spy_regin_fiveeyes.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from thor-hacktools.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from thor-webshells.yar
Jul 21 22:00:53 R-PC-SAM LOKI: Initialized Yara rules from thor_inverse_matches.yar
Jul 21 22:00:54 R-PC-SAM LOKI: Initialized Yara rules from threat_lenovo_superfish.yar
Jul 21 22:00:57 R-PC-SAM LOKI: Skipping Process - PID: 0 NAME: System Idle Process CMD: N/A
Jul 21 22:00:57 R-PC-SAM LOKI: Skipping Process - PID: 4 NAME: System CMD: N/A
Jul 21 22:00:57 R-PC-SAM LOKI: Scanning Process - PID: 408 NAME: smss.exe CMD: \SystemRoot\System32\smss.exe
Jul 21 22:00:59 R-PC-SAM LOKI: Scanning Process - PID: 560 NAME: csrss.exe CMD: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Jul 21 22:01:10 R-PC-SAM LOKI: Scanning Process - PID: 644 NAME: wininit.exe CMD: wininit.exe
Jul 21 22:01:21 R-PC-SAM LOKI: Scanning Process - PID: 660 NAME: csrss.exe CMD: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Jul 21 22:03:20 R-PC-SAM LOKI: Scanning Process - PID: 692 NAME: services.exe CMD: C:\Windows\system32\services.exe
Jul 21 22:03:33 R-PC-SAM LOKI: Scanning Process - PID: 716 NAME: lsass.exe CMD: C:\Windows\system32\lsass.exe
Jul 21 22:03:45 R-PC-SAM LOKI: Scanning Process - PID: 724 NAME: lsm.exe CMD: C:\Windows\system32\lsm.exe
Jul 21 22:03:53 R-PC-SAM LOKI: Scanning Process - PID: 848 NAME: winlogon.exe CMD: winlogon.exe
Jul 21 22:04:04 R-PC-SAM LOKI: Scanning Process - PID: 876 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k DcomLaunch
Jul 21 22:04:29 R-PC-SAM LOKI: Scanning Process - PID: 932 NAME: hmpalert.exe CMD: "C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe" /service
Jul 21 22:05:00 R-PC-SAM LOKI: Scanning Process - PID: 112 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k RPCSS
Jul 21 22:05:15 R-PC-SAM LOKI: Scanning Process - PID: 464 NAME: MsMpEng.exe CMD: "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
Jul 21 22:05:16 R-PC-SAM LOKI: Scanning Process - PID: 1044 NAME: atiesrxx.exe CMD: C:\Windows\system32\atiesrxx.exe
Jul 21 22:05:23 R-PC-SAM LOKI: Scanning Process - PID: 1084 NAME: svchost.exe CMD: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1116 NAME: svchost.exe CMD: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1144 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k LocalService
Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1176 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k netsvcs
Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1248 NAME: audiodg.exe CMD: N/A
Jul 21 22:05:24 R-PC-SAM LOKI: Error while process memory Yara check (maybe the process doesn't exist anymore or access denied). PID: 1248 NAME: audiodg.exe
Jul 21 22:05:24 R-PC-SAM LOKI: Scanning Process - PID: 1280 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k GPSvcGroup
Jul 21 22:05:34 R-PC-SAM LOKI: Scanning Process - PID: 1376 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k NetworkService
Jul 21 22:05:34 R-PC-SAM LOKI: Scanning Process - PID: 1420 NAME: atieclxx.exe CMD: atieclxx
Jul 21 22:05:45 R-PC-SAM LOKI: Scanning Process - PID: 1684 NAME: dwm.exe CMD: "C:\Windows\system32\Dwm.exe"
Jul 21 22:05:46 R-PC-SAM LOKI: Scanning Process - PID: 1708 NAME: explorer.exe CMD: C:\Windows\Explorer.EXE
Jul 21 22:05:46 R-PC-SAM LOKI: Scanning Process - PID: 1804 NAME: spoolsv.exe CMD: C:\Windows\System32\spoolsv.exe
Jul 21 22:05:46 R-PC-SAM LOKI: Scanning Process - PID: 1832 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Jul 21 22:06:08 R-PC-SAM LOKI: Scanning Process - PID: 1924 NAME: SASCore64.exe CMD: "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
Jul 21 22:06:13 R-PC-SAM LOKI: Scanning Process - PID: 1948 NAME: armsvc.exe CMD: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Jul 21 22:06:34 R-PC-SAM LOKI: Scanning Process - PID: 1968 NAME: taskhost.exe CMD: "taskhost.exe"
Jul 21 22:06:34 R-PC-SAM LOKI: Scanning Process - PID: 1476 NAME: CSUService.exe CMD: "C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe"
Jul 21 22:06:39 R-PC-SAM LOKI: Scanning Process - PID: 1656 NAME: taskeng.exe CMD: taskeng.exe {9D5894CD-8FC4-425A-9D04-4FCE6D36F543}
Jul 21 22:06:50 R-PC-SAM LOKI: Scanning Process - PID: 1224 NAME: taskeng.exe CMD: taskeng.exe {7BC0A81E-A565-4448-A827-10ED99D11BFA}
Jul 21 22:06:50 R-PC-SAM LOKI: Scanning Process - PID: 2092 NAME: dmhkcore.exe CMD: "C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe" 
Jul 21 22:06:50 R-PC-SAM LOKI: Scanning Process - PID: 2136 NAME: EasySpeedUpManager.exe CMD: "C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe" 
Jul 21 22:07:24 R-PC-SAM LOKI: Scanning Process - PID: 2172 NAME: svchost.exe CMD: C:\Windows\System32\svchost.exe -k utcsvc
Jul 21 22:07:59 R-PC-SAM LOKI: Scanning Process - PID: 2208 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
Jul 21 22:08:17 R-PC-SAM LOKI: Scanning Process - PID: 2220 NAME: CSU_CLI.exe CMD: CSU_CLI.exe /service "Privat"
Jul 21 22:08:27 R-PC-SAM LOKI: Scanning Process - PID: 2268 NAME: conhost.exe CMD: \??\C:\Windows\system32\conhost.exe "20735904221079000574-98850395915018174171254029655-1733218429-97365389-726453048
Jul 21 22:08:41 R-PC-SAM LOKI: Scanning Process - PID: 2296 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k imgsvc
Jul 21 22:08:51 R-PC-SAM LOKI: Scanning Process - PID: 2492 NAME: SWMAgent.exe CMD: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe" /SERVICE
Jul 21 22:09:35 R-PC-SAM LOKI: Scanning Process - PID: 3028 NAME: NisSrv.exe CMD: "c:\Program Files\Microsoft Security Client\NisSrv.exe"
Jul 21 22:09:35 R-PC-SAM LOKI: Scanning Process - PID: 3060 NAME: WmiPrvSE.exe CMD: C:\Windows\system32\wbem\wmiprvse.exe
Jul 21 22:09:53 R-PC-SAM LOKI: Scanning Process - PID: 3092 NAME: svchost.exe CMD: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
Jul 21 22:10:04 R-PC-SAM LOKI: Scanning Process - PID: 3100 NAME: WUDFHost.exe CMD: "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-09ff0b5c-47c4-4fae-a6d7-106f81dd8ba3 -SystemEventPortName:HostProcess-f72df7d3-2d02-4586-9703-d316bcb359af -IoCancelEventPortName:HostProcess-b5a71f87-6c1c-4df0-b193-f1f14b09f5e3 -NonStateChangingEventPortName:HostProcess-1700c18a-8b25-4769-a88b-0d3973b537bf -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2ccec8ac-a90d-4df2-b2b0-6f5239905d39 -DeviceGroupId:
Jul 21 22:10:16 R-PC-SAM LOKI: Scanning Process - PID: 3360 NAME: msseces.exe CMD: "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Jul 21 22:10:16 R-PC-SAM LOKI: Scanning Process - PID: 3420 NAME: SynTPEnh.exe CMD: "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
Jul 21 22:10:32 R-PC-SAM LOKI: Scanning Process - PID: 3456 NAME: sidebar.exe CMD: "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
Jul 21 22:10:32 R-PC-SAM LOKI: Scanning Process - PID: 3724 NAME: jusched.exe CMD: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
Jul 21 22:11:05 R-PC-SAM LOKI: Scanning Process - PID: 3768 NAME: GWX.exe CMD: "C:\Windows\system32\GWX\GWX.exe" 
Jul 21 22:11:19 R-PC-SAM LOKI: Scanning Process - PID: 3920 NAME: SynTPHelper.exe CMD: "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" 
Jul 21 22:11:25 R-PC-SAM LOKI: Scanning Process - PID: 3952 NAME: sppsvc.exe CMD: C:\Windows\system32\sppsvc.exe
Jul 21 22:11:25 R-PC-SAM LOKI: Scanning Process - PID: 384 NAME: SearchIndexer.exe CMD: C:\Windows\system32\SearchIndexer.exe /Embedding
Jul 21 22:11:25 R-PC-SAM LOKI: Scanning Process - PID: 3276 NAME: wmpnetwk.exe CMD: "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Jul 21 22:11:25 R-PC-SAM LOKI: Scanning Process - PID: 4108 NAME: OSPPSVC.EXE CMD: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 4752 NAME: WmiPrvSE.exe CMD: C:\Windows\system32\wbem\wmiprvse.exe
Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 4984 NAME: SearchProtocolHost.exe CMD: "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 5036 NAME: SearchFilterHost.exe CMD: "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 
Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 5064 NAME: svchost.exe CMD: C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Jul 21 22:11:39 R-PC-SAM LOKI: Scanning Process - PID: 4916 NAME: dllhost.exe CMD: C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
Jul 21 22:11:49 R-PC-SAM LOKI: Scanning Process - PID: 4280 NAME: dllhost.exe CMD: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Jul 21 22:11:50 R-PC-SAM LOKI: Scanning Process - PID: 4660 NAME: dllhost.exe CMD: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Jul 21 22:11:50 R-PC-SAM LOKI: Scanning Process - PID: 4684 NAME: loki.exe CMD: "C:\Users\Privat\Downloads\Loki-master\loki.exe" 
Jul 21 22:11:57 R-PC-SAM LOKI: Scanning Process - PID: 4692 NAME: conhost.exe CMD: \??\C:\Windows\system32\conhost.exe "822610080-1686439532-1325782899755985077184518994520709333302144374254-226365112
Jul 21 22:12:23 R-PC-SAM LOKI: Skipping LOKI Process - PID: 5076 NAME: loki.exe CMD: "C:\Users\Privat\Downloads\Loki-master\loki.exe" 
Jul 21 22:12:23 R-PC-SAM LOKI: Scanning Process - PID: 5088 NAME: dllhost.exe CMD: C:\Windows\SysWOW64\DllHost.exe /Processid:{1EF75F33-893B-4E8F-9655-C3D602BA4897}
Jul 21 22:12:23 R-PC-SAM LOKI: Scanning Process - PID: 4720 NAME: WmiPrvSE.exe CMD: C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
Jul 21 22:12:42 R-PC-SAM LOKI: Scanning C:\ ...  
Jul 22 00:10:29 R-PC-SAM LOKI: Yara Rule MATCH: winlogon_ANOMALY DESCRIPTION: Anomaly rule looking for certain strings in a system file (maybe false positive on certain systems) - file winlogon.exe FILE: C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\winlogon.exe MD5: 0692c8163852ab5674e2eb3b36131ef3 SHA1: fbb31614657ea6eb677f8a6fbbe483a648873d37 SHA256: 69632a1fbe055c0fc339e87468acec70091ef47e9050d6bf921d2b6be7c510be MATCHES: 
Jul 22 02:24:24 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_explorer.exe_d4317d41fe572551419a6cb857b4fc9cd93b5313_cab_0fe1057d\WER2A3.tmp.mdmp
Jul 22 02:24:45 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_explorer.exe_d4317d41fe572551419a6cb857b4fc9cd93b5313_cab_0fe1057d\WERE488.tmp.hdmp
Jul 22 02:25:35 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_firefox.exe_dd67a38bcc6a7e54f3131e972d525b6b67ed061_cab_1490344a\WER1CE8.tmp.mdmp
Jul 22 02:26:08 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppHang_firefox.exe_dd67a38bcc6a7e54f3131e972d525b6b67ed061_cab_1490344a\WERED8E.tmp.hdmp
Jul 22 02:36:10 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\1d9c2c02-a3d9-4436-8ef4-039c716dea21.dmp
Jul 22 02:36:10 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\5e736551-77ed-43c0-9f4d-249b9805e27f.dmp
Jul 22 02:36:11 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\611275f7-8079-4127-b079-e11b1df1b4b0-browser.dmp
Jul 22 02:36:11 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\611275f7-8079-4127-b079-e11b1df1b4b0-flash1.dmp
Jul 22 02:36:11 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\611275f7-8079-4127-b079-e11b1df1b4b0-flash2.dmp
Jul 22 02:36:11 R-PC-SAM LOKI: Scanning memory dump file C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\611275f7-8079-4127-b079-e11b1df1b4b0.dmp
Jul 22 02:37:16 R-PC-SAM LOKI: Yara Rule MATCH: HackTool_Samples DESCRIPTION: Hacktool FILE: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\extensions\https-everywhere@eff.org\defaults\rulesets.sqlite MD5: 241d7ebf4f8137a64739154546096bd1 SHA1: 25adbff4ac7e1d4b46402516074008ab21b507dc SHA256: a467aeac91b44e995207e55c208e975162babb7118fc6f17b1d153a0fb031bb1 MATCHES: Str1: objectif-securite
Jul 22 06:15:22 R-PC-SAM LOKI: Yara Rule MATCH: Regin_Related_Malware DESCRIPTION: Malware Sample - maybe Regin related FILE: C:\Users\Privat\Downloads\ReginScanner-master\regin_rules.yar MD5: 763a69f4de3827f117b63dbb2f609632 SHA1: 7590618cd786c7f9311dc412304391133409d0f0 SHA256: b0836411555f066cfbfa2b294e4f9f725233c38ec55e029a7f01b2cc9ef69d97 MATCHES: Str1: %x:%x:%x:%x:%x:%x:%x:%x%c Str2: disp.dll Str3: %d.%d.%d.%d%c
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Privat (ATTENTION: The logged in user is not administrator) on R-PC-SAM on 22-07-2015 10:27:53
Running from C:\Users\Privat\Downloads\FRST
Loaded Profiles: R & Privat (Available Profiles: R & Coach & Privat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> hmpalert.exe
Failed to access process -> svchost.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atieclxx.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> SASCore64.exe
Failed to access process -> armsvc.exe
Failed to access process -> CSUService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> CSU_CLI.exe
Failed to access process -> conhost.exe
Failed to access process -> svchost.exe
Failed to access process -> SWMAgent.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> OSPPSVC.EXE
Failed to access process -> svchost.exe
Failed to access process -> dllhost.exe
() C:\Users\Privat\Downloads\Loki-master\loki.exe
() C:\Users\Privat\Downloads\Loki-master\loki.exe
Failed to access process -> NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-03] (Microsoft Corporation)
Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://zeus.daa.de/
URLSearchHook: [S-1-5-21-1269753938-3578349479-3780603664-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{577C61D7-1B72-41BF-A1D7-2A177E50DDC8}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{97B1E5B2-DDE4-4846-98AF-3ED3951786B1}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default
FF NewTab: www.google.de
FF Homepage: hxxp://www.google.de|www.yahoo.de|hxxp://science.orf.at/|hxxp://www.ard-text.de/|hxxp://www.checkliste.de/selbstmanagement/bewerbung-und-job/|hxxp://zattoo.com/watch/ard|hxxp://www.karriereakademie.de/karriereblog/40-eigene-fragen-im-vorstellungsgespraech|https://mail.daa.de/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: FoxyProxy Standard - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\foxyproxy@eric.h.jung [2015-06-02]
FF Extension: HTTPS-Everywhere - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\https-everywhere@eff.org [2015-07-19]
FF Extension: WEB.DE MailCheck - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\mailcheck@web.de [2015-06-18]
FF Extension: Bitdefender QuickScan - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-06-02]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2015-06-10]
FF Extension: Locale Switcher - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2015-06-10]
FF Extension: Google Analytics Opt-out Browser Add-on - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2015-07-18]
FF Extension: Adblock Plus - C:\Users\Privat\AppData\Roaming\Mozilla\Firefox\Profiles\vqfzgpx7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-03]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-06-02] (SurfRight B.V.)
S3 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2480640 2014-05-27] () [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S3 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-03] (Disc Soft Ltd)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-05-09] (Acronis International GmbH)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-06-02] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2015-05-05] (Paragon Software Group)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2015-05-23] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-05-09] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-05-09] (Acronis International GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2015-05-05] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2015-05-05] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701320 2015-05-05] ()
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2015-05-16] (Vimicro Corporation)
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S4 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S4 tsusbhub; system32\drivers\tsusbhub.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 13:53 - 2015-07-21 22:00 - 00000000 ____D C:\Users\Privat\Downloads\Loki-master
2015-07-21 09:28 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 09:28 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:28 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 09:28 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 09:28 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 09:28 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 09:28 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 09:28 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 09:28 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 09:28 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 14:49 - 2015-07-20 14:50 - 00000000 ____D C:\Users\Privat\Downloads\ReginScanner-master
2015-07-18 23:08 - 2015-07-21 21:58 - 00000336 _____ C:\Windows\setupact.log
2015-07-18 23:08 - 2015-07-18 23:08 - 00000000 _____ C:\Windows\setuperr.log
2015-07-18 10:01 - 2015-07-18 10:02 - 00000000 ____D C:\Users\R\AppData\Roaming\vlc
2015-07-18 09:46 - 2015-07-18 09:46 - 00001001 _____ C:\Users\Public\Desktop\COMODO System Utilities.lnk
2015-07-18 09:46 - 2015-07-18 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-07-18 09:45 - 2015-07-18 09:45 - 00000000 ____D C:\Program Files\COMODO
2015-07-17 18:02 - 2015-07-19 10:01 - 00000000 ____D C:\Users\Privat\MediathekView
2015-07-17 17:57 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Sun
2015-07-17 17:57 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-17 17:57 - 2015-07-17 17:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-17 17:56 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Oracle
2015-07-17 17:56 - 2015-07-17 17:56 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-17 17:55 - 2015-07-17 17:55 - 00562784 _____ (Oracle Corporation) C:\Users\Privat\Downloads\jxpiinstall(1).exe
2015-07-17 17:35 - 2015-07-17 17:37 - 64954368 _____ C:\Users\Privat\Downloads\calibre-2.32.0.msi
2015-07-17 16:53 - 2015-07-17 14:53 - 00000052 _____ C:\Users\Privat\Documents\KlimaLoggPro.log
2015-07-17 14:53 - 2015-07-12 17:22 - 00000052 _____ C:\Users\Privat\Documents\2015_07_17-KlimaLoggPro.log
2015-07-17 13:02 - 2015-07-17 13:02 - 00000000 ____D C:\Users\Privat\Downloads\Stiftung Warentest
2015-07-17 12:23 - 2015-07-17 12:23 - 00028396 _____ C:\Users\Privat\AppData\Local\recently-used.xbel
2015-07-15 19:49 - 2015-07-15 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-15 19:48 - 2015-07-15 19:48 - 22437104 _____ (SUPERAntiSpyware) C:\Users\R\Downloads\SUPERAntiSpyware(1).exe
2015-07-15 10:36 - 2015-07-15 10:36 - 00000000 ____D C:\Users\Privat\AppData\Local\CEF
2015-07-14 19:24 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 19:24 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 19:24 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 19:24 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 19:24 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 19:24 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 19:24 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 19:24 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 19:24 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 19:24 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 19:24 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 19:24 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 19:24 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 19:24 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 19:24 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 19:24 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 19:24 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 19:24 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 19:24 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 19:24 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 19:24 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 19:24 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 19:24 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 19:24 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 19:24 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 19:24 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 19:24 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 19:24 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 19:24 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 19:24 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 19:24 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 19:24 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 19:24 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 19:24 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 19:24 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 19:24 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 19:24 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 19:24 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 19:24 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 19:24 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 19:24 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 19:24 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 19:24 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 19:24 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 19:24 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 19:24 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 19:24 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 19:24 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 19:24 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 19:24 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 19:24 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 19:24 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 19:24 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 19:24 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 19:24 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 19:24 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 19:24 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 19:24 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 19:23 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 19:23 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 19:23 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 19:23 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 19:23 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 19:23 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 19:23 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 19:23 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 19:23 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 19:23 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 19:23 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 19:23 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 19:23 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 19:23 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 19:23 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 19:23 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 19:23 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 19:23 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 19:23 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 19:23 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 19:23 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 19:23 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 19:23 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 19:23 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 19:23 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 19:23 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 19:23 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 19:23 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 19:23 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 19:23 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 19:23 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 19:23 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 19:23 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 19:23 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 19:23 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 19:23 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-14 19:23 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-14 19:23 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-14 19:23 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-14 19:23 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-14 19:23 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-14 19:23 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-14 19:22 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 19:22 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 19:22 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 19:22 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 19:22 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 19:22 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 19:22 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 19:22 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 19:22 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 19:22 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 19:22 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 19:22 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 19:22 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 19:22 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 19:22 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 19:22 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 19:22 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-12 17:22 - 2015-06-24 17:26 - 00000052 _____ C:\Users\Privat\Documents\2015_07_12-KlimaLoggPro.log
2015-07-12 17:11 - 2015-07-12 17:11 - 00000000 ____D C:\Program Files\CDBurnerXP
2015-07-12 10:39 - 2015-07-12 10:39 - 00000000 ____D C:\Users\R\AppData\Local\GWX
2015-07-11 05:28 - 2015-07-11 05:28 - 00000000 ____D C:\Users\Privat\AppData\Local\GWX
2015-07-10 18:06 - 2015-07-10 18:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-10 18:06 - 2015-07-10 18:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-03 15:05 - 2015-07-14 19:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-03 15:05 - 2015-07-03 15:05 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-03 15:05 - 2015-07-03 15:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-03 15:00 - 2015-07-03 15:00 - 01384576 _____ (Skype Technologies S.A.) C:\Users\Privat\Downloads\SkypeSetup(1).exe
2015-07-03 14:59 - 2015-07-05 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 00:17 - 2015-07-01 00:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.1.8.1057.exe
2015-06-30 16:03 - 2015-06-30 16:03 - 00000000 ____D C:\Users\Privat\AppData\Local\webkit
2015-06-29 06:33 - 2015-06-29 06:34 - 22304376 _____ (SUPERAntiSpyware) C:\Users\R\Downloads\SUPERAntiSpyware.exe
2015-06-28 14:05 - 2015-07-22 10:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-28 11:48 - 2015-06-28 11:48 - 00001571 _____ C:\Users\Privat\Desktop\pkColorPicker.lnk
2015-06-28 11:46 - 2015-06-28 22:45 - 00000000 ____D C:\Users\Privat\Downloads\Color
2015-06-24 17:55 - 2015-06-24 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-06-24 17:26 - 2015-05-14 11:36 - 00000364 _____ C:\Users\Privat\Documents\2015_06_24-KlimaLoggPro.log
2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2015-06-23 21:54 - 2015-06-23 21:55 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype
2015-06-23 21:54 - 2015-06-23 21:54 - 00000000 ____D C:\Users\R\AppData\Local\Skype
2015-06-23 21:47 - 2015-06-23 21:50 - 64892928 _____ C:\Users\Privat\Downloads\calibre-2.31.0.msi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 10:29 - 2015-05-03 16:02 - 01491276 _____ C:\Windows\WindowsUpdate.log
2015-07-22 10:28 - 2015-03-28 09:26 - 00000000 ____D C:\FRST
2015-07-22 10:27 - 2015-05-03 19:43 - 00000000 ____D C:\Users\Privat\Downloads\FRST
2015-07-22 10:24 - 2015-05-03 20:39 - 00000000 ____D C:\Windows\CryptoGuard
2015-07-22 10:07 - 2015-05-23 20:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 06:07 - 2015-05-23 20:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 01:27 - 2009-07-14 06:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 01:27 - 2009-07-14 06:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-21 22:12 - 2015-05-03 19:29 - 00000000 ____D C:\Users\Privat\Documents\Birkenring 40
2015-07-21 22:00 - 2015-05-03 21:14 - 00000000 ____D C:\Users\Privat\Documents\Outlook-Dateien
2015-07-21 21:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-21 13:51 - 2009-07-14 06:45 - 00523464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 21:46 - 2014-12-22 05:01 - 00000000 ____D C:\AdwCleaner
2015-07-19 10:07 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\vlc
2015-07-19 06:45 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\.mediathek3
2015-07-18 09:47 - 2015-05-03 16:27 - 00000000 ____D C:\Users\R
2015-07-18 09:23 - 2015-05-03 19:29 - 00000000 ____D C:\Users\Privat\Documents\DAA GVM
2015-07-17 18:02 - 2015-05-03 18:40 - 00000000 ____D C:\Users\Privat
2015-07-17 17:41 - 2015-05-07 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-07-17 17:41 - 2015-05-07 07:50 - 00000000 ____D C:\Program Files (x86)\Calibre2
2015-07-17 17:41 - 2015-05-03 18:36 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-07-17 14:57 - 2015-05-14 12:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1.tmp
2015-07-17 14:57 - 2015-05-14 12:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1
2015-07-17 14:57 - 2015-05-03 19:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\KlimaLoggPro
2015-07-17 12:23 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\.gimp-2.8
2015-07-17 12:22 - 2015-05-03 19:25 - 00000000 ____D C:\Users\Privat\AppData\Local\gtk-2.0
2015-07-17 12:22 - 2009-07-14 19:58 - 00699342 _____ C:\Windows\system32\perfh007.dat
2015-07-17 12:22 - 2009-07-14 19:58 - 00149450 _____ C:\Windows\system32\perfc007.dat
2015-07-17 12:22 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-17 08:15 - 2015-05-14 11:33 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-07-15 20:11 - 2015-05-14 19:43 - 00007630 _____ C:\Users\R\AppData\Local\Resmon.ResmonCfg
2015-07-15 20:01 - 2015-05-03 19:28 - 00000000 ___RD C:\Users\Privat\Desktop\Admi
2015-07-15 19:49 - 2015-05-14 11:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-15 08:40 - 2015-05-15 09:04 - 00000842 _____ C:\Users\Privat\AppData\Roaming\Drives Meter_Settings.ini
2015-07-14 20:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-14 20:15 - 2015-05-12 08:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 20:15 - 2015-05-12 08:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 19:47 - 2015-05-03 16:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-14 19:43 - 2015-05-03 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 19:36 - 2015-05-03 16:35 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 19:26 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Local\Adobe
2015-07-14 19:25 - 2015-05-03 20:31 - 00000000 ____D C:\Users\R\AppData\Local\Adobe
2015-07-12 22:55 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\dvdcss
2015-07-12 17:19 - 2015-05-07 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-12 17:11 - 2015-05-04 11:37 - 00001692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-07-12 17:11 - 2015-05-03 18:36 - 00001742 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-07-12 05:57 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\DAEMON Tools Lite
2015-07-12 05:37 - 2015-05-14 15:12 - 00000000 ____D C:\Users\Privat\Downloads\Sysinternals Suite
2015-07-10 19:28 - 2015-05-03 16:38 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-10 19:01 - 2015-05-03 18:45 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 21:35 - 2015-05-07 07:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-08 15:07 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\MyPhoneExplorer
2015-07-06 23:24 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe
2015-07-06 18:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-05 21:51 - 2015-05-03 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 13:18 - 2015-05-03 21:14 - 00000000 ____D C:\Users\Privat\Documents\Goethe Schule
2015-07-05 12:08 - 2015-05-03 16:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 15:05 - 2015-05-03 20:35 - 00000000 ____D C:\ProgramData\Adobe
2015-07-03 15:02 - 2015-05-08 19:42 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Skype
2015-07-03 15:01 - 2015-05-08 19:41 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 08:43 - 2015-05-03 16:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 21:39 - 2015-05-03 18:48 - 00000000 ____D C:\Program Files\CCleaner
2015-07-01 00:19 - 2015-05-03 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-01 00:19 - 2015-05-03 18:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-24 18:30 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Mp3tag
2015-06-24 17:55 - 2015-05-03 20:20 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2015-06-24 17:55 - 2015-05-03 19:44 - 00000000 ____D C:\Users\Privat\Downloads\Mp3Tag
2015-06-24 17:47 - 2015-05-03 19:44 - 00000000 ____D C:\Users\Privat\Downloads\Microsoft Safety Scanner
2015-06-24 12:35 - 2015-05-08 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-23 21:55 - 2015-05-08 18:48 - 00003019 _____ C:\Windows\system32\TeamViewer10_Hooks.log
2015-06-23 21:54 - 2015-05-08 18:47 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-23 21:53 - 2015-06-21 14:24 - 00001121 _____ C:\Users\R\Desktop\CyberLink YouCam.lnk

==================== Files in the root of some directories =======

2015-05-03 19:20 - 2015-01-25 15:16 - 0000093 _____ () C:\Users\Privat\AppData\Roaming\ARCompanion.log
2015-05-15 09:04 - 2015-07-15 08:40 - 0000842 _____ () C:\Users\Privat\AppData\Roaming\Drives Meter_Settings.ini
2015-07-17 12:23 - 2015-07-17 12:23 - 0028396 _____ () C:\Users\Privat\AppData\Local\recently-used.xbel
2015-05-09 11:11 - 2015-05-09 11:11 - 0000043 ___SH () C:\ProgramData\.zreglib
2015-05-23 09:16 - 2015-05-23 09:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-14 12:14 - 2015-07-17 14:57 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1
2015-05-14 12:14 - 2015-07-17 14:57 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1.tmp
2015-05-07 12:33 - 2015-05-07 12:33 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore

Some files in TEMP:
====================
C:\Users\R\AppData\Local\Temp\Quarantine.exe
C:\Users\R\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================
         
--- --- ---




[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Privat at 2015-07-22 10:30:29
Running from C:\Users\Privat\Downloads\FRST
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1269753938-3578349479-3780603664-500 - Administrator - Disabled)
Coach (S-1-5-21-1269753938-3578349479-3780603664-1003 - Limited - Enabled) => C:\Users\Coach
Gast (S-1-5-21-1269753938-3578349479-3780603664-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1269753938-3578349479-3780603664-1002 - Limited - Enabled)
Privat (S-1-5-21-1269753938-3578349479-3780603664-1004 - Limited - Enabled) => C:\Users\Privat
R (S-1-5-21-1269753938-3578349479-3780603664-1001 - Administrator - Enabled) => C:\Users\R

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image 2015 (HKLM-x32\...\{08DC7D7A-1CA0-4E96-B12F-9B9577FCF0F8}Visible) (Version: 18.0.6525 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6525 - Acronis) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{25107779-C295-EB3E-3C92-AC1B45680012}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
BatteryLifeExtender (HKLM-x32\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
calibre (HKLM-x32\...\{10166EDF-AE11-45B8-B62C-CF56795D7686}) (Version: 2.32.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
COMODO System Utilities (HKLM\...\{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}) (Version: 4.0.226743.26 - COMODO)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version:  - TFA Dostmann)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.16.3 - Marvell)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.6 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Namuga 1.3M Webcam (HKLM-x32\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Paragon Festplatten Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7459 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{C9347A74-CDAD-4076-B754-11752F6BE324}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Youtube Downloader HD v. 2.9.9.23 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => 

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 3
MSCONFIG\Services: AcrSch2Svc => 3
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: afcdpsrv => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: CSUService => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: Lexware_Update_Service => 2
MSCONFIG\Services: MBAMScheduler => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: syncagentsrv => 3
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5B5BAAD7-C27A-433D-BF15-8D0466696919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{079FAD09-9EA7-421E-AADB-78B42598D130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20034301-9439-4F46-AF5C-548B4F2C3809}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{1246295B-6556-44D9-AE3A-E4E573CE8430}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{C9AD7762-34D0-46EF-B212-938167D6034C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5CF7127C-5FB7-4EE5-8704-DDFAB4E4A8BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{02CE4919-36F7-4A9E-B5A2-3218DA5F6B8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF83AD2D-3A2B-43E9-91A2-89EE3B1FA357}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe
FirewallRules: [{7C43FFFB-EDCD-4BFD-B1C7-4B3B261D3345}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe
FirewallRules: [{8E13B30F-4358-4215-9B06-EB97420A34A2}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
FirewallRules: [{F48AC153-3B3D-4455-B792-CE825D18B5D3}] => (Allow) LPort=1900
FirewallRules: [{E69511C7-8E5A-4946-A703-72AFF079FD3D}] => (Allow) LPort=2869
FirewallRules: [{A1709944-5227-47E7-90C1-A74419ADFADD}] => (Allow) C:\Windows\ehome\ehrecvr.exe
FirewallRules: [{AC489AC5-F72B-48C4-AAF9-ACB209AAFAC5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6C82E8B0-543E-497D-8811-23688FAA2D03}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{E8714BE3-A289-4D00-AB7F-4C84D6DF7F5D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{CE91B477-E531-4FBB-A876-7FCC8843DF48}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{679B012B-DC01-402F-922F-827322CABAFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5DEB5DD9-88C0-46FB-B5A9-3A85BE3605A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3CE87CCD-153A-4419-B215-F83AEFBEFB17}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB19EFF8-415C-43DD-922B-7F8644FF663F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 01:23:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2015 02:19:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2015 01:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 39.0.0.5659 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1320

Startzeit: 01d0c3aa0d8a6109

Endzeit: 31

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 5205dd46-2f9e-11e5-83a9-002454164d61

Error: (07/20/2015 10:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4a0

Startzeit: 01d0c324ea4306ed

Endzeit: 39

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 1fdc5e8b-2f20-11e5-83a9-002454164d61

Error: (07/20/2015 07:52:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/19/2015 07:02:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/19/2015 06:40:21 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (07/18/2015 11:10:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (07/18/2015 11:40:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/18/2015 11:34:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


System errors:
=============
Error: (07/21/2015 10:00:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/21/2015 02:02:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/21/2015 02:01:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/21/2015 01:53:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2015 09:48:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SAS Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HitmanPro.Alert Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/22/2015 01:23:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/21/2015 02:19:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/21/2015 01:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.5659132001d0c3aa0d8a610931C:\Program Files (x86)\Mozilla Firefox\firefox.exe5205dd46-2f9e-11e5-83a9-002454164d61

Error: (07/20/2015 10:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175674a001d0c324ea4306ed39C:\Windows\Explorer.EXE1fdc5e8b-2f20-11e5-83a9-002454164d61

Error: (07/20/2015 07:52:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/19/2015 07:02:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/19/2015 06:40:21 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (07/18/2015 11:10:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (07/18/2015 11:40:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/18/2015 11:34:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5


CodeIntegrity Errors:
===================================
  Date: 2015-07-22 10:29:31.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-22 10:23:55.269
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-22 07:11:12.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 21:58:49.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 19:59:09.076
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 14:55:48.565
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 14:33:12.124
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 13:51:23.314
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 13:46:10.618
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 09:22:53.692
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz
Percentage of memory in use: 55%
Total physical RAM: 3036.61 MB
Available physical RAM: 1349.39 MB
Total Virtual: 6071.43 MB
Available Virtual: 4164.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:198.89 GB) (Free:16.5 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Daten) (Fixed) (Total:131.39 GB) (Free:38.38 GB) NTFS
Drive e: (temp) (Fixed) (Total:59.43 GB) (Free:5.35 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of log ============================
         
--- --- ---


Danke Rainer

Geändert von rk1757 (22.07.2015 um 09:56 Uhr) Grund: FRST64-Logs hinzugefügt

Alt 22.07.2015, 10:08   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Kurz durchchecken erbeten - Standard

Kurz durchchecken erbeten



Hi,

FRST bitte nochmal, unsere Tools brauchen immer Adminrechte
__________________

__________________

Alt 22.07.2015, 10:53   #3
rk1757
 
Kurz durchchecken erbeten - Standard

Hier die beiden FRST64-logs mit Adminrechten




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by R (administrator) on R-PC-SAM on 22-07-2015 11:48:53
Running from C:\Users\Privat\Downloads\FRST
Loaded Profiles: R & Privat (Available Profiles: R & Coach & Privat)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\COMODO System Utilities\CSU_CLI.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\Privat\Downloads\Loki-master\loki.exe
() C:\Users\Privat\Downloads\Loki-master\loki.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_209_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S9].txt [9080 2015-07-20] ()
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-05-03] (Microsoft Corporation)
Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-14] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://zeus.daa.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-17] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{577C61D7-1B72-41BF-A1D7-2A177E50DDC8}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{97B1E5B2-DDE4-4846-98AF-3ED3951786B1}: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\lun5y3m9.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-17] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\lun5y3m9.default\Extensions\mailcheck@web.de [2015-05-30]
FF Extension: Adblock Plus - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\lun5y3m9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-30]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 CSUService; C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [347968 2012-02-24] (Comodo Security Solutions, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-06-02] (SurfRight B.V.)
S3 KlimaLogg Service; C:\Program Files (x86)\KlimaLoggPro\KlimaLoggProService.exe [2480640 2014-05-27] () [File not signed]
S3 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S3 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-05-03] (Disc Soft Ltd)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-05-09] (Acronis International GmbH)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-06-02] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [34056 2015-05-05] (Paragon Software Group)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [626792 2015-05-23] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1328928 2015-05-09] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [234784 2015-05-09] (Acronis International GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [102664 2015-05-05] ()
R1 Uim_DEVIM; C:\Windows\System32\DRIVERS\uim_devim.sys [25992 2015-05-05] ()
R1 Uim_IM; C:\Windows\System32\DRIVERS\uim_im.sys [701320 2015-05-05] ()
R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2015-05-16] (Vimicro Corporation)
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S4 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S4 tsusbhub; system32\drivers\tsusbhub.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 13:53 - 2015-07-21 22:00 - 00000000 ____D C:\Users\Privat\Downloads\Loki-master
2015-07-21 09:28 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 09:28 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:28 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 09:28 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 09:28 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 09:28 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 09:28 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 09:28 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 09:28 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 09:28 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 14:49 - 2015-07-20 14:50 - 00000000 ____D C:\Users\Privat\Downloads\ReginScanner-master
2015-07-18 23:08 - 2015-07-21 21:58 - 00000336 _____ C:\Windows\setupact.log
2015-07-18 23:08 - 2015-07-18 23:08 - 00000000 _____ C:\Windows\setuperr.log
2015-07-18 10:01 - 2015-07-18 10:02 - 00000000 ____D C:\Users\R\AppData\Roaming\vlc
2015-07-18 09:46 - 2015-07-18 09:46 - 00001001 _____ C:\Users\Public\Desktop\COMODO System Utilities.lnk
2015-07-18 09:46 - 2015-07-18 09:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-07-18 09:45 - 2015-07-18 09:45 - 00000000 ____D C:\Program Files\COMODO
2015-07-17 18:02 - 2015-07-19 10:01 - 00000000 ____D C:\Users\Privat\MediathekView
2015-07-17 17:57 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Sun
2015-07-17 17:57 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-17 17:57 - 2015-07-17 17:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-17 17:56 - 2015-07-17 17:57 - 00000000 ____D C:\ProgramData\Oracle
2015-07-17 17:56 - 2015-07-17 17:56 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-17 17:55 - 2015-07-17 17:55 - 00562784 _____ (Oracle Corporation) C:\Users\Privat\Downloads\jxpiinstall(1).exe
2015-07-17 17:35 - 2015-07-17 17:37 - 64954368 _____ C:\Users\Privat\Downloads\calibre-2.32.0.msi
2015-07-17 16:53 - 2015-07-17 14:53 - 00000052 _____ C:\Users\Privat\Documents\KlimaLoggPro.log
2015-07-17 14:53 - 2015-07-12 17:22 - 00000052 _____ C:\Users\Privat\Documents\2015_07_17-KlimaLoggPro.log
2015-07-17 13:02 - 2015-07-17 13:02 - 00000000 ____D C:\Users\Privat\Downloads\Stiftung Warentest
2015-07-17 12:23 - 2015-07-17 12:23 - 00028396 _____ C:\Users\Privat\AppData\Local\recently-used.xbel
2015-07-15 19:49 - 2015-07-15 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-15 19:48 - 2015-07-15 19:48 - 22437104 _____ (SUPERAntiSpyware) C:\Users\R\Downloads\SUPERAntiSpyware(1).exe
2015-07-15 10:36 - 2015-07-15 10:36 - 00000000 ____D C:\Users\Privat\AppData\Local\CEF
2015-07-14 19:24 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 19:24 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 19:24 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 19:24 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 19:24 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 19:24 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 19:24 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 19:24 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 19:24 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 19:24 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 19:24 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 19:24 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 19:24 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 19:24 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 19:24 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 19:24 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 19:24 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 19:24 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 19:24 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 19:24 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 19:24 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 19:24 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 19:24 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 19:24 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 19:24 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 19:24 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 19:24 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 19:24 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 19:24 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 19:24 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 19:24 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 19:24 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 19:24 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 19:24 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 19:24 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 19:24 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 19:24 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 19:24 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 19:24 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 19:24 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 19:24 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 19:24 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 19:24 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 19:24 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 19:24 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 19:24 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 19:24 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 19:24 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 19:24 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 19:24 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 19:24 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 19:24 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 19:24 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 19:24 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 19:24 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 19:24 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 19:24 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 19:24 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 19:23 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 19:23 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 19:23 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 19:23 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 19:23 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 19:23 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 19:23 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 19:23 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 19:23 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 19:23 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 19:23 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 19:23 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 19:23 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 19:23 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 19:23 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 19:23 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 19:23 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 19:23 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 19:23 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 19:23 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 19:23 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 19:23 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 19:23 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 19:23 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 19:23 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 19:23 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 19:23 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 19:23 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 19:23 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 19:23 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 19:23 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 19:23 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 19:23 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 19:23 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 19:23 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 19:23 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 19:23 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 19:23 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-14 19:23 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-14 19:23 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-14 19:23 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-14 19:23 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-14 19:23 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-14 19:23 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-14 19:22 - 2015-07-09 19:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 19:22 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 19:22 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 19:22 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 19:22 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 19:22 - 2015-07-09 19:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 19:22 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 19:22 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 19:22 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 19:22 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 19:22 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 19:22 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 19:22 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 19:22 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 19:22 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 19:22 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 19:22 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 19:22 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-12 17:22 - 2015-06-24 17:26 - 00000052 _____ C:\Users\Privat\Documents\2015_07_12-KlimaLoggPro.log
2015-07-12 17:11 - 2015-07-12 17:11 - 00000000 ____D C:\Program Files\CDBurnerXP
2015-07-12 10:46 - 2015-07-12 10:46 - 00003112 _____ C:\Windows\System32\Tasks\{5727E98A-C166-4F4F-B69A-624308427126}
2015-07-12 10:39 - 2015-07-12 10:39 - 00000000 ____D C:\Users\R\AppData\Local\GWX
2015-07-11 05:28 - 2015-07-11 05:28 - 00000000 ____D C:\Users\Privat\AppData\Local\GWX
2015-07-10 18:06 - 2015-07-10 18:06 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-10 18:06 - 2015-07-10 18:06 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-03 15:05 - 2015-07-14 19:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-03 15:05 - 2015-07-03 15:05 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-03 15:05 - 2015-07-03 15:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-03 15:00 - 2015-07-03 15:00 - 01384576 _____ (Skype Technologies S.A.) C:\Users\Privat\Downloads\SkypeSetup(1).exe
2015-07-03 14:59 - 2015-07-05 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-01 00:17 - 2015-07-01 00:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Privat\Downloads\mbam-setup-2.1.8.1057.exe
2015-06-30 16:03 - 2015-06-30 16:03 - 00000000 ____D C:\Users\Privat\AppData\Local\webkit
2015-06-29 06:33 - 2015-06-29 06:34 - 22304376 _____ (SUPERAntiSpyware) C:\Users\R\Downloads\SUPERAntiSpyware.exe
2015-06-28 14:05 - 2015-07-22 11:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-28 14:05 - 2015-07-14 20:15 - 00003824 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-28 11:48 - 2015-06-28 11:48 - 00001571 _____ C:\Users\Privat\Desktop\pkColorPicker.lnk
2015-06-28 11:46 - 2015-06-28 22:45 - 00000000 ____D C:\Users\Privat\Downloads\Color
2015-06-24 17:55 - 2015-06-24 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2015-06-24 17:26 - 2015-05-14 11:36 - 00000364 _____ C:\Users\Privat\Documents\2015_06_24-KlimaLoggPro.log
2015-06-24 01:29 - 2015-06-24 01:29 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2015-06-23 21:54 - 2015-06-23 21:55 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype
2015-06-23 21:54 - 2015-06-23 21:54 - 00000000 ____D C:\Users\R\AppData\Local\Skype
2015-06-23 21:47 - 2015-06-23 21:50 - 64892928 _____ C:\Users\Privat\Downloads\calibre-2.31.0.msi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 11:48 - 2015-05-03 19:43 - 00000000 ____D C:\Users\Privat\Downloads\FRST
2015-07-22 11:48 - 2015-03-28 09:26 - 00000000 ____D C:\FRST
2015-07-22 11:07 - 2015-05-23 20:37 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 10:58 - 2015-05-03 21:14 - 00000000 ____D C:\Users\Privat\Documents\Outlook-Dateien
2015-07-22 10:58 - 2015-05-03 20:39 - 00000000 ____D C:\Windows\CryptoGuard
2015-07-22 10:29 - 2015-05-03 16:02 - 01491276 _____ C:\Windows\WindowsUpdate.log
2015-07-22 06:07 - 2015-05-23 20:37 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 01:27 - 2009-07-14 06:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-22 01:27 - 2009-07-14 06:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-21 22:12 - 2015-05-03 19:29 - 00000000 ____D C:\Users\Privat\Documents\Birkenring 40
2015-07-21 21:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-21 19:57 - 2015-05-03 19:01 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{188137A1-1E81-4F3A-8688-E6E423B81A2B}
2015-07-21 13:51 - 2009-07-14 06:45 - 00523464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 21:46 - 2014-12-22 05:01 - 00000000 ____D C:\AdwCleaner
2015-07-19 10:07 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\vlc
2015-07-19 06:45 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\.mediathek3
2015-07-18 09:54 - 2015-05-03 17:18 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{40C5265C-6D46-4C88-9275-57E22DF0E601}
2015-07-18 09:47 - 2015-05-03 16:27 - 00000000 ____D C:\Users\R
2015-07-18 09:23 - 2015-05-03 19:29 - 00000000 ____D C:\Users\Privat\Documents\DAA GVM
2015-07-17 18:02 - 2015-05-03 18:40 - 00000000 ____D C:\Users\Privat
2015-07-17 17:41 - 2015-05-07 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-07-17 17:41 - 2015-05-07 07:50 - 00000000 ____D C:\Program Files (x86)\Calibre2
2015-07-17 17:41 - 2015-05-03 18:36 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-07-17 14:57 - 2015-05-14 12:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1.tmp
2015-07-17 14:57 - 2015-05-14 12:14 - 00002393 _____ C:\ProgramData\KlimaLogg.dat1
2015-07-17 14:57 - 2015-05-03 19:23 - 00000000 ____D C:\Users\Privat\AppData\Roaming\KlimaLoggPro
2015-07-17 12:23 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\.gimp-2.8
2015-07-17 12:22 - 2015-05-03 19:25 - 00000000 ____D C:\Users\Privat\AppData\Local\gtk-2.0
2015-07-17 12:22 - 2009-07-14 19:58 - 00699342 _____ C:\Windows\system32\perfh007.dat
2015-07-17 12:22 - 2009-07-14 19:58 - 00149450 _____ C:\Windows\system32\perfc007.dat
2015-07-17 12:22 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-17 08:15 - 2015-05-14 11:33 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-07-16 06:02 - 2015-05-23 20:37 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 06:02 - 2015-05-23 20:37 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 20:11 - 2015-05-14 19:43 - 00007630 _____ C:\Users\R\AppData\Local\Resmon.ResmonCfg
2015-07-15 20:01 - 2015-05-03 19:28 - 00000000 ___RD C:\Users\Privat\Desktop\Admi
2015-07-15 19:49 - 2015-05-14 11:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-15 08:40 - 2015-05-15 09:04 - 00000842 _____ C:\Users\Privat\AppData\Roaming\Drives Meter_Settings.ini
2015-07-14 20:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-14 20:15 - 2015-05-12 08:54 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 20:15 - 2015-05-12 08:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 19:47 - 2015-05-03 16:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-14 19:43 - 2015-05-03 22:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-14 19:36 - 2015-05-03 16:35 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 19:33 - 2015-05-04 06:04 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 19:26 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Local\Adobe
2015-07-14 19:25 - 2015-05-03 20:31 - 00000000 ____D C:\Users\R\AppData\Local\Adobe
2015-07-12 22:55 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\dvdcss
2015-07-12 17:19 - 2015-05-07 11:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-12 17:11 - 2015-05-04 11:37 - 00001692 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-07-12 17:11 - 2015-05-03 18:36 - 00001742 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2015-07-12 16:50 - 2015-06-09 23:01 - 00003128 _____ C:\Windows\System32\Tasks\SAgent
2015-07-12 16:49 - 2015-06-21 14:39 - 00003040 _____ C:\Windows\System32\Tasks\BatteryLifeExtender
2015-07-12 05:57 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\DAEMON Tools Lite
2015-07-12 05:37 - 2015-05-14 15:12 - 00000000 ____D C:\Users\Privat\Downloads\Sysinternals Suite
2015-07-10 19:28 - 2015-05-03 16:38 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-10 19:01 - 2015-05-03 18:45 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 21:35 - 2015-05-07 07:51 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-08 15:07 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\MyPhoneExplorer
2015-07-06 23:24 - 2015-05-03 19:20 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Adobe
2015-07-06 18:40 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-06 06:48 - 2015-05-18 03:48 - 00000000 ____D C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
2015-07-05 21:51 - 2015-05-03 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 13:18 - 2015-05-03 21:14 - 00000000 ____D C:\Users\Privat\Documents\Goethe Schule
2015-07-05 12:08 - 2015-05-03 16:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 15:05 - 2015-05-03 20:35 - 00000000 ____D C:\ProgramData\Adobe
2015-07-03 15:02 - 2015-05-08 19:42 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Skype
2015-07-03 15:01 - 2015-05-08 19:41 - 00000000 ____D C:\ProgramData\Skype
2015-07-03 08:43 - 2015-05-03 16:35 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 21:39 - 2015-05-03 18:48 - 00000000 ____D C:\Program Files\CCleaner
2015-07-01 00:19 - 2015-05-03 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-01 00:19 - 2015-05-03 18:45 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-06-29 03:25 - 2015-05-03 16:42 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-06-24 18:30 - 2015-05-03 19:24 - 00000000 ____D C:\Users\Privat\AppData\Roaming\Mp3tag
2015-06-24 17:55 - 2015-05-03 20:20 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2015-06-24 17:55 - 2015-05-03 19:44 - 00000000 ____D C:\Users\Privat\Downloads\Mp3Tag
2015-06-24 17:47 - 2015-05-03 19:44 - 00000000 ____D C:\Users\Privat\Downloads\Microsoft Safety Scanner
2015-06-24 12:35 - 2015-05-08 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-06-23 21:55 - 2015-05-08 18:48 - 00003019 _____ C:\Windows\system32\TeamViewer10_Hooks.log
2015-06-23 21:54 - 2015-05-08 18:47 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-23 21:53 - 2015-06-21 14:24 - 00001121 _____ C:\Users\R\Desktop\CyberLink YouCam.lnk

==================== Files in the root of some directories =======

2015-05-14 15:45 - 2015-05-14 15:45 - 0000036 _____ () C:\Users\R\AppData\Local\housecall.guid.cache
2015-05-14 19:43 - 2015-07-15 20:11 - 0007630 _____ () C:\Users\R\AppData\Local\Resmon.ResmonCfg
2015-05-09 11:11 - 2015-05-09 11:11 - 0000043 ___SH () C:\ProgramData\.zreglib
2015-05-23 09:16 - 2015-05-23 09:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-14 12:14 - 2015-07-17 14:57 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1
2015-05-14 12:14 - 2015-07-17 14:57 - 0002393 _____ () C:\ProgramData\KlimaLogg.dat1.tmp
2015-05-07 12:33 - 2015-05-07 12:33 - 41943040 _____ () C:\ProgramData\KlimaLoggServiceDataStore

Some files in TEMP:
====================
C:\Users\R\AppData\Local\Temp\Quarantine.exe
C:\Users\R\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 08:50

==================== End of log ============================
         
--- --- ---


[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by R at 2015-07-22 11:50:27
Running from C:\Users\Privat\Downloads\FRST
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1269753938-3578349479-3780603664-500 - Administrator - Disabled)
Coach (S-1-5-21-1269753938-3578349479-3780603664-1003 - Limited - Enabled) => C:\Users\Coach
Gast (S-1-5-21-1269753938-3578349479-3780603664-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1269753938-3578349479-3780603664-1002 - Limited - Enabled)
Privat (S-1-5-21-1269753938-3578349479-3780603664-1004 - Limited - Enabled) => C:\Users\Privat
R (S-1-5-21-1269753938-3578349479-3780603664-1001 - Administrator - Enabled) => C:\Users\R

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Acronis True Image 2015 (HKLM-x32\...\{08DC7D7A-1CA0-4E96-B12F-9B9577FCF0F8}Visible) (Version: 18.0.6525 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6525 - Acronis) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{25107779-C295-EB3E-3C92-AC1B45680012}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Attack Surface Analyzer (HKLM\...\{2710505A-D198-4906-8767-F869909D9FA6}) (Version: 5.3.0.0 - Microsoft Corporation)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
BatteryLifeExtender (HKLM-x32\...\{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}) (Version: 1.0.0 - Samsung)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
calibre (HKLM-x32\...\{10166EDF-AE11-45B8-B62C-CF56795D7686}) (Version: 2.32.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5642 - CDBurnerXP)
CDex - Open Source Digital Audio CD Extractor (HKLM-x32\...\CDex) (Version: 1.79.0.2015 - Georgy Berdyshev)
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
COMODO System Utilities (HKLM\...\{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}) (Version: 4.0.226743.26 - COMODO)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.2907 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.4 - Samsung Electronics Co.,Ltd.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Earth (HKLM-x32\...\{1A295C25-6E02-49FB-826B-F0D2C56FFA4E}) (Version: 7.1.4.1529 - Google)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
KlimaLogg Pro (HKLM-x32\...\KlimaLogg Pro_is1) (Version:  - TFA Dostmann)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 12.10.16.3 - Marvell)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.6 - Mozilla)
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Namuga 1.3M Webcam (HKLM-x32\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Paragon Festplatten Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Paragon Partition Manager™ 10.0 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7459 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.3 - Samsung)
Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Studie zur Verbesserung von HP Officejet 6500 E710n-z Produkten (HKLM\...\{C9347A74-CDAD-4076-B754-11752F6BE324}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
TVCenter (HKLM\...\{DD0A0C72-A7C3-4722-86C9-2399F9FC0DE7}) (Version: 6.4.5.933 - PCTV Systems)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.1.0 - UltraDefrag Development Team)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Youtube Downloader HD v. 2.9.9.23 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

18-07-2015 09:45:26 COMODO System Utilities Installaton
18-07-2015 14:44:20 Windows Update
21-07-2015 13:45:59 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {33A22260-EA94-46AE-8065-30C1E935CA53} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-12] (Samsung Electronics Co., Ltd.)
Task: {33D95203-43E0-41F8-8BED-C0B0D9461821} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {34C677BB-53FF-4DC7-B5B1-062029D8DE52} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {748B07BB-0D89-4567-B40D-B126424B396A} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2009-08-12] (Samsung Electronics. Co. Ltd.)
Task: {8B7C2A31-9A81-4927-8D63-849670C324FA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1269753938-3578349479-3780603664-1003
Task: {9254ED14-7CC2-4A82-8270-3DD255AF0A6B} - System32\Tasks\{5727E98A-C166-4F4F-B69A-624308427126} => pcalua.exe -a C:\Users\R\AppData\Local\Temp\Temp1_PageDefrag.zip\pagedfrg.exe
Task: {93F6FB47-34E8-4FFE-A90B-4BF881C3A93A} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
Task: {9783CAC9-C0C1-4FDC-9157-30DCC8F71CA3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {A4924BCE-2A4B-49C8-9327-DDBE8AD1912F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {B0A859EF-BAD3-4298-84CA-E8B5888AB69F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)
Task: {C623C884-470A-4844-8297-719433FFEA0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {CB7A9EA7-D653-457A-B398-B9AA1857C4B1} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2009-08-06] (SEC)
Task: {D63A1F85-5390-4B83-B3F8-2F617CAAE214} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2009-08-23] (Samsung Electronics Co., Ltd.)
Task: {EAEB4E54-B5CF-4C49-80C0-83CB7942E9BB} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-07-21 13:53 - 2015-07-20 06:36 - 08311411 _____ () C:\Users\Privat\Downloads\Loki-master\loki.exe
2015-06-10 10:40 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2015-07-21 22:00 - 2015-07-21 22:00 - 00774656 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_hashlib.pyd
2015-07-21 22:00 - 2015-07-21 22:00 - 00100352 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\win32api.pyd
2015-07-21 22:00 - 2015-07-21 22:00 - 00110080 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\pywintypes27.dll
2015-07-21 22:00 - 2015-07-21 22:00 - 00396800 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\pythoncom27.dll
2015-07-21 22:00 - 2015-07-21 22:00 - 00087552 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_ctypes.pyd
2015-07-21 22:00 - 2015-07-21 22:00 - 00014848 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_scandir.pyd
2015-07-21 22:00 - 2015-07-21 22:00 - 00712704 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\yara.pyd
2015-07-21 22:00 - 2015-07-21 22:00 - 00046080 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_socket.pyd
2015-07-21 22:00 - 2015-07-21 22:00 - 01201152 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_ssl.pyd
2015-07-21 22:00 - 2015-07-21 22:00 - 00036352 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\_psutil_windows.pyd
2015-07-21 22:00 - 2015-07-21 22:00 - 00381952 _____ () C:\Users\R\AppData\Local\Temp\_MEI46842\win32com.shell.shell.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1269753938-3578349479-3780603664-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\R\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1269753938-3578349479-3780603664-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 3
MSCONFIG\Services: AcrSch2Svc => 3
MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: afcdpsrv => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: CSUService => 3
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: Lexware_Update_Service => 2
MSCONFIG\Services: MBAMScheduler => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: syncagentsrv => 3
MSCONFIG\Services: TeamViewer => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5B5BAAD7-C27A-433D-BF15-8D0466696919}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{079FAD09-9EA7-421E-AADB-78B42598D130}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20034301-9439-4F46-AF5C-548B4F2C3809}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{1246295B-6556-44D9-AE3A-E4E573CE8430}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{C9AD7762-34D0-46EF-B212-938167D6034C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5CF7127C-5FB7-4EE5-8704-DDFAB4E4A8BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{02CE4919-36F7-4A9E-B5A2-3218DA5F6B8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF83AD2D-3A2B-43E9-91A2-89EE3B1FA357}] => (Allow) C:\Program Files (x86)\PCTV Systems\TVCenter\TVCenter.exe
FirewallRules: [{7C43FFFB-EDCD-4BFD-B1C7-4B3B261D3345}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\PVR\VideoControl.exe
FirewallRules: [{8E13B30F-4358-4215-9B06-EB97420A34A2}] => (Allow) C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe
FirewallRules: [{F48AC153-3B3D-4455-B792-CE825D18B5D3}] => (Allow) LPort=1900
FirewallRules: [{E69511C7-8E5A-4946-A703-72AFF079FD3D}] => (Allow) LPort=2869
FirewallRules: [{A1709944-5227-47E7-90C1-A74419ADFADD}] => (Allow) C:\Windows\ehome\ehrecvr.exe
FirewallRules: [{AC489AC5-F72B-48C4-AAF9-ACB209AAFAC5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6C82E8B0-543E-497D-8811-23688FAA2D03}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{E8714BE3-A289-4D00-AB7F-4C84D6DF7F5D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{CE91B477-E531-4FBB-A876-7FCC8843DF48}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{679B012B-DC01-402F-922F-827322CABAFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5DEB5DD9-88C0-46FB-B5A9-3A85BE3605A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3CE87CCD-153A-4419-B215-F83AEFBEFB17}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DB19EFF8-415C-43DD-922B-7F8644FF663F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 01:23:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2015 02:19:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2015 01:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 39.0.0.5659 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1320

Startzeit: 01d0c3aa0d8a6109

Endzeit: 31

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 5205dd46-2f9e-11e5-83a9-002454164d61

Error: (07/20/2015 10:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4a0

Startzeit: 01d0c324ea4306ed

Endzeit: 39

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 1fdc5e8b-2f20-11e5-83a9-002454164d61

Error: (07/20/2015 07:52:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/19/2015 07:02:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/19/2015 06:40:21 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (07/18/2015 11:10:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (07/18/2015 11:40:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/18/2015 11:34:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" in Zeile  Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


System errors:
=============
Error: (07/21/2015 10:00:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/21/2015 02:02:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/21/2015 02:01:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (07/21/2015 01:53:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2015 09:48:40 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SAS Core Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HitmanPro.Alert Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/20/2015 09:46:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/22/2015 01:23:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/21/2015 02:19:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/21/2015 01:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe39.0.0.5659132001d0c3aa0d8a610931C:\Program Files (x86)\Mozilla Firefox\firefox.exe5205dd46-2f9e-11e5-83a9-002454164d61

Error: (07/20/2015 10:44:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175674a001d0c324ea4306ed39C:\Windows\Explorer.EXE1fdc5e8b-2f20-11e5-83a9-002454164d61

Error: (07/20/2015 07:52:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/19/2015 07:02:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/19/2015 06:40:21 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (07/18/2015 11:10:01 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (07/18/2015 11:40:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\users\privat\downloads\eset online scanner\esetsmartinstaller_deu.exe

Error: (07/18/2015 11:34:42 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Users\Privat\AppData\Local\Citrix\ICA Client\MFC80.DLLC:\Users\Privat\AppData\Local\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5


CodeIntegrity Errors:
===================================
  Date: 2015-07-22 11:48:29.920
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-22 10:58:25.622
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-22 10:39:52.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-22 10:29:31.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-22 10:23:55.269
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-22 07:11:12.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 21:58:49.446
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 19:59:09.076
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 14:55:48.565
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-21 14:33:12.124
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P7550 @ 2.26GHz
Percentage of memory in use: 45%
Total physical RAM: 3036.61 MB
Available physical RAM: 1656.23 MB
Total Virtual: 6071.43 MB
Available Virtual: 4250.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:198.89 GB) (Free:16.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:131.39 GB) (Free:38.38 GB) NTFS
Drive e: (temp) (Fixed) (Total:59.43 GB) (Free:5.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B4B6F23B)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=198.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=251.8 GB) - (Type=OF Extended)

==================== End of log ============================
         
--- --- ---
__________________

Alt 23.07.2015, 05:47   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Kurz durchchecken erbeten - Standard

Kurz durchchecken erbeten



Sieht gut aus. Ich würde SUPERAntiSpyware runterwerfen, das nutzt doch kein Mensch mehr
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.07.2015, 10:46   #5
rk1757
 
Kurz durchchecken erbeten - Standard

Danke



ich werfe SUPERAntiSpyware runter
Rainer


Alt 24.07.2015, 06:39   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Kurz durchchecken erbeten - Standard

Kurz durchchecken erbeten



ok
__________________
--> Kurz durchchecken erbeten

Antwort

Themen zu Kurz durchchecken erbeten
access denied, adobe, backdoor, bot, device driver, dllhost.exe, error, explorer.exe, file, firefox 39.0, google analytics, lsass.exe, malware, malwarebytes, microsoft, neu, newtab, officejet, phishing, port, robot, scan, security, services.exe, superantispyware, svchost.exe, system, temp, tracker, windows, windows media player, winlogon.exe, wmp



Ähnliche Themen: Kurz durchchecken erbeten


  1. Einmal kurz durchchecken
    Plagegeister aller Art und deren Bekämpfung - 11.07.2015 (11)
  2. Einfach mal durchchecken
    Mülltonne - 11.10.2008 (0)
  3. Bitte mal durchchecken...
    Log-Analyse und Auswertung - 05.08.2008 (9)
  4. HJT log File durchchecken
    Log-Analyse und Auswertung - 14.07.2008 (12)
  5. Kann das mal jemand durchchecken?
    Mülltonne - 01.07.2008 (0)
  6. Bitte durchchecken! WMP spinnt!
    Log-Analyse und Auswertung - 27.10.2007 (2)
  7. Bitte durchchecken
    Mülltonne - 23.10.2007 (0)
  8. HiJackTHis-Log - bitte durchchecken
    Mülltonne - 03.05.2007 (0)
  9. Bitte mal durchchecken!!!
    Mülltonne - 16.10.2006 (1)
  10. Bitte mal durchchecken
    Log-Analyse und Auswertung - 09.10.2006 (8)
  11. Bitte durchchecken
    Log-Analyse und Auswertung - 08.10.2006 (9)
  12. HJT - bitte einmal durchchecken
    Mülltonne - 31.05.2006 (1)
  13. bitte durchchecken
    Log-Analyse und Auswertung - 17.03.2006 (4)
  14. einma durchchecken bitte ~~
    Log-Analyse und Auswertung - 28.06.2005 (1)
  15. Mein Log, bitte durchchecken
    Log-Analyse und Auswertung - 23.11.2004 (12)
  16. Durchchecken Bitte
    Log-Analyse und Auswertung - 11.10.2004 (3)
  17. Datei durchchecken
    Archiv - 12.01.2003 (10)

Zum Thema Kurz durchchecken erbeten - Hallo, ich habe vor ca. 3 Monaten mein W7 Ultimate neu aufgesetzt und komme seitdem nicht auf die Geschwindigkeit von früher. Habe vieles untersucht, aber die Ursache nicht gefunden. Daher - Kurz durchchecken erbeten...
Archiv
Du betrachtest: Kurz durchchecken erbeten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.